maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Maemo 5 / Fremantle (https://talk.maemo.org/forumdisplay.php?f=40)
-   -   LEAP-WPA2 on N900 . Anyone has done this ? (https://talk.maemo.org/showthread.php?t=37140)

Netweaver 2009-12-14 09:52

LEAP-WPA2 on N900 . Anyone has done this ?
 
Hi,
I'm trying to connect my N900 to the IBM Power9 network via Wifi.
IBM internally uses the LEAP-WPA2 protocol and whatever I try (as this specific combination is not standard available in the N900 wifi connection software), it doesn't work.

On my Ubuntu laptop, running the Wicd connection manager, I had to add this Wicd profile template file to get it working, so something similar I need for Maemo5/N900 :

Code:

name = WPA2-LEAP
author =
version = 1
require username *Username password *Password
-----
ctrl_interface=/var/run/wpa_supplicant
network={
    ssid="$_ESSID"
    scan_ssid=$_SCAN
    auth_alg=LEAP
    key_mgmt=WPA-EAP
    proto=WPA2
    pairwise=CCMP TKIP
    group=CCMP TKIP
    eap=LEAP
    identity="$_USERNAME"
    password="$_PASSWORD"
}

Anyone have an idea to implement something similar on the N900 ? Or would I be better of firing of a bug report ?

I've been seaching through t.m.o. but I've not found any recent or successfull info.

Thanks,
Geert

wtf 2009-12-14 16:44

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
I just tried this today also on my N900. I think the alternative is to change all your devices to use EAP-TLS + certificate, but I'd rather get LEAP on the N900. Hopefully it's possible now or in the near future.

Netweaver 2009-12-14 16:56

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Thanks for trying.
But I guess I'll have hard time convincing IBM (my employer) to change their WiFi authentication techniques worldwide because I'm the lucky owner of an N900 and I would love to use it on their oh-so-precious network :)

I'll raise a bug for it, maybe we can get some support from people seeing the value of more business networking support.

wtf 2009-12-14 17:16

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
I work at IBM US. Are you sure your site doesn't do EAP-TLS? Supposedly a given ID can only use one protocol though.

I just got my N900 and was trying it out for the first time. I had never tried to connect with my 770 or 810, but someone said they had their IPhone working. I wish we just had a secondary network for external wireless access.

mardibloke 2009-12-14 20:12

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
I tried it and could not get it to work either. If you happen to be at an office that has the Visitor network available, jump on that and use intranet id/pwd when prompted at the first web page you open.

egrims 2009-12-15 18:06

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Did any of you submit a bug for this? Ill vote if you did. Id love to see this working so I dont have to vpn while in the building to get access to internal sites...sorta backwards.

Netweaver 2009-12-16 11:35

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Done. https://bugs.maemo.org/show_bug.cgi?id=7034

Please vote it up so it gets some attention.

mardibloke 2009-12-16 12:26

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Thanks for raising it.

Have voted - only takes a couple of minutes, even if you have to register an account.

joseg 2009-12-16 12:49

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
I've voted for it as well.

I've actually switched to using EAP-TLS in the last few days. I've got my linux system working with that and this morning I also tried on my N800 and it works well too. I haven't been able to get it to work on the N900. Any of you guys have managed to make it work (since this seems to be an IBM wireless thread :) )?

I still have to review both the N800 and N900 dmesg outputs and see if I can see any obvious problems because I've configured both in the same way. Do you know if there is any other logs I could look at or enable to obtain further details?

dwould 2009-12-16 15:08

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by joseg (Post 430337)
I've voted for it as well.

I've actually switched to using EAP-TLS in the last few days. I've got my linux system working with that and this morning I also tried on my N800 and it works well too. I haven't been able to get it to work on the N900. Any of you guys have managed to make it work (since this seems to be an IBM wireless thread :) )?

