WPA/WPA2 Enterprise Support -  Please Apple PLEASE!

Similar Messages

• HT4718 would i be able to use the lion internet recovery since my college uses WPA/WPA2 Enterprise wifi?

  would i be able to use the lion internet recovery since my college uses WPA/WPA2 Enterprise wifi? Im confused becasue this exact one is not listed under apples page about os x recovery.

  Probably not.  You'd need to go somewhere that Internet isn't on a locked-down wireless network.
  See this for specifics.  "It depends."
  http://support.apple.com/kb/HT4718

• Connecting to WPA/WPA2-Enterprised network

  hi all,
  i just came to mcgill and was trying to connect to the school network. But it kept saying something like 'authorization failed'. School website has only instructions for BlackBerrys:
  "Select wpa.mcgill.ca * (WPA/WPA2-Enterprise). Fill in the following fields:
  Name: wpa.mcgill.ca *
  SSID: wpa.mcgill.ca *
  Security Type: PEAP
  User Name: McGill Username
  User password: McGill Password
  CA Certificate: Thawte Premium Server CA
  Inner Link Security: EAP-MS-CHAP V2
  Token: None Selected
  Server subject: blank
  Server San: blank                                                                         "
  Help plz
  Solved!
  Go to Solution.

  idecline wrote:
  hi all,
  i just came to mcgill and was trying to connect to the school network. But it kept saying something like 'authorization failed'. School website has only instructions for BlackBerrys:
  "Select wpa.mcgill.ca * (WPA/WPA2-Enterprise). Fill in the following fields:
  Name: wpa.mcgill.ca *
  SSID: wpa.mcgill.ca *
  Security Type: PEAP
  User Name: McGill Username
  User password: McGill Password
  CA Certificate: Thawte Premium Server CA
  Inner Link Security: EAP-MS-CHAP V2
  Token: None Selected
  Server subject: blank
  Server San: blank                                                                         "
  Help plz
  Try configuring your N97 with these instructions:
  Since your WLAN network seems to require more advanced PEAP authentication settings you should probably create / edit appriate WLAN connection profile, known as (Internet) Access Point, manually in a following manner:
  1. Go to Tools -> Settings -> Connection -> Network Destinations
  2. Check if your earlier failed attempt to connect has already created an non-funtional IAP named as your WLAN network SSID (look for a entry named wpa.mcgill.ca) under "Internet" destination.
  3. If you can see existing IAP named as your WLAN SSID then you can Edit that one with necessary changes. (skip to 7.)
  4. If you don't see any existing IAPs that are named like your WLAN network then go to the desired "Destination" (e.g. Internet) and select Options -> Add Connection Method.
  5. Assuming you are in the coverage area of your WLAN network you can let phone "Automatically check for connection methods" (i.e. phone scans available WLAN networks) and you should be able to select the correct WLAN network name (wpa.mcgill.ca) from the list. Once you have selected the WLAN network your "Internet" Destination should now have been added with a new Access Point (IAP) that is named "wpa.mcgill.ca". Note that at this point the particular connection method is still incorrectly configured for your purposes (since by defaul it has EAP-SIM & EAP-AKA authentication methods enabled).
  6. Now you should manually Edit your newly created wpa.mcgill.ca Internet Access Point with necessary PEAP settings.
  7. Configure following WLAN and authentication settings:
    "Connection name" defaults to name of your WLAN network (wpa.mcgill.ca) but you can also change this if you wish
  - "Data Bearer" naturally needs to be "Wireless LAN"
  - "WLAN network name" should match your WLAN network's name (SSID) exactly (wpa.mcgill.ca)
  - "Network status": Public
  - "WLAN network mode": Infrastructure
  - "WLAN Security mode": WPA/WPA2
   => Go to "WLAN security settings"
  - Ensure that "WPA/WPA2 mode is set to "EAP"
  - Leave "WPA-2 Only mode" to "OFF" unless you are absolutely sure that your WLAN network is configured to stricly pure WPA2 mode (i.e. network might be configured to support both WPA and WPA2 security thus enabling WPA-2 Only mode on the phone will cause all your connection attempts to fail).
   => Go to "EAP plug-in configuration"
  - Enable "EAP-PEAP" and make sure that "EAP-SIM" and "EAP-AKA" are disabled (via Options -> Disable)
   => Select "Configure" for EAP-PEAP authentication method
   - Leave "Personal Certificate" to "Not defined"
  - Select "Thawte Premium Server CA" to be used as an "Authority certificate"
  - Set "User name in use" to "User defined" (since there is no Personal Certificate where it could be read automatically)
  - Enter your username (McGill Username) to "Username" field
  - Set "Realm in use" to "User defined" and leave following "Realm" field empty.
  - Note that in case your username (McGill Username) contains the realm (i.e. format is username@realm ) then you can enter realm part of your ID to "Realm" field and enter only the username part to the "Username" field.
  - Configure "Allow PEAPv0" to Yes
  - Configure both "Allow PEAPv1" and "Allow PEAPv2" to "No"
  => Go to "EAP's" tab to configure inner authentication method for the PEAP (use the small arrow pointing right on top of the screen to move between tabs)
  - Enable "EAP-MSCHAPv2" authentication method and Disable all other methods (Option -> Enable / Disable)
  - Select "Edit" for the EAP-MSCHAPv2
  - Enter you username (McGill Username) to "User name" field
  - Configure "Prompt password" to No or Yes depending on whether you want your password to be prompted everytime you make an connection or if you prefer saving your password to following "Password" field permanenly so that it won't be prompted during everytime you connect to this WLAN network with PEAP/EAP-MSCHAPv2 authentication.
  - If you you selected "No" to password prompting then enter your password (McGill Password) to "Password" field.
  => Exit the configuration with "Back" (several times) and you should hopefully be able to connect with this setup.
  If needed you can also change the priority order of the connection methods (IAP's) within the Internet Destination since your new connection most likely ended up being lowest priority WLAN connection within your Internet destination. This should however not be a problem unless you have some other WLAN networks defined as an IAP and these other WLAN networks are simultaneously available at the location of the wpa.mcgill.ca WLAN network.
  Hope this helps you to get connected!!
  Message Edited by saataja on 17-Sep-2009 05:16 PM

