WPA2 - Enterprise

Similar Messages

• Creating a Configurator profile for ATV on WPA2 Enterprise?

  Alright, so I have a couple of Apple TVs (latest version) which I want to get up and running on our wireless network here at work. We have a WPA/WPA2 Enterprise network. Our access point is simply an Airport Extreme and the RADIUS server is running on OS X Server 10.6.
  I understand that I have to load the Apple TV with a profile to get it to connect to the wireless network but I can't for the life of me figure out what the correct settings are for my network. I'd ask our IT department but the problem is that I am the IT department.
  When I try to connect using the profiles I've created I get the error "There was a problem connecting to the network. Check your settings and try again. (-369033215).
  The first issue (I believe) is that I might not be choosing the right EAP types. In configurator I can choose TLS. TTLS, LEAP, PEAP, EAP-FAST, EAP-SIM, or EAP-AKA. I have no idea which one I should be choosing or how to figure out which types my network supports. Also some of them want me to enter an outer identity which again, I have no idea what to put there.
  The second issue may be the trusted certificates - I may not have the correct one(s). When I check the RADIUS server settings, it shows that I'm using a self-signed certificate that I generated quite a while ago (we don't have any actual certs, just self-signed ones - small office, not my area of expertise so I didn't want to waste company money without knowing what I was doing). So, what I did was I opened up Keychain Access, found that certificate, exported it, and imported it into Configurator. I imported it into Trusted Certificates but I didn't put anything in for Trusted Server Certificate Names - should I put anything in there?
  Any help is appreciated.

  Ok that part I put above would go in your SQL, not in the report properties - you also want to replace p.product_image with whatever your BLOB column is, and p.product_id with your employee_id column.
  The apex_util.get_blob_file_src basically does the same thing that you were doing but should be a little simpler to manage.
  http://download.oracle.com/docs/cd/E14373_01/apirefs.32/e13369/apex_util.htm#CHDICGDA
  So:
  1) Edit your sql and try using this function instead of just calling the BLOB column.
  2) Edit the column properties and put #PHOTO# as the link, and #EMPLOYEE_ID# (or whatever your primary key is called) as the Value.
  3) If that long string is still in the number/character format field, clear it out.
  4) If that still doesn't work, install the demo application that comes with Apex and look at Page 3. That is all I did.

• Can't create a WPA2-Enterprise wireless connection; missing Microsoft: PEAP

  OS: Windows 7 64-bit Enterprise
  Hardware: Lenovo T410S w/Intel 5300 ABGN Wireless
  If I try to build the wireless connection manually and choose WPA2-Enterprise, then click next, I get 'An unexpected error occurred.' and no options to configure; just close.
  I then tried to create a Preshared Key WPA2 connection. This worked fine. When I go to edit the connection, I have the ability to select the WPA2-Enterprise options, however in the list of Network Authentication methods (under Security Tab), I don't have
  the Microsoft: PEAP or SmartCard options. I only have Cisco: LEAP,PEAP,EAP-FAST and Intel: EAP-SIM,EAP-TTLS,EAP-AKA (6 entries).
  It's my theory that because the Microsoft options are missing, the wizard gets the unexpected error. I'm wondering how I get the MS ones back.

  Hi,
  Thanks for posting in Microsoft TechNet forums.
  Do you have Symantec installed? It is said the issue could be due to conflict with Symantec Endpoint Protection. Please uninstall\reinstall Symantec
  if it is there.
  Best Regards
  Magon Liu
  TechNet Subscriber Support
  in forum. If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• MAC OS 10.4.11 connecting to WPA2 Enterprise not permanently working