I still have to review both the N800 and N900 dmesg outputs and see if I can see any obvious problems because I've configured both in the same way. Do you know if there is any other logs I could look at or enable to obtain further details?

which linux? my ubuntu doesn't want to play with EAP-TLS, if you happen to have some useful instructions that would be cool

edit: BTW I voted for the bug, but I also included a link to the last time I raised this issue for the n810 ;-(

joseg 2009-12-16 15:28

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by dwould (Post 430488)
which linux? my ubuntu doesn't want to play with EAP-TLS, if you happen to have some useful instructions that would be cool

I use the RHEL based client and configured it through Network Manager. I'll get a live ubuntu running and see if I can get it to work as well.

It is interesting that your N810 doesn't work. The N800 with 5.2008.43-7 works fine. Is there any difference in the wifi hw or kernel module used? The software should otherwise be the same...

Btw, feel free to ping me in ST if you want any more details (search for gomezjos) :-)

joseg 2009-12-17 09:52

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by joseg (Post 430514)
I'll get a live ubuntu running and see if I can get it to work as well.

It worked fine with the Karmic live CD as well.

Netweaver 2009-12-18 15:31

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Some update :
I obtained my certificate for EAP-TLS today and I tried it on my Ubuntu Jaunty laptop (using Wicd instead of Network Manager) and it didn't work. LEAP-WPA2 worked fine on the same laptop though.

Then I also tried the EAP-TLS credentials/certificate on the N900 and it didn't work.

So it seems I'm back to square one :(

Anyone having an idea to investigate this further ? On the laptop I checked the wicd.log file but no useful info in there.

On the N900 I don't know how to get more detailed debug info out of it for this problem ...

Looking through bugzilla I've found these things on EAP-TLS :

Looking at this bug at least the EAP-TLS should work, but not in the most user friendly way : https://bugs.maemo.org/show_bug.cgi?id=1574

Funny enough I've found another bug saying EAP-TLS doesn't work but that might be a different root cause : https://bugs.maemo.org/show_bug.cgi?id=7006

Then we have this one, the EAP-TTLS-PAP bug (Eduroam) https://bugs.maemo.org/show_bug.cgi?id=1635
Again not connected I think as it's talking about TTLS and not TLS.

Did anyone run EAP-TLS successfully on a N900 either in or outside IBM ?

To my IBM colleagues, what's the issue with a previous remark made, the possibility that one internal account can only be assigned to one authentication method ? Is that a real restriction internally with us ? LEAP-WPA2 or EAP-TLS ?

Cheers,
Geert

Edit : For the IBM people, I also chipped in on an IBM OCDC forum thread on EAP-TLS. Maybe someone has some ideas there : http://ibmforums.ibm.com/forums/thre...rt=15&tstart=0

braincreation 2009-12-21 20:22

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Somehow I knew IBM employees would clump together on this issue. Great to see others out there. So we have an unofficial IBM-N900 Club based around LEAP.

kingrhy 2009-12-22 06:26

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
ha,look lik i found my orgnization here.my colleagues .
i come from IBM china.and i have n900 too.

i think the n900 do not support the LEAP type to connect our internal network. BTW,i try to use eap-tls type,but cannot work f.even i cannot get help from my helpdesktop .they tell me they are not support this method i think we just hope maemo can add LEAP type to N900 in future.

if anyone can add this function in n900 and make it work fine in IBM internal wireless lan ,pls share to everyone who have own n900.

we can talk about this powerful device in st.contact me via st.
just type ranhuaiy.

truelies1 2010-01-07 21:02

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
My company also using LEAP, it doesn't work with N900. It keeps asking WEP code.

qole 2010-01-08 00:25

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
BONK.

Resolved WONTFIX.

"Cisco itself is phasing out LEAP due to weaknesses found in its security model. Therefore Maemo has no plans to support it."

jakiman 2010-01-08 03:33

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Umm. Why care that they are going to phase it out when nearly EVERY Cisco implementation in the world currently uses LEAP in the enterprise sector. That's dumb. I work in Symantec and we also use WPA2-LEAP at work. My work mates with Nokia symbian phones connect fine but my N900 doesn't have WPA2-LEAP so I can't.

