WPA2 Enterprise connections don't work

Hi everyone,
Configuration: MacBook Pro 7,1, 2,4GHz, Mac OS X 10.6.5.
Three user accounts (one for me, two for friend's backup), two of them have admin rights. I'm using one of these accounts.
I'm having a strange issue with *WPA2 Enterprise*-based access points, namely, the private one on my university's campus, and the eduroam one. Eduroam is, roughly, a SSID that is available in participating institutions worldwide, and allows connection from personnel registered in any of these institutions without having to ask for a guest access.
On eduroam, one is supposed to select the eduroam SSID in the list of network available, select "Security: WPA2 Enterprise", and type his institutional email address as a username. "Password" should remain blank for now, and in front of the "802.1X", select "Auto". On clicking the "Connect" button for the first time, a "Check certificate" dialog should appear with three buttons, "Display", "Cancel", "Continue", where one would click "Continue". Finally, a "802.1X authentication" dialog would appear, when a user would put his email address as username, and type in his institutional password to log in. Then, the user would be online without further fuss.
On my university network, it's even simpler. One should select it, type in the IT login, then the corresponding password, before being allowed to be online.
On my normal user account, I never get the "Check certificate" dialog for eduroam, an on the uni's network, it never seems to connect. Ultimately, I get the exclamation point over the wireless waves, meaning that the card self-assigned an IP. Then it tries to connect again (the icon is waving), then fails again. No other authentication is affected, and a quick look in the logs doesn't show anything salient.
On the other user account, the connection to either of these SSID works as written, on the first try.
So it's no hardware issue.
I first tried to create a new wireless profile, and recreate the connection. It failed, once again, for both networks.
So to the Genius Bar I went. Since it's a login issue, we deleted the ~/Library/Keychans/login.keychain item, rebooted. Since the issue couldn't be reproduced in store, he advised me to delete the "session" keychain and reboot if the problem persisted. He asked me if the computer crashed while I was logged in anywhere in the past (before 10.6.5), and yes I said, adding that I let AppleJack do the automated repair. He checked with a colleague, on a tech forum, spent 30 min with me, but came back with the dreaded conclusion that, at least in that store, they ended up doing what he named "partial restore" to correct a similar issue, in contrast to "archive and install".
Off to the uni I went, and recreating the connection failed again. In the Access Keychain, I then removed the session keychain, with both the references and files (default is reference only), since they referred to passwords I already knew, rebooted, logged in, and tried to connect, to no avail. The other user account still works.
What else should I try? Ironically enough, I reinstalled OS X more times in two years than I did Windows in eight, and want to avoid the time-consuming step of reinstalling applications, and the very tricky part - ownership issues - of manually importing documents and only selected settings.

I was chasing a similar authentication issue on OS X ≥ 10.5.8 for quite some weeks. My setup does use MS 2008 Server (AD, NPS, Radius) and SonicWall SonicPoint (multi SSID on VLAN).
When I started evaluating the different options, I didn't realize such issues But when it came to the final usage guidelines I had serious issue connecting with Mac OS X to the WPA2 Enterprise Network (BlackBerry and iOS was never an issue)!
I finally did work out, that you can only authenticate once successfully if you use the "Ask to join networks" popup - instead I had to select the network manually from the airport, provide my credentials and select "remember this network"to store the network and it's radius profile! I guess this behavior may have something to do with the credentials stored/reused in/from the keychain for the second login.
Also, I did notice you have to make sure you quit your system preferences each time you expect a change due to newly stored networks or radius profiles!
Hope this may help other users to troubleshoot similar issues!