• Free RADIUS/802.1X Service for WPA/WPA2-Enterprise

  Hi, just wanted to let everyone know that I recently started offering a Free Edition of our AuthenticateMyWiFi service, a hosted RADIUS/AAA service offering 802.1X authentication for use with WPA/WPA2-Enterprise encryption.
  The Free Edition features 1 user account, supports 1 AP, and includes: PEAP authentication for wireless and wired connections, web-based control panel, and activity logging.
  This is great for IT professionals wanting to experiment with 802.1X or to get enterprise Wi-Fi security in homes and small offices.
  For more info visit our site:
  http://www.nowiressecurity.com/service.htm
  - Eric Geier

  I recommend contacting Linksys support on the phone and ask them which model router has Radius or Enterprise WPA features. Some home class routers may not have this. Ask and see what is available. 

• Administrative credentials when adding a WEP/WPA/WPA2 Enterprise wifi profile?

  Hello,
  Why do users need to provide administrative credentials when they install a configuration profile containing installation of a WEP Enterprise or WPA/WPA2 Enterprise Wifi-profile? This is not the case when installing a Wifi-profile usning standad WEP, WPA or WPA2.
  Is this a bug? It confuses users with user profiles when they need to confirm the installation with administrative credentials.

  I don't know the answer to your question. Maybe you can find something here:
  http://training.apple.com/pdf/WP_8021X_Authentication.pdf

• Wifi w/WPA/WPA2 Enterprise

  I have a strange issue. We are trying to connect iPhones to the corporate wifi network. This uses WPA/WPA2 Enterprise encryption with EAP-FAST authentication. I have created a Wifi Configuration Profile using the iPhone Config Utility v3.3. All settings look correct.
  I install this config profile to an iPhone 4 and it cannot connect.
  I install this same config profile to iPod Touch 2G and it does not connect.
  I install this same config to iPad2 and it works perfectly fine. Connects every time no problem.
  Apparently there is some difference in how the devices handle wifi security?!?
  Does anyone have any insight into this?

  Is the wireless network an "n" network?
  If so, the iPhone 4 supports 802.11b/g/n Wi-Fi (802.11n 2.4GHz only).
  No such 2.4GHz only requirement for an "n" network with the iPad.

• Connecting to WPA/WPA2 Enterprise Network

  I am trying to configure an Apple TV to connect to our corporate network. I have a service account in AD that I am using in the profile, have pointed to our cert and trusted it in the profile, selected WPA/WPA2 Enterprise, and selected PEAP as the 802.1X authentication. I have done this after going over the settings with our network security engineer. Everything looks correct. After installing the profile and connecting it to the TV, I can only get a 169.X.X.X address (should be our private WiFi network of 10.9.X.X. Has anyone successfuly done this?