*Sonic* 2010-01-31 10:31

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
On wireless training last week we were told the same thing about LEAP and to not use it anymore despite customers may request it

Or we get it in writing that they know the implications :)

hawaii 2010-01-31 17:00

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
I have WPA2+LEAP+SelSigned Cert working on my N900 just fine.

I had to contact the almost useless network admin to get the cert. Worked on my S60 devices, works on my N900 - however I haven't been able to get it working on my Debian/sid laptop with wpa_supplicant.

dwould 2010-02-02 11:12

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
People in this thread might like to go vote for:
https://bugs.maemo.org/show_bug.cgi?id=7764
it's not LEAP, but it does effect EAP-TLS specifically at IBM due to a bug with an expired certificate on the N900
Those that have EAP-TLS working may find it stops working next time you have to renew your cert.

twaelti 2010-02-03 09:33

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Please tell everyone not to use LEAP anymore. If indeed IBM is still using LEAP, then it must be a bad joke, as they are risking their credibility in the IT security field. LEAP was hacked 7 years ago, and automated tools have been around since six years...
Just ask Wikipedia or google for "cisco leap hack",

Or port/compile this and hack away on your N900 :-)

truelies1 2010-02-03 15:12

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by hawaii (Post 503962)
I have WPA2+LEAP+SelSigned Cert working on my N900 just fine.

I had to contact the almost useless network admin to get the cert. Worked on my S60 devices, works on my N900 - however I haven't been able to get it working on my Debian/sid laptop with wpa_supplicant.

My company is WEP+LEAP, in the laptop we don't need a Cert. Just wondering if I also need Cert for N900?

jonquark 2010-02-03 19:07

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by truelies1 (Post 508758)
My company is WEP+LEAP, in the laptop we don't need a Cert. Just wondering if I also need Cert for N900?

You can't use LEAP with the N900. If you could you wouldn't need a certificate. If that is the only protocol your company supports you won't be able to use the N900 with your wifi network.

However your company should be looking to support something other than LEAP. It is considered insecure and even Cisco (the inventor) recommends upgrading.

(My employer IBM, also supports EAP-TLS but there are other problems with that)

hawaii 2010-02-03 21:33

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
I use LEAP on my school network every single day. It requires their self-signed certificate however.

jonquark 2010-02-03 22:25

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by hawaii (Post 509355)
I use LEAP on my school network every single day. It requires their self-signed certificate however.

If you're using a maemo device you can't be using LEAP as it's not supported:
https://bugs.maemo.org/show_bug.cgi?id=3655

planetf1 2010-02-04 07:11

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
I'm fortunate enough to have a cert that seems to work.

Thought -- can the IPS certificate simply be deleted? Might need a hunt around the filesystem? Would that help?

My cert is due for renewal in around 1-2 months, so it will be interesting (painful) to see what happens as I'll know that's the only change

jonquark 2010-02-04 09:17

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by planetf1 (Post 509961)
Thought -- can the IPS certificate simply be deleted? Might need a hunt around the filesystem? Would that help?

Unfortunately deleting the certificate won't help:
http://talk.maemo.org/showpost.php?p...7&postcount=11
I think we need a fix from Nokia :/

Dr_Zeee 2010-02-26 19:59

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
I am also working at IBM and I hate Nokia for not implementing LEAP support. All my peers have iPhones and the iPhone works perfect with LEAP. It is a shame.

Dr_Zeee 2010-02-26 20:02

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Do you really think that IBM (360,000 employees) will switch the internal WLAN protocoll from LEAP to another protocol just because you said so? Funny :-)

jonquark 2010-02-26 20:14

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by Dr_Zeee (Post 548125)
Do you really think that IBM (360,000 employees) will switch the internal WLAN protocoll from LEAP to another protocol just because you said so? Funny :-)