  Hi,
  I have an issue with the following environment. I will try to simply my wording to help understand the problem.
  Hardware: Macbook Pro 17" Intel Core 2 Duo and Macbook laptops
  Operating System: Both run MAC OS 10.4.11 fully updated (According to Apple Reps, this operating system is no longer supported)
  Airport cards: Both have Airport Extreme cards. The Macbook Pro's card is using Firmware version 1.4.4 ( card type requirement to connect to WPA2 Enterprise network)
  Connection type: Connected via PEAP (Inner Protocol:MSCHAPv2)
  Wireless Access Point (WAP): Cisco Aironet 1142: Macbook connects to WAP to gain access to the Internet.
  Cisco ACS version 5 server (validates macbook username and password entries to Microsoft AD servers.)
  Microsoft Windows Server 2003 with Active Directory (holds user accounts) 
  Other Operating systems MAC OS 10.5 to MAC OS 10.7 (Leopard, Snow Leopard, and Lion make automatic connections.)
  Basically, the process is that the macbook user enters in their email username and password into a WPA2 Enterprise wireless connection. The Cisco 1142 broadcasts the SSID for the user to connect to. Once the wireless connection is made to the Cisco 1142 WAP, the WAP sends the username and password to the ACS server. The ACS server verifies the username and password from the macbook to Microsoft Windows Server AD user accounts. If the password is validated, then the ACS grants access to the wireless Internet to the macbook user.
  The wireless configuration involves the following process:
  1. Click on the desktop, Go should be available now.
  2. Click on Go, then Applications. The Applications window will appear.
  3. Click on Internet Connect.
  4. By default, The 802.1X connection is not available. We will be using the 802.1X connection to enter and save the username and password. Click on File and select "New 802.1X Connection."
  5. A windows should appear. Under Configurations, select Edit Configurations.
  6. An 802.1X windows will appear to enter in the following:
  - Description: name of connection
  - Network port: Airport
  -User Name: domain\username or just username of email account
  -password: password for email account
  -Wireless Network: SSID of Cisco Aironet 1142 Wireless Access Point (WAP)
  -Authentication PEAP configured with outer identity of anonymous. We uncheck TTLS, EAP-FAST, LEAP, and MD5.
  7. Click Ok. Select Connect and it should connect to the SSID if the username and password are valid accounts.
  8. Select File and then "Export 802.1X Configuration to login Window."
  To verify connection:
  1. We go to Apple - System Preferences and select Network.
  2. The Airport should say that it is conected to the SSID. You are connected to the Internet via Airport.
  3. Go a little deeper, we click on configure for the Airport.
  4. Under By default join: select Preferred networks. Under network name, we should see the SSID connection. We select it and click on the edit button.
  5. We verify that the connection has Network Name, Wireless Security, User Name, Password, and 802.1X Configuration entered in correctly. We select Ok after verification or modification. Then we select Apply Now to save any changes.
  ---------------------------------------------------------------The Problems---------------------------------------------------------------------
  1. When shutting down the system and then turning it on. The Airport doesn't make a connecation to the SSID being broadcasted automatically. We would have to turn the airport off and back on for it to make an connection.
  2. When the laptop is left idle or goes to sleep, the wireless connection drops. The user would have to turn the airport off and back on to stay connected.
  Is there a fix for this?
  Thank you to anyone that would take time to read this and provide helpful feedback.

  The "v" key at startup is not Safe Mode. Try holding the Shift key down and restart for Safe Mode. This will disable extensions and help it start. It also checks some things out.
  Can you start it up from your Tiger disc? Hold the C key down at startup until you see the Apple.
  Your hard drive may be going kaput. Hope you have a good backup.

• Connecting to WPA/WPA2-Enterprised network

  hi all,
  i just came to mcgill and was trying to connect to the school network. But it kept saying something like 'authorization failed'. School website has only instructions for BlackBerrys:
  "Select wpa.mcgill.ca * (WPA/WPA2-Enterprise). Fill in the following fields:
  Name: wpa.mcgill.ca *
  SSID: wpa.mcgill.ca *
  Security Type: PEAP
  User Name: McGill Username
  User password: McGill Password
  CA Certificate: Thawte Premium Server CA
  Inner Link Security: EAP-MS-CHAP V2
  Token: None Selected
  Server subject: blank
  Server San: blank                                                                         "
  Help plz
  Solved!
  Go to Solution.