  This is a user to user help forum only so no one here knows what Apple is working on.
  http://www.apple.com/feedback/iphone.html

• IOS 5 can't connect to WPA/WPA2 Enterprise Wireless Network

  After upgrading multiple iPhone 4 (CDMA versions) to IOS 5.0, I have not been able to get them to connect to our WPA/WPA2 Enterprise wirless network.  We use a Cisco Wireless LAN Controller.  The wireless network is capable of doing WPA or WPA2 Enterprise with PEAP.  These phones all connected to this network fine before the upgrade.
  When connecteding to the network, it prompts me for the username and password and when I tap join it sits for about 10-15 seconds then says "Unable to join the network" with a Dismiss button.
  It connects to non-Enterprise networks just fine.  I have tested it on WPA Personal and WPA2 Personal networks and it has worked on several without issue.
  I have tried "forget this network" with no success.
  Is anyone else having this problem?  I know of at least three Verizon iPhone 4's that have this exact same problem.  I haven't seen one working with this configuration yet.

  I have the same problem:
  Cisco WLC's -> WPA2 Enterprise AES + EAP-PEAP 802.1x with CCKM
  Pre 5.0 - all worked fine
  Post 5.0 - it tries to connect and after few moments i get error - couldn't connect.
  Info from controller:
  10/17/2011 12:16:37 CEST           INFO           172.16.16.X           Sending EAP request to client from radius server. 6.f. ..l
  10/17/2011 12:16:38 CEST           ERROR           172.16.16.X           Retransmitting EAP-ID request to client,retransmission timer expired. 5.y. ..l
  10/17/2011 12:16:39 CEST           ERROR           172.16.16.X           Retransmitting EAP-ID request to client,retransmission timer expired. 5.y. ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           Authentication failed for client as EAP ID request from AP reached maxmium retransmissions. 5.yp ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           De-authentication sent to client. 5.oP ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           5.yp ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           EAPOL-key is invalid, scheduling client for deletion. 5.yp ..l
  On the Radius server i don't see any activity regarding this device.
  I had this network configured on my iPhone - after upgrade and restore it remembered it. Every time i was in vicinity of my Enterprise WLAN it tried to connect - resulting int express battery drain - 6-7 hrs and battery was empty from 100%

• Enterprise Request to Apple -- Please release an Enterprise Grade SDK

  To whom may read this...
  Apple, please release an enterprise grade SDK that allows IT to secure and management the iPhone in the same manager that other mobile devices in the corporate world are being done. We have a duty to our business to maintain the same level of control, management, and security across mobile devices.
  Here is what the iPhone SDK needs:
  * Ability to run background processes
  * Ability to change device settings and modify data that is outside of the application sandbox model
  * Ability to force a download and installation of an application (such as anti-virus)
  * API's into device wipe function and system functions such as application start/stop, device lock/unlock
  * API's for initiating device wipe, intercepting attempts to start/stop other applications, and control over device lock/unlock.
  Making these available will help IT allow the iPhone to become adopted with the corporate world. Until then, the iPhone will remain a consumer device.
  Best regards

  http://www.apple.com/feedback/iphone.html

• Unable to Connect to WPA/WPA2-Enterprised network

  I work for a private company, and we have a WPA-Enterprised network. Company provide following settings for Blackberry users.
  Name : IxWLANP
  SSID: IxWLANP
  Band Type: 802.11 b/g
  User Name :
  Password:
  CA Certificate: None Selected
  Interlink Security : EAP-MS-CHAPV2
  Token: None
  Select Disable Server Certificate.
  What I have configured for my Nokia E72 is as follows:
  Connection Name: IxWLANP
  Data Bearer: Wireless LAN
  WLAN Network Name :IxWLANP
  Network Status: Public
  WLAN Network Mode: Infrastructure
  WLAN Security Mode : WPA/WPA2
  Under WLAN Security Settings
  WPA/WPA2: EAP
  Under Plug-in settings:
  EAP-PEAP only selected
  Under EAP-PEAP edit mode:
  Personal Certificate: Not defined
  Authority Certificate: Not Defined
  User Name In US: User Defined
  User Name: ******* (My User Name)
  Realm In Use: User Defined
  Realm: Blank
  TLS Privacy: OFF
  Allow PEAPv0 : yes
  Allow PEAPv1 :No
  Allow PEAPv2 : No
  Under EAPs: EAP-MSCHAPv2 Selected
  User Name: (My USer name)
  Prompt password: No
  Password : (My Password.)
  No change in ciphering
  WPA2 only modeff
  This is all I have done.
  Network is showing as known network. But If I am trying to connect to any web page its saying EAP-PEAP authentication Failed.
  Blackberry/ Samsung/ Apple works fine. This problem is only with nokia. Please reply urgently.
  Please help.