Similar Messages

  • MAC: Uml290 & vzw access manager, IPSec VPN connections don't work

    So, my vpn connections work if I use my UML290 on windows using verizon access manager
    I am now using the new verizon access manager on my mac, and my VPN connections do NOT work. It tries to connect then immediately stops the attempt at connecting and fails (i can access other websites etc OK, I have connectivity!)
    This is a huge problem for me

    Hello,
    I have been having the same problems. When not connected to VPN, things work fine. When VPN connects, all traffic stops passing, even though there is a successful connection. When I disconnect VPN, all traffic resumes.
    I have gone through this with technical support even to the point of doing a trace during the problem and they confirm that the traffic drops, but do not feel it is a network issue. This problem does not happen with any other network adapter I use (Wi-Fi, T-mobile 4G laptop stick).
    I've put together links of articles I have found online describing this problem and probable cause - which I think is an IP address conflict in the 10.x.x.x space. No resolution has been offered to me. I hope these articles help others or if they are having the same experience they might post here.
    http://delicious.com/stacks/view/SL8rGb - "Verizon LTE problems with VPN using Pantech UML 290" - Link Stack
    If anyone comes across a resolution or knows if there will be an update of any kind to fix this, I would appreciate it, thank you.

  • Ethernet connections don't work

    Ever since a big thunderstorm here the ethernet connection on my Mini has not worked.  The wireless works fine.  The Ethernet gives the message "No IP Address" in the Network Preferences sidebar, and "Unknown Sate: The status of your network connection cannot be determined" under Status.  I've done all the usual fixes: deleted the preference files, reset PRAM, even reinstalled the operating system.  I've tried different wires and tried plugging into different ports on the router.  Ethernet connections work just fine with a number of other macs plugged into the same router. I was sure it must have been a hardward problem, so I bought the Kensington mini usb hub with ethernet.  I installed it, and get the same results with that ethernet adapter. 
    Anyone have any ideas?
    I'm on Snow Leopard 10.6.8.
    Thanks!

    Is this a new AC model?
    How old is the Netgear gigabit switch? Unfortunately gigabit has had a bad bunch of capacitors in their switches and after a couple of years they can also play up.
    Sometimes the ports on the TC seem to not negotiate properly.
    if a port is dead.. definitely take it back.
    I would also buy a new gigabit switch.. as your ethernet problems are a little too continuous after 3 different TC.
    I know it might work fine with other devices. But some things just are not compatible.
    I would use a crossover cable with modem to TC.. and TC to switch. Just because the TC has some question mark over how well it is handling port swapping from normal to crossover automatically. It is old fashioned but has helped a number of people to get the TC working ethernet wise.

  • Parametrized relation connections - don't work when source and target are different

    Hi All,I have next problem:I am using parametrized relation connection firstConnection (user and (encripted)password are taken from parameter file). Here are values from param file: $DBConnection_source=firstConnection$DBConnection_source=firstConnection$ParamUser=svaba$ParamPwd=Dni32iRiH0Yjro1U04+RTC==  This is (source and target are same) working fine for years.
     But now I need two different connection, i.e. source is (existing)   firstConnection and target is secondConnection. On both instances I have  same user 
      (svaba) with same password. I created second parameterized connection with  user = $ParamUser    and password = $ParamPwd     Now, parameters are: $DBConnection_source=firstConnection$DBConnection_source=secondConnection$ParamUser=svaba$ParamPwd=Dni32iRiH0Yjro1U04+RTC== When run workflow, got error: ORA-01005: null password given: logon denied.I triede to change connections by entering values for password (not use parameters for password) got error: ORA-01017:invalid username/password:logon denied.When I am using same (parametrized) connection for source and target (any of these two) everything is fine. That is sign that connections are good. Does someone have any idea about this problem

    Hi All,I have next problem:I am using parametrized relation connection firstConnection (user and (encripted)password are taken from parameter file). Here are values from param file: $DBConnection_source=firstConnection$DBConnection_source=firstConnection$ParamUser=svaba$ParamPwd=Dni32iRiH0Yjro1U04+RTC==  This is (source and target are same) working fine for years.
     But now I need two different connection, i.e. source is (existing)   firstConnection and target is secondConnection. On both instances I have  same user 
      (svaba) with same password. I created second parameterized connection with  user = $ParamUser    and password = $ParamPwd     Now, parameters are: $DBConnection_source=firstConnection$DBConnection_source=secondConnection$ParamUser=svaba$ParamPwd=Dni32iRiH0Yjro1U04+RTC== When run workflow, got error: ORA-01005: null password given: logon denied.I triede to change connections by entering values for password (not use parameters for password) got error: ORA-01017:invalid username/password:logon denied.When I am using same (parametrized) connection for source and target (any of these two) everything is fine. That is sign that connections are good. Does someone have any idea about this problem