  idecline wrote:
  hi all,
  i just came to mcgill and was trying to connect to the school network. But it kept saying something like 'authorization failed'. School website has only instructions for BlackBerrys:
  "Select wpa.mcgill.ca * (WPA/WPA2-Enterprise). Fill in the following fields:
  Name: wpa.mcgill.ca *
  SSID: wpa.mcgill.ca *
  Security Type: PEAP
  User Name: McGill Username
  User password: McGill Password
  CA Certificate: Thawte Premium Server CA
  Inner Link Security: EAP-MS-CHAP V2
  Token: None Selected
  Server subject: blank
  Server San: blank                                                                         "
  Help plz
  Try configuring your N97 with these instructions:
  Since your WLAN network seems to require more advanced PEAP authentication settings you should probably create / edit appriate WLAN connection profile, known as (Internet) Access Point, manually in a following manner:
  1. Go to Tools -> Settings -> Connection -> Network Destinations
  2. Check if your earlier failed attempt to connect has already created an non-funtional IAP named as your WLAN network SSID (look for a entry named wpa.mcgill.ca) under "Internet" destination.
  3. If you can see existing IAP named as your WLAN SSID then you can Edit that one with necessary changes. (skip to 7.)
  4. If you don't see any existing IAPs that are named like your WLAN network then go to the desired "Destination" (e.g. Internet) and select Options -> Add Connection Method.
  5. Assuming you are in the coverage area of your WLAN network you can let phone "Automatically check for connection methods" (i.e. phone scans available WLAN networks) and you should be able to select the correct WLAN network name (wpa.mcgill.ca) from the list. Once you have selected the WLAN network your "Internet" Destination should now have been added with a new Access Point (IAP) that is named "wpa.mcgill.ca". Note that at this point the particular connection method is still incorrectly configured for your purposes (since by defaul it has EAP-SIM & EAP-AKA authentication methods enabled).
  6. Now you should manually Edit your newly created wpa.mcgill.ca Internet Access Point with necessary PEAP settings.
  7. Configure following WLAN and authentication settings:
    "Connection name" defaults to name of your WLAN network (wpa.mcgill.ca) but you can also change this if you wish
  - "Data Bearer" naturally needs to be "Wireless LAN"
  - "WLAN network name" should match your WLAN network's name (SSID) exactly (wpa.mcgill.ca)
  - "Network status": Public
  - "WLAN network mode": Infrastructure
  - "WLAN Security mode": WPA/WPA2
   => Go to "WLAN security settings"
  - Ensure that "WPA/WPA2 mode is set to "EAP"
  - Leave "WPA-2 Only mode" to "OFF" unless you are absolutely sure that your WLAN network is configured to stricly pure WPA2 mode (i.e. network might be configured to support both WPA and WPA2 security thus enabling WPA-2 Only mode on the phone will cause all your connection attempts to fail).
   => Go to "EAP plug-in configuration"
  - Enable "EAP-PEAP" and make sure that "EAP-SIM" and "EAP-AKA" are disabled (via Options -> Disable)
   => Select "Configure" for EAP-PEAP authentication method
   - Leave "Personal Certificate" to "Not defined"
  - Select "Thawte Premium Server CA" to be used as an "Authority certificate"
  - Set "User name in use" to "User defined" (since there is no Personal Certificate where it could be read automatically)
  - Enter your username (McGill Username) to "Username" field
  - Set "Realm in use" to "User defined" and leave following "Realm" field empty.
  - Note that in case your username (McGill Username) contains the realm (i.e. format is username@realm ) then you can enter realm part of your ID to "Realm" field and enter only the username part to the "Username" field.
  - Configure "Allow PEAPv0" to Yes
  - Configure both "Allow PEAPv1" and "Allow PEAPv2" to "No"
  => Go to "EAP's" tab to configure inner authentication method for the PEAP (use the small arrow pointing right on top of the screen to move between tabs)
  - Enable "EAP-MSCHAPv2" authentication method and Disable all other methods (Option -> Enable / Disable)
  - Select "Edit" for the EAP-MSCHAPv2
  - Enter you username (McGill Username) to "User name" field
  - Configure "Prompt password" to No or Yes depending on whether you want your password to be prompted everytime you make an connection or if you prefer saving your password to following "Password" field permanenly so that it won't be prompted during everytime you connect to this WLAN network with PEAP/EAP-MSCHAPv2 authentication.
  - If you you selected "No" to password prompting then enter your password (McGill Password) to "Password" field.
  => Exit the configuration with "Back" (several times) and you should hopefully be able to connect with this setup.
  If needed you can also change the priority order of the connection methods (IAP's) within the Internet Destination since your new connection most likely ended up being lowest priority WLAN connection within your Internet destination. This should however not be a problem unless you have some other WLAN networks defined as an IAP and these other WLAN networks are simultaneously available at the location of the wpa.mcgill.ca WLAN network.
  Hope this helps you to get connected!!
  Message Edited by saataja on 17-Sep-2009 05:16 PM