IBM also supports EAP-TLS so they don't need to move off the (insecure) LEAP because Nokia said so. They are already doing it. A number of IBMers have connected their N900's to the IBM corporate network using EAP-TLS... though some people (including me) are having a problem with that too:
https://bugs.maemo.org/show_bug.cgi?id=7764

truelies1 2010-02-26 21:01

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by jonquark (Post 548143)
IBM also supports EAP-TLS so they don't need to move off the (insecure) LEAP because Nokia said so. They are already doing it. A number of IBMers have connected their N900's to the IBM corporate network using EAP-TLS... though some people (including me) are having a problem with that too:
https://bugs.maemo.org/show_bug.cgi?id=7764

I think IBM has a lot of work location. Some may have EAP-TLS, others not. Good to hear iphone supports LEAP. Are they also support WEP-LEAP?

I certainly asked my CEO to change the LEAP since Nokia asked so, he said:" Will Nokia do this for us?"

theflew 2010-02-27 00:07

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by truelies1 (Post 548198)
I think IBM has a lot of work location. Some may have EAP-TLS, others not. Good to hear iphone supports LEAP. Are they also support WEP-LEAP?

I certainly asked my CEO to change the LEAP since Nokia asked so, he said:" Will Nokia do this for us?"

Over 14K work locations worldwide. More work locations than a lot of companies have employees.

Dr_Zeee 2010-03-02 08:39

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Let's be honest: few people inside IBM are using EAP-TLS and a lot of companies outside IBM are using Leap. So we are not talking about a minor niche protocoll that is relevant for a few people. Nokia simply ignores the Leap protocoll since a number of years. Don't tell me Nokia knew years ago that Leap has security issues... How can you produce smartphones and not enable them with one of the most popular protocolls that company networks are using? The answer: ignorance - which is why the iPhone has ravaged: Apple seems to care about what users want to DO with their device (and Leap is just one example) while Nokia doesn't give damn. Why? Because they are the market leader so they don't have to listen to the customer - right? Ignorance is bliss. If they won't implement Leap with the next firmware update I'll sell my N900 and buy an iPhone. I am fed up with the N900 smartphone that can't connect to the WLAN at work. And I am also fed up with Nokia's arrogant attitude.

Quote:

Originally Posted by jonquark (Post 548143)
IBM also supports EAP-TLS so they don't need to move off the (insecure) LEAP because Nokia said so. They are already doing it. A number of IBMers have connected their N900's to the IBM corporate network using EAP-TLS... though some people (including me) are having a problem with that too:
https://bugs.maemo.org/show_bug.cgi?id=7764


truelies1 2010-03-02 14:24

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
I think I will also go to iphone. Then I know why Nokia was defeated by Apple.

planetf1 2010-03-09 16:53

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Another request for anyone having EAP-TLS issues to vote for https://bugs.maemo.org/show_bug.cgi?id=7764 -- I've now had a new certificate and am no longer to connect via maemo, although fedora is working just fine with my new certs.

There's something wrong in the certificate handling -- and I don't believe it's an expired certificate, but something else to do with validation

kat_ams 2010-03-22 00:33

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by Dr_Zeee (Post 552154)
. If they won't implement Leap with the next firmware update I'll sell my N900 and buy an iPhone. I am fed up with the N900 smartphone that can't connect to the WLAN at work. And I am also fed up with Nokia's arrogant attitude.

When you bought the n900 did you not realize that it's an OPEN platform. If you want a feature go and build it! then share it with the community.
IBM has so much Linux experience, just have an IBM programmer quickly throw together a LEAP connectivity application and publish it to the n900 users within the company.

This is your freedom by using the Maemo (debian/gnu/linux) platform.

Stop complaining and start programming!

galets 2010-08-24 21:13

Re: LEAP-WPA2 on N900 . Anyone has done this ?
 
Quote:

Originally Posted by truelies1 (Post 552476)
I think I will also go to iphone. Then I know why Nokia was defeated by Apple.

Indeed. I owned N900 for almost a year and it still completely frustrates me how Nokia just won't give a sh#t about usability. "implementing old deprecated stuff is low priority" my ***, who cares that customers need it.


All times are GMT. The time now is 04:01.

vBulletin® Version 3.8.8