  • Compass, Location Services and Some times 3G connectivity don't work

    Hi all,
    Currently I am experiencing problems with the compass and location services.
    The compass does not work at all, it appears to be only ever pointing North at 0 degrees. The location services on the google maps app refuses to locate my position, not matter where I try it (I've tried outside, inside, built up areas, open areas)
    I have tried resetting the compass, but it does nothing, I have tried force quitting, and restarting the iPhone, still nothing, I have also reset all settings, still nothing.
    Has anyone heard of problems like these, or is it probably a faulty unit?
    Cheers.

    What about a full restore using "Set up as new iPhone" has that ben done yet...with the other steps you've already completed this would be the last step to try...also because the Genius Bar will just make you if you haven't yet already before they give a new phone to you...
    resetting network settings may fix the location issue...as well as toggling that setting a few times between on and off...
    the compass is usually only accurate outside for me and I don't use it often due to this fact...

  • Gramin connect don't work with Firefox 5. how can i go back to firefox 4?

    Garmin Communicator Plugin
    Garmin Communicator Plugin Communication with your Garmin GPS just got easier thanks to the Garmin Communicator Plugin — the free Internet browser plugin that sends and retrieves data from Garmin GPS devices.
    The Garmin Communicator Plugin lets you connect your Garmin GPS with your favorite website. Once the plugin is installed, just connect your Garmin GPS device to your computer, and you’re on your way. The Garmin Communicator can send and retrieve data from any supported website.
    http://www8.garmin.com/products/communicator/
    I CANNOT DOWNLOAD THE ABOVE

    Extensions for Firefox, such as the Google Toolbar, include a list of compatible Firefox versions. Currently, the Google Toolbar only goes up to Firefox 4. However, people have tested and it actually works on Firefox 5, so there are two workarounds:
    (1) Edit a file to revise the range of compatible versions
    (2) Install an add-on that lets you ignore the range of compatible versions
    This thread has info on both approaches: [https://support.mozilla.com/en-US/questions/837142 google toolbar does not work with firefox 5.0. why not! | Firefox Support Forum | Firefox Help].
    Any luck?
    Oh, and due to security vulnerabilities, rolling back to Firefox 4.0.1 is not recommended.

  • Adobe Connect DON'T work under Debian 6

    I can't watch a recorded presentation through adobe connect.  I can watch it under windows 7, but not through Debian 6.
    How can I solve this?

    What flash version does it report as having according to http://www.adobe.com/software/flash/about/ and what are the symptoms when opening the meeting recording under Debian? Do you get the same problem on other meeting recordings on other servers, if this is possible to test?

