Hi All,
I am trying to connect company-owned / unmanaged Android 11 devices to a Cisco WAP SSID using our public certificate wireless.fqdn
For my Galaxy A20 Android 11 phone , when connecting the SSID the phone returns:
'couldn't connect to network'
'couldn't authenticate connection'
On the NPS Server, the wireless.fqdn certificate is installed in the Certificates (Local Computer) Personal / Certificates container
We are using Windows NPS/PEAP/MS-CHAPv2 which I believe requires a certificate on the server-side only
I belive PEAP encapsulates the EAP type MS-CHAPv2 authentication in a secure TLS tunnel.
As a further configuration item, I installed the wwireless.fqdn certificate into the cert store on my Android device (User certificates, installed for WiFi)
NPS / RADIUS Server is Windows Server 2016 Datacenter
NPS Role installed with the following Windows NPS Policy
Connection Request Policy:
Wireless connections, NAS Port Type: wireless - other or wireless IEEE 802.11
Network Policy: Staff
CONDITIONS:
Wireless - Other OR Wireless IEEE 802.11
Windows Groups: ADDSGroup
Calling Station ID: ^[^:]+:SSID$
CONSTRAINTS:
EAP TypesMicrosoft: Protected EAP (PEAP)
Edit / certificate issued to: wireless.fqdn
Issuer: DigiCert TLS RSA SHA256 2020 CA1
Enable Fast Reconnect
EAP Type:
Seure password (EAP-MSCHAP v2)
Android 11:
I got into settings / biometrics and security
Other security settings
PFX user certificates: wireless.fqdn installed for WiFi (contains root/intermediate/cert chain)
View security certificates / system / CA root
No user certificates
Click the WiFI SSID / manage
EAP method: PEAP
Enter identity / password
CA certificate: Use system certificates (if I choose 'select certificate' there is nothing to select, android stated in a red color "CA certificate must be selected")
Online certificate status: don't validate
Domain: wireless.fqdn
When connecting to the SSID the phone returns:
'couldn't connect to network'
'couldn't authenticate connection'
MAC of Android phone not in NPS logs
Hope someone with more experience can assist.
Thanks!
Related
Hi Guys
I need some help connecting to Wifi 802.1x with PEAP security at work.
I tried the following steps:
"Open Wi-Fi Settings from Settings, Wireless & Networks
If need be, write down the SSID of the 802.1x network (Case sensitive)
Select Add Wi-Fi network
Enter the SSID, select security 802.1x Enterprise, EAP method is PEAP, Phase 2 authentication is None, CA certificate and Client certificate are N/A, Identity is your RADIUS or Domain Authentication username, Anonymous Identity can be left blank, and Wireless password is the password to match your RADIUS or Domain Authentication password."
But after i finish the above config the SSID network is just saved in my WiFi list. It does not detect the network and connect to it. (it does not show the icon to the right which says the network is broadcasting)
Please help!
any answers???
You could try the FullWifi app. Something in the standard wifi app seems to be defunct at least on my captivate so I'm using the FullWifi app to setup the network.
Give it a shot. Can't hurt.
I run 802.1x encrypted with AES and EAP via a Win 2k8R2 server running NPS (RADIUS) and authenticating via MSCHAPv2 to Active Directory at home. Yeah, I'm kind of a geek.
Anyhow, try this: Delete (or 'forget') your network from Android. Since you said your network is brocadasting the SSID, just chose the right network from the list. Choose the following settings:
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
CA cert: Unspecified (Adding certs to Android is a PITA)
User cert: Unspecified
Identity: <userid> (NOT <domain>\<userid> or any permutation and it is cASe SeNsiTivE).
Anonymous identity: _blank_
Password: <password>
Press Connect.
If this does not work, repeat using different Phase 2 Auth.
If the RADIUS server is Linux, try None, then PAP, then MSCHAP, then MSCHAPV2.
If the server is Windows, try MSCHAPV2, then MSCHAP, then None, then PAP. Try GTC last, as it is the least used that I've seen.
If the server is OS X, then just give up dude. Macs suck so hard that I'm surprised it hasn't swallowed up your network and given everyone that you've ever known cancer.
I really hope this helps.
Awesome fatbas202, your instructions worked for me. The default Phase 2 authentication won't work - TRY "MSCHAPV2" if you want to connect to PEAP wireless network at office/school. Thanks a million!
bking007 said:
Awesome fatbas202, your instructions worked for me. The default Phase 2 authentication won't work - TRY "MSCHAPV2" if you want to connect to PEAP wireless network at office/school. Thanks a million!
Click to expand...
Click to collapse
Word.
10char
Hey I am trying to connect my Android device to a WPA2-Enterprise network.
I have exported my CA certificate and changed the extension to *.p12 so that android can import it.
I connected my work laptop and check on the wireless properties it shows the following:
Security Type: WPA2-Enterprise
Encryption type: AES
Authentication Method: Certificate
After I imported my certificate and click on the wireless connection it only provides me with a EAP method, which my laptop does not use because when I switch from certificate to "Microsoft: Protected EAP (PEAP)". Since I don't have password to connect to the WPA2-Enterprise 802.1x wireless, I would imagine it would be the same on my Android device "I tried my phone and tablet"..only using my windows credentials to connect for example domain\username and pw.