• Airport Express broadcasting both WPA2 Personal and WPA2 Enterprise?

  We were recently scanning for wireless access points for a client using a product called Vistumbler.  The client had two older Airport Express wireless routers, set to use WPA2 Personal, but Vistumbler was detecting both WPA2 Personal and WPA2 Enterprise during the scans. Has anyone else seen this before with any other routers or scanning software? If so, was there a way to only broadcast the current encryption setting?

  The AirPorts can be set to WPA2 Personal.......OR........WPA2 Enterprise, but only one setting can be activated at a time.
  In the highly unlikely event that the AirPort Express devices are really broadcasting with two different types of encryption, the devices either have corrupted software settings, or they are defective.
  Try another scanner......like WiFi Scanner, located in the Utilities folder of the Mac,  or another application to see if you get the same results.

• Support for WPA-Enterprise, WPA2-Enterprise wifi s...

  hi all
  I try to connect my phone to corporate wifi but failed because the phones hangs. my company uses WPA2-Enterprise wifi. my phone clearly works with WPA2-Personal wifi security at home. will these profiles of security be supported in future update?

  Although this is the right section for this question, let us continue with your original post …

• WiFi WPA2 enterprise

  I’m encountering problem setting up a wifi wpa2 Enterprise on my Iphone 4s. I set it up using Iphone configuration utility and settings are correct. The problem is that the connection don’t works. I’m sure setting are correct because I set it up the same wifi also on the Airbook with Lion and parameter and certificates used for authentication are exactly the same. Any idea on why on the iphon it don’t work?
  Below some the log file.
  Thanks
  andrea
  Jan 11 16:14:18 Scoia-Aifone Preferences[558] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0xde41320:<VPNBundleController: 0xde41320>): _serviceCount(1), serviceCount(1), toggleInRootMenu(1), RootMenuItem(1)
  Jan 11 16:14:20 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
  Jan 11 16:14:20 Scoia-Aifone timed[679] <Notice>: (Note ) CoreTime: Not setting system time to 01/11/2012 15:14:20 from NTP because time is unchanged
  Jan 11 16:14:20 Scoia-Aifone eapolclient[680] <Notice>: en0 START
  Jan 11 16:14:20 Scoia-Aifone timed[679] <Notice>: (Note ) CoreTime: Not setting time zone to Europe/Rome from Location
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA_8021X, key = CIPHER_NONE    , 802.1X .
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANJoinManager::handleAssoc(): status = 2, reason = 0, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:21 Scoia-Aifone wifid[29] <Error>: WiFi:[347987661.158384]: Processing link event UP
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANJoinManager::handleAssoc(): status = 2, reason = 0, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: [14591.399631250]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -73, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 1, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Up on en0
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: en0: BSSID changed to 00:3a:98:7d:ee:30
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2843 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
  Jan 11 16:14:22 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:24 Scoia-Aifone mDNSResponder[47] <Error>: mDNS_RegisterInterface: Frequent transitions for interface en0 (FE80:0000:0000:0000:F2CB:A1FF:FECB:ED60)
  Jan 11 16:14:26 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:11 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:27 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::checkRealTimeTraffic(): set roam parameters: counters Rx:1204 Tx:22
  Jan 11 16:14:28 Scoia-Aifone eapolclient[680] <Notice>: en0 TLS: authentication failed with status 1
  Jan 11 16:14:28 Scoia-Aifone wifid[29] <Error>: WiFi:[347987668.238433]: Network WIFI3D Both autojoin and user join dates are NULL
  Jan 11 16:14:28 Scoia-Aifone wifid[29] <Error>: WiFi:[347987668.246099]: Processing link event DOWN