  • WiFi WPA2 enterprise

    I’m encountering problem setting up a wifi wpa2 Enterprise on my Iphone 4s. I set it up using Iphone configuration utility and settings are correct. The problem is that the connection don’t works. I’m sure setting are correct because I set it up the same wifi also on the Airbook with Lion and parameter and certificates used for authentication are exactly the same. Any idea on why on the iphon it don’t work?
    Below some the log file.
    Thanks
    andrea
    Jan 11 16:14:18 Scoia-Aifone Preferences[558] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0xde41320:<VPNBundleController: 0xde41320>): _serviceCount(1), serviceCount(1), toggleInRootMenu(1), RootMenuItem(1)
    Jan 11 16:14:20 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
    Jan 11 16:14:20 Scoia-Aifone timed[679] <Notice>: (Note ) CoreTime: Not setting system time to 01/11/2012 15:14:20 from NTP because time is unchanged
    Jan 11 16:14:20 Scoia-Aifone eapolclient[680] <Notice>: en0 START
    Jan 11 16:14:20 Scoia-Aifone timed[679] <Notice>: (Note ) CoreTime: Not setting time zone to Europe/Rome from Location
    Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA_8021X, key = CIPHER_NONE    , 802.1X .
    Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANJoinManager::handleAssoc(): status = 2, reason = 0, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
    Jan 11 16:14:21 Scoia-Aifone wifid[29] <Error>: WiFi:[347987661.158384]: Processing link event UP
    Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANJoinManager::handleAssoc(): status = 2, reason = 0, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
    Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: [14591.399631250]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
    Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -73, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 1, ssid[ 6] = "WIFI3D"
    Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Up on en0
    Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: en0: BSSID changed to 00:3a:98:7d:ee:30
    Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2843 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
    Jan 11 16:14:22 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
    Jan 11 16:14:24 Scoia-Aifone mDNSResponder[47] <Error>: mDNS_RegisterInterface: Frequent transitions for interface en0 (FE80:0000:0000:0000:F2CB:A1FF:FECB:ED60)
    Jan 11 16:14:26 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:11 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
    Jan 11 16:14:27 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::checkRealTimeTraffic(): set roam parameters: counters Rx:1204 Tx:22
    Jan 11 16:14:28 Scoia-Aifone eapolclient[680] <Notice>: en0 TLS: authentication failed with status 1
    Jan 11 16:14:28 Scoia-Aifone wifid[29] <Error>: WiFi:[347987668.238433]: Network WIFI3D Both autojoin and user join dates are NULL
    Jan 11 16:14:28 Scoia-Aifone wifid[29] <Error>: WiFi:[347987668.246099]: Processing link event DOWN
    Jan 11 16:14:28 Scoia-Aifone eapolclient[680] <Notice>: en0 STOP
    Jan 11 16:14:28 Scoia-Aifone eapolclient[681] <Notice>: en0 START
    Jan 11 16:14:28 Scoia-Aifone Preferences[558] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0xde41320:<VPNBundleController: 0xde41320>): _serviceCount(1), serviceCount(1), toggleInRootMenu(1), RootMenuItem(1)
    Jan 11 16:14:28 Scoia-Aifone wifid[29] <Error>: WiFi:[347987668.683288]: Processing link event UP
    Jan 11 16:14:28 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:18 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::handleDeauth(): status = 0, reason = 23, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::leaveNetworkAsync(): kDeauthdCurrNetwork already set. Skipping call to leaveNetworkASync
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 8, ssid[ 6] = "WIFI3D"
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA_8021X, key = CIPHER_NONE    , 802.1X .
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: [14598.930095541]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 8, ssid[ 6] = "WIFI3D"
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Up on en0
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: en0: BSSID changed to 00:3a:98:7d:ee:30
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2843 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
    Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
    Jan 11 16:14:31 Scoia-Aifone eapolclient[681] <Notice>: en0 TLS: authentication failed with status 1
    Jan 11 16:14:31 Scoia-Aifone wifid[29] <Error>: WiFi:[347987671.532160]: Network WIFI3D Both autojoin and user join dates are NULL
    Jan 11 16:14:31 Scoia-Aifone eapolclient[681] <Notice>: en0 STOP
    Jan 11 16:14:31 Scoia-Aifone wifid[29] <Error>: WiFi:[347987671.542420]: Processing link event DOWN
    Jan 11 16:14:31 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:18 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
    Jan 11 16:14:31 Scoia-Aifone eapolclient[682] <Notice>: en0 START
    Jan 11 16:14:31 Scoia-Aifone Preferences[558] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0xde41320:<VPNBundleController: 0xde41320>): _serviceCount(1), serviceCount(1), toggleInRootMenu(1), RootMenuItem(1)
    Jan 11 16:14:31 Scoia-Aifone wifid[29] <Error>: WiFi:[347987671.974798]: Processing link event UP
    Jan 11 16:14:31 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:21 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::handleDeauth(): status = 0, reason = 23, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::leaveNetworkAsync(): kDeauthdCurrNetwork already set. Skipping call to leaveNetworkASync
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 11, ssid[ 6] = "WIFI3D"
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA_8021X, key = CIPHER_NONE    , 802.1X .
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: [14602.222531083]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 12, ssid[ 6] = "WIFI3D"
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Up on en0
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: en0: BSSID changed to 00:3a:98:7d:ee:30
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2843 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
    Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
    Jan 11 16:14:34 Scoia-Aifone eapolclient[682] <Notice>: en0 TLS: authentication failed with status 1
    Jan 11 16:14:34 Scoia-Aifone wifid[29] <Error>: WiFi:[347987674.708487]: Network WIFI3D Both autojoin and user join dates are NULL
    Jan 11 16:14:34 Scoia-Aifone wifid[29] <Error>: WiFi:[347987674.716635]: Processing link event DOWN
    Jan 11 16:14:34 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:21 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
    Jan 11 16:14:34 Scoia-Aifone eapolclient[682] <Notice>: en0 STOP
    Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::handleDeauth(): status = 0, reason = 23, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
    Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
    Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::leaveNetworkAsync(): kDeauthdCurrNetwork already set. Skipping call to leaveNetworkASync
    Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -76, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 14, ssid[ 6] = "WIFI3D"
    Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
    Jan 11 16:14:37 Scoia-Aifone mDNSResponder[47] <Error>: DeregisterInterface: Frequent transitions for interface en0 (FE80:0000:0000:0000:F2CB:A1FF:FECB:ED60)
    Jan 11 16:14:39 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:24 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2

