Wifi reconnaissance help needed (N810)
 

We have wireless here at work, but they use some configuration that the IT guys don't sufficiently understand to be able to help me get this working on linux.

What I DO know:
uses infrastructure/access point (not ad-hoc)
hidden network
WPA access required
Windows clients must:
1) install this MS hotfix: KB893357
2) Get a Personal Digital Certificate from an internal website. The server is called a Microsoft Certificate Services and request a user certificate, then install it. I'm certain the server is a Microsoft product if that helps.
3) Select (under Wireless network properties) Network Authentication WPA2, and AES data encryption.
4) Under Authentication, the EAP type is "Smart Card or other Certificate"
5) and trust two local server certificates (that internet explorer seems to magically install)

I was able to download and install the personal and root certificates to my N810.

All certificates I installed are trusted for all three operations (email, web, WLAN).

Some of the wireless configuration options on the N810 allow for a username and password. Despite trying everything I can think of, I've never been prompted for a username and password, just "Authentication failed." So I suspect that I'm not even making it past authentication to the login stage.

What I don't know:
What EAP type to select on my tablet that corresponds to "Smart Card or other Certificate". And how to translate the rest of the settings from Windows-ese to N810 settings.

I've tried virtually ever setting permutation I can think of in the connectivity settings, but so far, I get "Authentication failed." every single time.

What I need
Help discovering the wireless network configuration. If there are some utilities out there that can run on the N810 to help discover how our network is setup. Also, if you can come up with pointed questions that I could simply go ask, those might work too. The IT guys tried to help me set this up, but I exhausted their knowledge. They've got a setup guide for Mac OS too, but it doesn't help me.

If you guys could help me figure this out it would be awesome. One of my friends that works here has an N800, and the IT guys would be interested in a Linux setup guide as well.

I'm not entirely certain that my inability to connect isn't due to this bugzilla issue: https://bugs.maemo.org/show_bug.cgi?id=327

I was the last guy to comment on it and haven't received a response yet.

If you're interested in helping but don't know wtf EAP is (I didn't until I got my tablet), I found this very helpful: http://en.wikipedia.org/wiki/Extensi...ation_Protocol

Re: Wifi reconnaissance help needed (N810)
 

We don't run the same setup, but they are almost certainly using EAP-TLS if they are using certs in a Microsoft authentication environment (which is what it sounds like here).

So here are the settings I suggest you try when creating a new connection:

Connection type: WLAN
Security method: WPA with EAP
EAP type: TLS
Select certificate: your personal certificate
Advanced / Other: you may or may not need to check WPA2-only mode... try both.
Advanced / EAP: you may or may not need to use Manual user name... try both.
Manual user name: your domain ID, WITHOUT specifying the domain.
Don't require client authentication.

This is my best guess... as I said we don't have quite the same environment but maybe someone else here does and can tell you what they use.

Re: Wifi reconnaissance help needed (N810)
 

That was my suspicion too, but I wanted to make sure I didn't taint the perspectives of others in case I was wrong.
Done. Still fails.
I can't. This is the possible bug mentioned above (327).
Done, still fails.
Tried both.
Tried it with and without.
Tried it with and without.

Thanks for trying!

Re: Wifi reconnaissance help needed (N810)
 

Select certificate: your personal certificate
Yeah, nothing else is going to work if you can't use the certificate that is required.

So in Control Panel / Certificate Manager, are there any certs under the User tab? The cert that you think is your personal cert... is it there? Is it under Authorities instead? Or just not there at all?

Re: Wifi reconnaissance help needed (N810)
 

Well I just went the extra mile and generated a personal certificate to import onto my N800/OS2008beta to see if it would install properly.

And it did. No problems, it shows in the "User" tab of Certificate Manager, just as it should. I didn't do anything special to add it to that tab... just import and it automatically figures out what type of cert it is.

And when I create a new connection as I explained above, I'm able to select the personal certificate at the "Select certificate:" stage of the configuration.

So it sounds like there is either a bug in the OS version you are using (but you're on OS2008 too, right?), or that the certificate(s) you imported were in fact root certs and not personal certs.

Hope that helps point you in the right direction.

Test import of a personal digital certificate
 

OK, I went the extra mile again (that's 2 miles, for those keeping count) and made it easy for you to test a personal digital certificate.

I've created a personal digital certificate that I don't mind sharing publicly, so that you and others who think they are having trouble with personal certificates can test it once and for all with a known-good certificate.