Any ideas?
Maybe I need to convert the certificate instead of changing the extension to *.p12?
I tried using Wifi Advanced Editor from the Market but no luck....has anyone run into this type of situation where you use certificates and no EAP?
Anybody???
Sensation - MIUI, various from 1.11.25 to 2.1.13 - EAP Wifi problem
I too have suffered from this problem and dispite looking at various bulletin boards have found no solution. I have tried different kernels, advanced wifi configurator and have the same problem.
Frustratingly it is not always present as an issue, sometimes it will connect and others it will not. If I find any more info, I will update this post
Any update on this, also wanting to connect my Razr to my work network
Any updates on this?
Hey I am trying to connect my Android device to a WPA2-Enterprise network.
I have exported my CA certificate and changed the extension to *.p12 so that android can import it.
I connected my work laptop and check on the wireless properties it shows the following:
Security Type: WPA2-Enterprise
Encryption type: AES
Authentication Method: Certificate
After I imported my certificate and click on the wireless connection it only provides me with a EAP method, which my laptop does not use because when I switch from certificate to "Microsoft: Protected EAP (PEAP)". Since I don't have password to connect to the WPA2-Enterprise 802.1x wireless, I would imagine it would be the same on my Android device "I tried my phone and tablet"..only using my windows credentials to connect for example domain\username and pw.
Any ideas?
Maybe I need to convert the certificate instead of changing the extension to *.p12?
I tried using Wifi Advanced Editor from the Market but no luck....has anyone run into this type of situation where you use certificates and no EAP?
I own a few Android devices (an Android 2.3 mobile, an Android 4.0.4 tablet, and an Android 4.1.1 tablet). All of them cannot connect to a PPTP VPN server (it's Windows Server 2008 based, using MS CHAP2 for authentication) with MPPE (PPP encryption) option selected in the client side. Even that a device was rooted and VPNroot (the latest version) is used, the connection still fails. From the log of VPNroot, the error log is "MPPE required but peer negotiation failed". However, if the MPPE option is deselected, devices can connect the PPTP VPN server. Besides, the same can be connected from Windows XP & Windows 7 (with MPPE option enabled).
Due to security issue, I have to connect the PPTP VPN service with MPPE. It makes me unhappy as I cannot use a new tablet due to VPN connection problem. What can I do?
daemongmong said:
I own a few Android devices (an Android 2.3 mobile, an Android 4.0.4 tablet, and an Android 4.1.1 tablet). All of them cannot connect to a PPTP VPN server (it's Windows Server 2008 based, using MS CHAP2 for authentication) with MPPE (PPP encryption) option selected in the client side. Even that a device was rooted and VPNroot (the latest version) is used, the connection still fails. From the log of VPNroot, the error log is "MPPE required but peer negotiation failed". However, if the MPPE option is deselected, devices can connect the PPTP VPN server. Besides, the same can be connected from Windows XP & Windows 7 (with MPPE option enabled).
Due to security issue, I have to connect the PPTP VPN service with MPPE. It makes me unhappy as I cannot use a new tablet due to VPN connection problem. What can I do?
Click to expand...
Click to collapse
VPNroot log attached:
Code:
Connecting to xxxxx port 1723 via wlan0
Connection established (socket = 14)
Sending SCCRQ
Received SCCRP -> Sending OCRQ (local = xxxxx)
Tunnel established
Received OCRQ (remote = xxxxx)
Session established
Creating PPPoX socket
Starting pppd (pppox = 15)
Pppd started (pid = xxxxx)
Using PPPoX (socket = 15)
using channel 3
Using interface ppp100
Connect: ppp100 <-->
Received SLI
MPPE required but peer negotiation failed
Discard non-LCP packet when LCP not open
Discard non-LCP packet when LCP not open
Received SLI
Connection terminated
Received signal 17
Pppd is terminated (status = 10)
Mtpd is terminated (status = 42)
Have you tried open vpn? Cheap vpn service ive been using is http://xtreamvpnworld.blogspot.com
Sent from my WT19i using xda premium
Dear sir
I has android but just use vpn , so i try to set my office VPN up on it. I have the Cisco VPN client set up on my laptop, and here are the settings from it:
Host: vpn.amc.com
Group Authentication
-- Name: AMC
-- Password:xxxxxxx
Transport: Enable Transport Tunneling
-- IPSec over UDP (IPsec/UDP)
Those are really the only options there. Obviously when i connect it has a popup asking for my username and password, and once i enter those, i'm in.
Now on my Droid phone, there are 4 VPN options - PPTP VPN, L2TP VPN, L2TP/IPSEC PSK VPN, and L2TP/IPSEC CRT VPN. i'm pretty sure mine's the PSK (Pre-shared key), so i pick that, and these are the options i have:
VPN Server: (i set this as the host - vpn.amc.com)
Set IPSec Pre-Shared key: (would this be... the password? i thought so, but why does the cisco client have 'name' too?)
Enable L2TP Secret (if checked, it has the option of entering the secret)
and that's it.
I've tried everything, but can't get it to work.
best regards
kantapat