    I did see those screenshots however that settings screen comes from selecting the Configure button next to the Authentication Method in the User Authentication section under Users.  In each of your screenshots, the RADIUS Server ID number is 1 so I would also ensure that I've configured RADIUS Server ID 1 which can only be configured by going to Users -> RADIUS Servers.
    All that said, I did see that your tests succeeded and I also don't understand the point of having RADIUS settings on the other screens and then having RADIUS ID info.  My thinking is that you would be able to configure RADIUS once in the Users -> RADIUS Servers screen and then select the RADIUS Server ID in all the remaining screens without having to enter the RADIUS info over and over again.  It would also think that you could skip the Users -> RADIUS Server screen and enter the RADIUS information over and over again and it should work...just like you set it up originally.  However, based on past experience of programmatic errors, I would recommend configuring the RADIUS Server ID 1 under Users -> RADIUS Servers if you haven't already...just in case. 
    Shawn Eftink
    CCNA/CCDA
    Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

  • WAP4410N WPA2-Enterprise - reconnect failed

    We have a WAP4410N wireless ap configured for WPA2-Enterprise. Initially everything works. Issue the user the proper certificate and they sign on correctly but once they disconnect and try to reconnect later it get stuck on "Validating Identity". The request never get to RADIUS server (no success/failure log entry, no radius traffic). Once I reboot the access point everyone can connect again but as soon as they disconnect the problem happen again.
    We testing other security settings (WPA-ENT, RADIUS(!), WPA2-Personal etc) and no problems. With older firmware have the same issue.
    Operating system: XP SP3, RADIUS server: IAS. Firmware: 2.0.1.0
    Anyone have any ideas?
    thx
    rokai

    I tried everything without result. Nobody have same problem? The hardware version is WAP4410N-E V01. Is it possible, that v02 units resolve this issue?
    Thanks in advance.

  • Can we still use PEAP-MSCHAPV2 for authenticating to a WPA2-Enterprise network?

    L.S,
    For authenticating to a BYOD wireless network a lot of companies use WPA2-Enterprise connected to a Microsoft IAS/NPS server to authenticate against Active Directory. There seems to be a way to intercept this wireless traffic using a roque accesspoint using the same (company) SSID-name and tools like freeradius-WPE and cloudcracker.
    If the BYOD client doesn't check the certificate provided by the fake radius server, the MSCHAPv2-negotiation can be discovered and the hacker will get the username AND hashed password which can be lookup'd by rainbow tables sites like cloudcracker.
    Is there still a safe way to deploy AD-authentication to BYOD clients?
    Kind Regards,
    Arjen