  Jan 11 16:14:28 Scoia-Aifone eapolclient[680] <Notice>: en0 STOP
  Jan 11 16:14:28 Scoia-Aifone eapolclient[681] <Notice>: en0 START
  Jan 11 16:14:28 Scoia-Aifone Preferences[558] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0xde41320:<VPNBundleController: 0xde41320>): _serviceCount(1), serviceCount(1), toggleInRootMenu(1), RootMenuItem(1)
  Jan 11 16:14:28 Scoia-Aifone wifid[29] <Error>: WiFi:[347987668.683288]: Processing link event UP
  Jan 11 16:14:28 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:18 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::handleDeauth(): status = 0, reason = 23, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::leaveNetworkAsync(): kDeauthdCurrNetwork already set. Skipping call to leaveNetworkASync
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 8, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA_8021X, key = CIPHER_NONE    , 802.1X .
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: [14598.930095541]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 8, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Up on en0
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: en0: BSSID changed to 00:3a:98:7d:ee:30
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2843 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:31 Scoia-Aifone eapolclient[681] <Notice>: en0 TLS: authentication failed with status 1
  Jan 11 16:14:31 Scoia-Aifone wifid[29] <Error>: WiFi:[347987671.532160]: Network WIFI3D Both autojoin and user join dates are NULL
  Jan 11 16:14:31 Scoia-Aifone eapolclient[681] <Notice>: en0 STOP
  Jan 11 16:14:31 Scoia-Aifone wifid[29] <Error>: WiFi:[347987671.542420]: Processing link event DOWN
  Jan 11 16:14:31 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:18 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:31 Scoia-Aifone eapolclient[682] <Notice>: en0 START
  Jan 11 16:14:31 Scoia-Aifone Preferences[558] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0xde41320:<VPNBundleController: 0xde41320>): _serviceCount(1), serviceCount(1), toggleInRootMenu(1), RootMenuItem(1)
  Jan 11 16:14:31 Scoia-Aifone wifid[29] <Error>: WiFi:[347987671.974798]: Processing link event UP
  Jan 11 16:14:31 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:21 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::handleDeauth(): status = 0, reason = 23, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::leaveNetworkAsync(): kDeauthdCurrNetwork already set. Skipping call to leaveNetworkASync
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 11, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA_8021X, key = CIPHER_NONE    , 802.1X .
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: [14602.222531083]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 12, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Up on en0
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: en0: BSSID changed to 00:3a:98:7d:ee:30
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2843 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:34 Scoia-Aifone eapolclient[682] <Notice>: en0 TLS: authentication failed with status 1
  Jan 11 16:14:34 Scoia-Aifone wifid[29] <Error>: WiFi:[347987674.708487]: Network WIFI3D Both autojoin and user join dates are NULL
  Jan 11 16:14:34 Scoia-Aifone wifid[29] <Error>: WiFi:[347987674.716635]: Processing link event DOWN
  Jan 11 16:14:34 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:21 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:34 Scoia-Aifone eapolclient[682] <Notice>: en0 STOP
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::handleDeauth(): status = 0, reason = 23, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::leaveNetworkAsync(): kDeauthdCurrNetwork already set. Skipping call to leaveNetworkASync
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -76, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 14, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
  Jan 11 16:14:37 Scoia-Aifone mDNSResponder[47] <Error>: DeregisterInterface: Frequent transitions for interface en0 (FE80:0000:0000:0000:F2CB:A1FF:FECB:ED60)
  Jan 11 16:14:39 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:24 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2