Import my certificate and see if it correctly installs into the "User" tab of Certificate Manager.

Here's the process.....

1. Download my (technut canada) personal digital certificate from here:
   http://technut.canada.googlepages.com/cert.p12
   You could open it directly (which starts up Certificate Manager) but I suggest saving it to your memory card somewhere so that you can open it up from within Certificate Manager yourself, to see the whole process.
2. Open Control panel / Certificate manager and tap the "Import" button. Select the "cert" file that you just downloaded.
3. You will be prompted for the password that I used for the certificate. Enter "test".
4. You will be notified that "technut canada" is going to be installed. Tap OK.
5. You will be asked what Trust settings to use. For this test, check the WLAN box. If you were actually importing a real certificate you should check ALL the boxes that cover your intended use. Tap OK.
6. You will be prompted to change the password to be used for safely storing this certificate. Pick your own password (must be at least 5 characters). Tap OK, then enter it again to Verify and tap OK again.
7. You will be notified that "UTN-USERFirst-Client" is going to be installed. This is a related root cert. Tap OK.
8. You will be asked what Trust settings to use. For this test, check the WLAN box. If you were actually importing a real certificate you should check ALL the boxes that cover your intended use. Tap OK.
9. You will be notified that "AAA Certificate Services" is going to be installed. This is also a related root cert. Tap OK.
10. You will be asked what Trust settings to use. For this test, check the WLAN box. If you were actually importing a real certificate you should check ALL the boxes that cover your intended use. Tap OK.
11. If all has gone well, you should see a message "Certificate imported". Tap OK.

Now in the Certificate Manager "User" tab you should see a new cert that was Issued to "technut canada". Congratulations, your import of a personal digital certificate worked correctly.

If that DOESN'T work for anyone, then maybe there is indeed a bug that needs to be addressed.

But if it correctly installed into the "User" tab and yet your own certificate gets installed into the "Authorities" tab, then it is quite likely that you have a root certificate and not a personal certificate. And a root certificate is not going to work as personal authentication.

There's no sense trying to actually use my cert for anything, but if you want to verify that it is available for WLAN connections go ahead and create a new connection and see that you can select the "technut canada" cert as your personal cert.

All that is left now is to clean up by deleting the 3 certs (personal and two roots) that were just installed:

1. In Certificate Manager, View each of the 3 certs and while in View, tap the Delete button.
2. View / Delete the "User" cert for "technut canada"
3. View / Delete the "Authorities" cert for "AAA Certificate Services"
4. View / Delete the "Authorities" cert for "UTN-USERFirst-Client"
5. Close Certificate Manager and you're done.

I hope this will let people verify that there either is, or is not, a bug related to importing personal digital certificates. And by doing so, hopefully they can also determine whether the certificate they have been issued for their WLAN connection is really a personal certificate or a root certificate.

Re: Wifi reconnaissance help needed (N810)
 

Holy crap man, I started to reply to #5 before I saw #6.

To hell with miles, thanks for finishing up that marathon.

I appreciate the effort!

The certificate I generated (on my company's site) does indeed appear under User in the certificate manager. I had no problems importing it either.

I did import two root certs and they appear under Authorities as they should.

But it's still not selectable in the connection configuration.

Your certificate worked fine, even showed up in the wireless config.

My user certificate doesn't have a password, didn't use one on import and the Password button is greyed out.

I did notice that your certificate chain included all three certificates that came in your .p12 file. My User certificate chain only contains my user certificate and my company's authority cert. Only 2 certificates in it... I don't know if that means anything...

I'll try generating a new certificate Monday when I get back to work and let you know how it goes.

Re: Wifi reconnaissance help needed (N810)
 

I think it's OK that your cert didn't have a password... shouldn't be a problem. Good to hear it appears under User.

I believe you checked this before, but your personal cert (under User) does have the Trust set for WLAN, right? Because if not, then it definitely won't be selectable in the connection config.

Since I don't have any experience with your type of setup (we use PEAP+MSCHAPv2), I think I'm out of ideas. But report back on how it goes on Monday, and maybe by then someone with some more experience with cert authentication will turn up in this thread.

Re: Wifi reconnaissance help needed (N810)
 

Yes, both my User cert and the two root ones I downloaded are trusted for WLAN.

Re: Wifi reconnaissance help needed (N810)
 

Has anybody else got any ideas?

I've tried a few things mentioned in https://bugs.maemo.org/show_bug.cgi?id=327, but to no avail.