    I have tested the WPA2-enterprise/PEAP-MSCHAPv2 exploit this week placing a laptop in my car on the company parking lot with a Kali image, using hostap and freeradius-wpe configured with the company SSID. It was very easy to find out the mschapv2 challenge/responses of a number of android/windows phones that there just walking past my car. Also iPhone has a bad WPA2-enterprise implementation (see: http://research.edm.uhasselt.be/~bbonne/docs/robyns14wpa2enterprise.pdf), so bye bye WPA2-enterprise/PEAP-MSCHAPv2.
    Wonder what other (large) companies are using for their BYOD wireless networks! EAP-TLS using certificate sounds like the only feasible option, however, we are afraid that the enrolment of certificates to the BYOD-clients will be a total disaster. I heard stories that some android phones lose their client certificate after a reboot :(

  • MAC OS 10.4.11 connecting to WPA2 Enterprise not permanently working

    Hi,
    I have an issue with the following environment. I will try to simply my wording to help understand the problem.
    Hardware: Macbook Pro 17" Intel Core 2 Duo and Macbook laptops
    Operating System: Both run MAC OS 10.4.11 fully updated (According to Apple Reps, this operating system is no longer supported)
    Airport cards: Both have Airport Extreme cards. The Macbook Pro's card is using Firmware version 1.4.4 ( card type requirement to connect to WPA2 Enterprise network)
    Connection type: Connected via PEAP (Inner Protocol:MSCHAPv2)
    Wireless Access Point (WAP): Cisco Aironet 1142: Macbook connects to WAP to gain access to the Internet.
    Cisco ACS version 5 server (validates macbook username and password entries to Microsoft AD servers.)
    Microsoft Windows Server 2003 with Active Directory (holds user accounts) 
    Other Operating systems MAC OS 10.5 to MAC OS 10.7 (Leopard, Snow Leopard, and Lion make automatic connections.)
    Basically, the process is that the macbook user enters in their email username and password into a WPA2 Enterprise wireless connection. The Cisco 1142 broadcasts the SSID for the user to connect to. Once the wireless connection is made to the Cisco 1142 WAP, the WAP sends the username and password to the ACS server. The ACS server verifies the username and password from the macbook to Microsoft Windows Server AD user accounts. If the password is validated, then the ACS grants access to the wireless Internet to the macbook user.
    The wireless configuration involves the following process:
    1. Click on the desktop, Go should be available now.
    2. Click on Go, then Applications. The Applications window will appear.
    3. Click on Internet Connect.
    4. By default, The 802.1X connection is not available. We will be using the 802.1X connection to enter and save the username and password. Click on File and select "New 802.1X Connection."
    5. A windows should appear. Under Configurations, select Edit Configurations.
    6. An 802.1X windows will appear to enter in the following:
    - Description: name of connection
    - Network port: Airport
    -User Name: domain\username or just username of email account
    -password: password for email account
    -Wireless Network: SSID of Cisco Aironet 1142 Wireless Access Point (WAP)
    -Authentication PEAP configured with outer identity of anonymous. We uncheck TTLS, EAP-FAST, LEAP, and MD5.
    7. Click Ok. Select Connect and it should connect to the SSID if the username and password are valid accounts.
    8. Select File and then "Export 802.1X Configuration to login Window."
    To verify connection:
    1. We go to Apple - System Preferences and select Network.
    2. The Airport should say that it is conected to the SSID. You are connected to the Internet via Airport.
    3. Go a little deeper, we click on configure for the Airport.
    4. Under By default join: select Preferred networks. Under network name, we should see the SSID connection. We select it and click on the edit button.
    5. We verify that the connection has Network Name, Wireless Security, User Name, Password, and 802.1X Configuration entered in correctly. We select Ok after verification or modification. Then we select Apply Now to save any changes.
    ---------------------------------------------------------------The Problems---------------------------------------------------------------------
    1. When shutting down the system and then turning it on. The Airport doesn't make a connecation to the SSID being broadcasted automatically. We would have to turn the airport off and back on for it to make an connection.
    2. When the laptop is left idle or goes to sleep, the wireless connection drops. The user would have to turn the airport off and back on to stay connected.
    Is there a fix for this?
    Thank you to anyone that would take time to read this and provide helpful feedback.