  I did see those screenshots however that settings screen comes from selecting the Configure button next to the Authentication Method in the User Authentication section under Users.  In each of your screenshots, the RADIUS Server ID number is 1 so I would also ensure that I've configured RADIUS Server ID 1 which can only be configured by going to Users -> RADIUS Servers.
  All that said, I did see that your tests succeeded and I also don't understand the point of having RADIUS settings on the other screens and then having RADIUS ID info.  My thinking is that you would be able to configure RADIUS once in the Users -> RADIUS Servers screen and then select the RADIUS Server ID in all the remaining screens without having to enter the RADIUS info over and over again.  It would also think that you could skip the Users -> RADIUS Server screen and enter the RADIUS information over and over again and it should work...just like you set it up originally.  However, based on past experience of programmatic errors, I would recommend configuring the RADIUS Server ID 1 under Users -> RADIUS Servers if you haven't already...just in case. 
  Shawn Eftink
  CCNA/CCDA
  Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

• WiFi WPA2 Enterprise not workign

  Hi 
  I am the network administrator of Wi Fi over Enterprise, we have now 100 users trying to connect with Playbook but it have not been posible. we use WPA2 Enterprise EAP-TLS. First it was very dificult to download the cert to the device, We have accomplish that but we have not been able to connect toour network. 
  we use GeoTrust Global CA and Equifax Secure Certificate Authority.
  Thanks in advance.

  Hi rafaelsus
  May be this kb's From BB database can help you on that!
  KB27269
  KB03735
  KB04359
  KB05227
  KB02068
  KB19236
  Hope this helps you!!
  Please give kudos or mark as a solution if this was helpful!! Thanks!!!!!!

• Bridging a WPA2 Enterprise Radius Server (Lion Server) to Apple TV

  Hello,
  I was wondering if anyone can help me out with this setup that I have with Lion Server. Recently I set up my Airport Extreme to use Radius and bind it to my Lion Server for Authentication. Radius works with most of my devices, except for my ATV2 (which is in a different room from the AIrport Extreme.) As most of you may know, ATV2 doesn't support WPA2 Enterprise networks.
  Ideally what I would like to do is have the Apple TV connect to my wireless network for all of my videos that are shared on a HD connected to my Lion Server. I was thinking about looking for a WPA2 enterprise wireless bridge with an Ethernet port so that I can connect the ATV to the bridge and have the bridge connect to my Airport Extreme. However, here is what I can not figure out. How can I get that bridge to authenticate to the Radius Server on Lion Server? From my understanding the Radius service on the Lion Server uses its own proprietary radius server to where I couldn't get the bridge to cnnect.
  Please let me know your thoughts. If it helps, I have a 1st generation TC that I can place in the other room. However, I couldn't see any functionality in Airport Utility that would allow me to bridge that box to the WPA 2 Enterprise network.

  Hello,
  I was wondering if anyone can help me out with this setup that I have with Lion Server. Recently I set up my Airport Extreme to use Radius and bind it to my Lion Server for Authentication. Radius works with most of my devices, except for my ATV2 (which is in a different room from the AIrport Extreme.) As most of you may know, ATV2 doesn't support WPA2 Enterprise networks.
  Ideally what I would like to do is have the Apple TV connect to my wireless network for all of my videos that are shared on a HD connected to my Lion Server. I was thinking about looking for a WPA2 enterprise wireless bridge with an Ethernet port so that I can connect the ATV to the bridge and have the bridge connect to my Airport Extreme. However, here is what I can not figure out. How can I get that bridge to authenticate to the Radius Server on Lion Server? From my understanding the Radius service on the Lion Server uses its own proprietary radius server to where I couldn't get the bridge to cnnect.
  Please let me know your thoughts. If it helps, I have a 1st generation TC that I can place in the other room. However, I couldn't see any functionality in Airport Utility that would allow me to bridge that box to the WPA 2 Enterprise network.