  I have also a problem to connect my E72 to my company network.
  The settings are:
  Network Authentication: WPA2
  Data Encryption: AES
  Authentication Type: Protected EAP (PEAP)
  Authentication Protocol EAP-MSCHAPV2
  HAve someone of you an idea or what I have to do that it works?
  Please help. Thank you.
  Argisch

• Tip on using US Robotics Modem (WPA/WPA2 not supported)

  Dear all,
  As I can see from the discussions many of us have gone through the pain of installing Time Capsule wishing we had instead bought a good hard disk.
  I have a US Robotics MaxG which serves as a router and I plan to put the time machine in a different room away as well from my MacBook Pro. I mean after all that is the point of wireless (not havig to connect the time capsule to the US Robotics modem).
  Unfortunately, I managed to isolate a problem and found a workaround to it. It seems that Time Capsule does not like WPA2/WPA passwords.
  So what you need to do is to use instead WPA2 encryption with TKIP and AES selected.
  Thanks and good luck,
  Sergio

  Dear jdimstrnate,
  Based on your description both the AUX port and the modem are not configured correctly. You can find detailed instructions for this setup in the following link from Cisco:
  http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080094bbc.shtml
  In summary, the AUX port needs to be set at a speed of 115200 and the modem must be configured with AT&F1S0=1&W.
  If you need further assistance please feel free to contact our technical support line, 1-888-216-2850. Our hours of operation are Monday through Friday, 9 AM to 5 PM CST. You can also contact us by email using our online email form from the following link:
  http://www.usr.com/support/s-online_EmailTechie.asp
  I hope this helps.

• WPA2 Enterprise Support Required

  Hello
  I have iPod Touch 4G , running iOs 4.1 and I want it to connect to my company WIFI
  and have installed 2 cerficates for the connection and i can see them under profile, the SSID of the network is hidden when I add it manually by choosing Other option under WIFI settngs however i m not able to connect to the network , gets error "Could not connect to the network SSID"

  the security type is WPA2 Enteprise, I did some research on it , downloaded IPCU ,and configured the WI-FI profile, the SSID is hidden now I have instaled the profiles witht he certificates to my iPod , I can see the SSID and the cerificates under Profiles,
  I would like you to put spotlight on the Enterprise deployment part of IPCU ,IF I have configured the network in IPCU and installed it to my device, do I again have to go to WI-FI and add the network by choosing OTHER otpion ??
  or the SSID should automatically appear under WIFI for me to tap and connect to the network??

• Airport Express running 7.3.1 is missing WPA/WPA2 Enterprise option

  Hello.
  I own a Airport Extreme Base station running 7.3.1 I am trying to access it using a 17inch Macbook pro and Airport Utility 5.3.1
  According to the documentation there should be a way for me to setup a Radius server, is there an advanced setting I need to enable?
  Thank you

  Hmm, it seems that there is a bullet in the kbase that mentions devices which do not support 7.4.2 firmware, may still be able to play without that as a minimum.
  G is slow, so that only compounds our problem. It could be age as well, however..... do you have an iPad or iPhone? I'd like to try to airplay from something else and see if THAT actually works.

• When to use WPA/WPA2 Enterprise

  What are the advantages of the different settings in setup on my AirPort Extreme ?

  The "Enterprise" wireless security settings are intended to be used in a commercial environment where the use of an authentication server is employed. This is not typical for home use.

• Please, Apple, Please...

  ...make Spotlight optional.
  Just put a "use Find File instead of Spotlight" checkbox in the Spotlight control panel.
  It would make everybody happy.
  Matt
  PowerBook G4 15"/1.3GHz   Mac OS X (10.3.9)   Downgraded from 10.4 to avoid Spotlight

  <Now imagine that you're a writer for a newspaper, magazine or something. Or an editor. Someone who keeps thousands of documents on their computer for reference. Can you imagine how long it would take you to find a quote, phrase or something similar without indexing if you didn't already know where the article was? Indexing records everything, including file content. You could instantly find any passage or phrase. Spotlight would then, of course, show you exactly which file it found your search phrase in. Such a person wouldn't be without it.>
  I happen to be such a person, with thousands of old text files (and many other types of files, mostly images in various formats). I need to find files really fast, and I do so maybe 100 -150 times every day. In fact, finding files is the most important basic task I expect my computer to do. The old FindFile is much, much faster than constantly navigating through directories just to find a file - a hundred or more times every day. I would go completely nuts doing that. Tiger forces me to do it that way, which is why I ditched Tiger and went back to Panther - I have serious work to do and I want an OS that works with me - not an OS that I have to work with. FindFile is absolutely essential for this way of working, which I imagine I share with many others.
  Occasionally I need to find text within a file - maybe twice a year. I use EasyFind for that, because it's reliable.
  Even if Spotlight's indexing system was reliable - it still wouldn't be the way I need my OS to find files. But it isn't reliable at all, and every day in these forums there are new posts flagging up ever-new instances of this. See, for example, this thread:
  http://discussions.apple.com/thread.jspa?forumID=757&threadID=460120