    The "v" key at startup is not Safe Mode. Try holding the Shift key down and restart for Safe Mode. This will disable extensions and help it start. It also checks some things out.
    Can you start it up from your Tiger disc? Hold the C key down at startup until you see the Apple.
    Your hard drive may be going kaput. Hope you have a good backup.

  • Can't create a WPA2-Enterprise wireless connection; missing Microsoft: PEAP

    OS: Windows 7 64-bit Enterprise
    Hardware: Lenovo T410S w/Intel 5300 ABGN Wireless
    If I try to build the wireless connection manually and choose WPA2-Enterprise, then click next, I get 'An unexpected error occurred.' and no options to configure; just close.
    I then tried to create a Preshared Key WPA2 connection. This worked fine. When I go to edit the connection, I have the ability to select the WPA2-Enterprise options, however in the list of Network Authentication methods (under Security Tab), I don't have
    the Microsoft: PEAP or SmartCard options. I only have Cisco: LEAP,PEAP,EAP-FAST and Intel: EAP-SIM,EAP-TTLS,EAP-AKA (6 entries).
    It's my theory that because the Microsoft options are missing, the wizard gets the unexpected error. I'm wondering how I get the MS ones back.

    Hi,
    Thanks for posting in Microsoft TechNet forums.
    Do you have Symantec installed? It is said the issue could be due to conflict with Symantec Endpoint Protection. Please uninstall\reinstall Symantec
    if it is there.
    Best Regards
    Magon Liu
    TechNet Subscriber Support
    in forum. If you have any feedback on our support, please contact
    [email protected]
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

  • IOS 5 can't connect to WPA/WPA2 Enterprise Wireless Network

    After upgrading multiple iPhone 4 (CDMA versions) to IOS 5.0, I have not been able to get them to connect to our WPA/WPA2 Enterprise wirless network.  We use a Cisco Wireless LAN Controller.  The wireless network is capable of doing WPA or WPA2 Enterprise with PEAP.  These phones all connected to this network fine before the upgrade.
    When connecteding to the network, it prompts me for the username and password and when I tap join it sits for about 10-15 seconds then says "Unable to join the network" with a Dismiss button.
    It connects to non-Enterprise networks just fine.  I have tested it on WPA Personal and WPA2 Personal networks and it has worked on several without issue.
    I have tried "forget this network" with no success.
    Is anyone else having this problem?  I know of at least three Verizon iPhone 4's that have this exact same problem.  I haven't seen one working with this configuration yet.

    I have the same problem:
    Cisco WLC's -> WPA2 Enterprise AES + EAP-PEAP 802.1x with CCKM
    Pre 5.0 - all worked fine
    Post 5.0 - it tries to connect and after few moments i get error - couldn't connect.
    Info from controller:
    10/17/2011 12:16:37 CEST           INFO           172.16.16.X           Sending EAP request to client from radius server. 6.f. ..l
    10/17/2011 12:16:38 CEST           ERROR           172.16.16.X           Retransmitting EAP-ID request to client,retransmission timer expired. 5.y. ..l
    10/17/2011 12:16:39 CEST           ERROR           172.16.16.X           Retransmitting EAP-ID request to client,retransmission timer expired. 5.y. ..l
    10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           Authentication failed for client as EAP ID request from AP reached maxmium retransmissions. 5.yp ..l
    10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           De-authentication sent to client. 5.oP ..l
    10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           5.yp ..l
    10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           EAPOL-key is invalid, scheduling client for deletion. 5.yp ..l
    On the Radius server i don't see any activity regarding this device.
    I had this network configured on my iPhone - after upgrade and restore it remembered it. Every time i was in vicinity of my Enterprise WLAN it tried to connect - resulting int express battery drain - 6-7 hrs and battery was empty from 100%