• Aiport Express bridge or repeater-  WPA2 Enterprise?

  Hello-
  If I buy an Airport Express, will it connect to a WPA2 Enterprise network and either:
  -- repeat that network via wireless, extending the range
  -- connect to the network and share the connection via ethernet
  If not, might an airport extreme do this?
  Thanks in advance.

  Not sure how definitive an answer that you need.
  Apple's specification page on the AirPort Express(n) states that the device will only support WPA-Personal when joining an existing network. (I read "existing" as a non-Apple created network), so WPA Enterprise would not be supported.
  We know for a fact that the Airport Express(n) will only "extend a wireless network"...IF...the network has been created by another Apple(n) router as Duane has stated.

• WPA2 Enterprise and autonomous 1231

  I have a bunch of standalone AIR-AP1231G-A-K9 running c1200-k9w7-mx.123-8.JEC2/c1200-k9w7-mx.123-8.JEC2 which is currently setup for guest and company ssid. The guest I don't care but for company, it goes back to a Microsoft IAS radious Certificate Authority using WEP. I want to migrate to WPA2 Enterprise without effecting the current setup so want to create some type of testing. Can I do so or do I need to blow away wavenet with WEP altogether. If so, any sample configs out there?

  Since you'll have to touch all the clients in order to change your security/encryption, why not add another SSID and define it as WPA2/Enterprise and point it to the same IAS server? I'm pretty sure that IAS will support that (I know your AP's will). Try it on one AP, then configure the others, then migrate your clients (kill the old SSID when you're done).

• WPA2 Enterprise with netctl

  Hi,
  I'm trying to connect to my university wifi which I believe is WPA2 Enterprise protected. I read the wiki about using the Eduroam netctl profile example for WPA2 Enterprise networks but it doesn't seem to work for me. This is what I have:
  Connection='wireless'
  Interface=wlp4s0b1
  Security='wpa-configsection'
  Description="nyu wpa2 network"
  IP='dhcp'
  TimeoutWPA=30
  WPAConfigSection=(
  'ssid="nyu"'
  'key_mgmt=WPA-EAP'
  'eap=PEAP'
  'proto=WPA2'
  'phase2="auth=PAP"' #maybe MSCHAPv2
  'auth_alg=OPEN' #maybe
  'anonymous_identity="anonymous"' # ex: tu-dresden.de
  'identity="myusername"' # ex: [email protected]
  'password="mypassword"'
  'ca_cert="/usr/share/ca-certificates/trust-source/mozilla.trust.crt"'
  Can someone point me to related info or correct my profile? Thanks.

  Does your university have a site with some information/guidance for using eduroam?
  Have you tried other example profiles from here, such as this one and  this one? The wiki refers to this AUR package, which seems to be where you got the profile you've tried. Perhaps try the other example profiles.

• WPA2 Enterprise setup question

  I have been trying to complete a WPA2 Enterprise setup, and I have hit a wall in troubleshooting. The current setup has two SSIDs, but the users only use one of these SSIDs, and that one is setup as WEP (I know...I know). I have been tasked with getting the users on a stronger security setup, and I thought that the best way would be to have them use WPA2 Enterprise, and they would authenticate to the network using their Active Directory user name and password. 
  I have been trying to get the secondary SSID converted over to do this, but I am stuck. I have setup the access point (Cisco 1140) the way that I believe should work, and I have also went through the Radius server (Microsoft Server 2008 R2) and set it up with some suggestions I have ran while researching.
  I am hoping someone can see what I am doing wrong, or guide me to setup a more secure connection. My networking/Cisco skills are intermediate so there are things that I miss or could improve on at times. 
  I am attaching the config on the access point, and some screen shots off of our Radius server.
  The radius server is  10.90.9.9
  SSID that I am trying to configure is AAA
  AP IP address 10.90.6.6
  Please let me know if there is any information that I am missing. I will get it to you right away.
  Edit - One thing I didn't include was that we don't have a certificate for this. Preferably I would like to set this up without a cert, and just have them authenticate with the user/pass from AD. If a cert is needed though, I can get one. Thanks :)
  Thanks.

  Hi Brent,
  Here is a working configuration for similar requirement using ACS as RADIUS server. Hope it is useful for you to get this working.
  http://mrncciew.com/2013/11/14/autonomous-ap-with-external-radius/
  Pls do not forget to rate our responses if it is useful to you.
  HTH
  Rasika

• WPA2 Enterprise connections don't work

  Hi everyone,
  Configuration: MacBook Pro 7,1, 2,4GHz, Mac OS X 10.6.5.
  Three user accounts (one for me, two for friend's backup), two of them have admin rights. I'm using one of these accounts.
  I'm having a strange issue with *WPA2 Enterprise*-based access points, namely, the private one on my university's campus, and the eduroam one. Eduroam is, roughly, a SSID that is available in participating institutions worldwide, and allows connection from personnel registered in any of these institutions without having to ask for a guest access.
  On eduroam, one is supposed to select the eduroam SSID in the list of network available, select "Security: WPA2 Enterprise", and type his institutional email address as a username. "Password" should remain blank for now, and in front of the "802.1X", select "Auto". On clicking the "Connect" button for the first time, a "Check certificate" dialog should appear with three buttons, "Display", "Cancel", "Continue", where one would click "Continue". Finally, a "802.1X authentication" dialog would appear, when a user would put his email address as username, and type in his institutional password to log in. Then, the user would be online without further fuss.
  On my university network, it's even simpler. One should select it, type in the IT login, then the corresponding password, before being allowed to be online.
  On my normal user account, I never get the "Check certificate" dialog for eduroam, an on the uni's network, it never seems to connect. Ultimately, I get the exclamation point over the wireless waves, meaning that the card self-assigned an IP. Then it tries to connect again (the icon is waving), then fails again. No other authentication is affected, and a quick look in the logs doesn't show anything salient.
  On the other user account, the connection to either of these SSID works as written, on the first try.
  So it's no hardware issue.
  I first tried to create a new wireless profile, and recreate the connection. It failed, once again, for both networks.
  So to the Genius Bar I went. Since it's a login issue, we deleted the ~/Library/Keychans/login.keychain item, rebooted. Since the issue couldn't be reproduced in store, he advised me to delete the "session" keychain and reboot if the problem persisted. He asked me if the computer crashed while I was logged in anywhere in the past (before 10.6.5), and yes I said, adding that I let AppleJack do the automated repair. He checked with a colleague, on a tech forum, spent 30 min with me, but came back with the dreaded conclusion that, at least in that store, they ended up doing what he named "partial restore" to correct a similar issue, in contrast to "archive and install".
  Off to the uni I went, and recreating the connection failed again. In the Access Keychain, I then removed the session keychain, with both the references and files (default is reference only), since they referred to passwords I already knew, rebooted, logged in, and tried to connect, to no avail. The other user account still works.
  What else should I try? Ironically enough, I reinstalled OS X more times in two years than I did Windows in eight, and want to avoid the time-consuming step of reinstalling applications, and the very tricky part - ownership issues - of manually importing documents and only selected settings.

  I was chasing a similar authentication issue on OS X ≥ 10.5.8 for quite some weeks. My setup does use MS 2008 Server (AD, NPS, Radius) and SonicWall SonicPoint (multi SSID on VLAN).
  When I started evaluating the different options, I didn't realize such issues But when it came to the final usage guidelines I had serious issue connecting with Mac OS X to the WPA2 Enterprise Network (BlackBerry and iOS was never an issue)!
  I finally did work out, that you can only authenticate once successfully if you use the "Ask to join networks" popup - instead I had to select the network manually from the airport, provide my credentials and select "remember this network"to store the network and it's radius profile! I guess this behavior may have something to do with the credentials stored/reused in/from the keychain for the second login.
  Also, I did notice you have to make sure you quit your system preferences each time you expect a change due to newly stored networks or radius profiles!
  Hope this may help other users to troubleshoot similar issues!