  • Cannot connect to WIFI with WPA2 enterprise security

    I'm currently trying to switch my Wifi from WPA2 Personal to WPA2 Enterprise using a dd-wrt flashed TP-Link router and a Synology Diskstation as the RADIUS server. The diskstation also creates the CA certificate which I can download from there for all client devices.
    Configuration on the side of the router appears to be fine, I've entered all the details for RADIUS authentication and left "WPA Algorithms" at its default setting "TKIP", other options being ("AES" and "TKIP+AES"). I said it appears to be fine because my Android phone connection is established succesfully using the following (default) parameters:
    EAP method: PEAP
    Phase 2 Auth: NONE (also works with MSCHAPV2, and probably other options)
    CA cert: unspecified (didn't download it to smartphone, must be fetched automatically from router I guess)
    User cert: unspecified
    Identity: myDiskstationUsername
    Anonymous Identity: (blank)
    Password: myDiskstationPassword
    So far, so good... I still cannot manage to get a connection from my laptop running Arch. Prefered method would be via "wicd". The best match seems to be the following configuration profile:
    name = PEAP with TKIP/MSCHAPV2
    author = Fralaltro
    version = 1
    require identity *Identity password *Password
    optional ca_cert *Path_to_CA_Cert
    protected password *Password
    ctrl_interface=/var/run/wpa_supplicant
    network={
    ssid="$_ESSID"
    scan_ssid=$_SCAN
    proto=WPA
    key_mgmt=WPA-EAP
    pairwise=TKIP
    group=TKIP
    eap=PEAP
    identity="$_IDENTITY"
    password="$_PASSWORD"
    ca_cert="$_CA_CERT"
    phase1="peaplabel=0"
    phase2="auth=MSCHAPV2"
    But it's not working, both with and without specifing the optional path to the CA certificate. Any ideas what I could've been missing or any clues for debugging?
    Last edited by saciel (2013-11-07 09:55:16)

    Why don't you use netctl?
    I'm using netctl to connect to my FreeRadius Server, and I use this config...
    Description='A wireless connection using a custom network block configuration'
    Interface=wlp0s29f7u3
    Connection=wireless
    Security=wpa-configsection
    IP=static
    Address='192.168.1.200/24'
    Gateway='192.168.1.1'
    DNS=('192.168.1.1')
    WPAConfigSection=(
    'ssid="SSID"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'phase2="auth=MSCHAPV2"'
    'group=CCMP'
    'pairwise=CCMP'
    'identity="user"'
    'password="password"'
    'priority=1'

  • Connecting to WPA/WPA2 Enterprise Network

    I am trying to configure an Apple TV to connect to our corporate network. I have a service account in AD that I am using in the profile, have pointed to our cert and trusted it in the profile, selected WPA/WPA2 Enterprise, and selected PEAP as the 802.1X authentication. I have done this after going over the settings with our network security engineer. Everything looks correct. After installing the profile and connecting it to the TV, I can only get a 169.X.X.X address (should be our private WiFi network of 10.9.X.X. Has anyone successfuly done this?

    This is a user to user help forum only so no one here knows what Apple is working on.
    http://www.apple.com/feedback/iphone.html

Maybe you are looking for

  • Error while Executing reports in Portal

    Hello All, We are facing the following Error message while running reports in Portal. We have recently updated the EP Patch to 17..  since then we are facing the issue. 500 Internal Server Error   BEx Web Application Failed to process request; contac

  • After upgrade resin no longer works with Apache!BIG ISSUE

    Hi Af! After the huge update - i ran into some big issue's !!! Normaly i have apache,php and resin running. but now with the "new" apache - it can no longer accept resin's mod_caucho.so? Running apachectl -t gives an error: configerror at line 428  -

  • Find the clip name? Premiere SDK

    I might be over thinking this or just plain dumb, but can someone tell me how to grab the clip name from a segment? I feel like there would be some code somewhere if the FCP xml exporter has the names of the clips. Any pointers or help would be appre

  • Auto Submit in Tabular form

    I have a tabular form in which I want a select list to auto submit. I have tried using OnChange but can't seem to get it to work. What would I need to change on this select list to get it to auto submit the tabular form for me? Thanks! Edited to add

  • Fluid layout question.

    I am working on a flash site with many scenes with movie clips, different clips but same size and same position. I just set up the layout using fluid with this function sizeListener.onResize = function() { centered._x = Stage.width/2 centered._y = St