maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Nokia N900 (https://talk.maemo.org/forumdisplay.php?f=44)
-   -   How to connect to WPA2 PEAP MSCHAP v2 ? (https://talk.maemo.org/showthread.php?t=73283)

pavlik 2011-05-20 18:12
How to connect to WPA2 PEAP MSCHAP v2 ?
 
Hello!

When I try to connect to corporate enterprise WPA2 WiFi with n900 I get an error: "Authentication failed. Try again?" syslog shows the following:

Quote:
May 24 09:50:34 Nokia-N900 EAP[1573]: certman_main.cpp(174): ERROR Invalid certificate '/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority'
May 24 09:50:34 Nokia-N900 EAP[1573]: certman_main.cpp(174): ERROR Invalid certificate '/C=WW/O=beTRUSTed/CN=beTRUSTed Root CAs/CN=beTRUSTed Root CA'
May 24 09:50:34 Nokia-N900 EAP[1573]: certman_main.cpp(174): ERROR Invalid certificate '/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de'
May 24 09:50:34 Nokia-N900 EAP[1573]: certman_main.cpp(174): ERROR Invalid certificate '/C=ES/ST=BARCELONA/L=BARCELONA/O=IPS Seguridad CA/OU=Certificaciones/CN=IPS SERVIDORES/emailAddress=ips@mail.ips.es'
May 24 09:50:35 Nokia-N900 EAP[1573]: certman_main.cpp(174): ERROR Invalid certificate '/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de'
May 24 09:50:35 Nokia-N900 EAP[1573]: certman_main.cpp(259): ERROR /O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)00/CN=VeriSign Time Stamping Authority CA verification fails
May 24 09:50:35 Nokia-N900 EAP[1573]: Server certificate not valid (error 18=self signed certificate)
May 24 09:50:35 Nokia-N900 wlancond[1158]: Disassociating
May 24 09:50:35 Nokia-N900 kernel: [ 490.121276] wlan0: disassociating by local choice (reason=3)
May 24 09:50:35 Nokia-N900 wlancond[1158]: Scan issued
May 24 09:50:35 Nokia-N900 wlancond[1158]: SIOCGIWAP: 00:00:00:00:00:00
May 24 09:50:35 Nokia-N900 EAP[1573]: EAP 2.0.39+0m5 quitting.
May 24 09:50:35 Nokia-N900 icd2 0.87+fremantle10+0m5[1238]: EAP: [aa05dd8f-c513-4a01-8aed-c5895fb44151] Error sending stop request: Cannot create EAP stop request (org.freedesktop.DBus.Error.NoMemory)
May 24 09:50:35 Nokia-N900 icd2 0.87+fremantle10+0m5[1238]: EAP: [aa05dd8f-c513-4a01-8aed-c5895fb44151] EAPd stop failed
May 24 09:50:35 Nokia-N900 icd2 0.87+fremantle10+0m5[1238]: EAP: [aa05dd8f-c513-4a01-8aed-c5895fb44151] authentication failed because EAP_FAILED received: EAP authentication failed (com.nokia.icd.error.wlan_authentication_failed)
IT refused to provide me with certificate but from what I have seen when connecting Windows Vista laptop this self-sighned certificate expired last year. I know nothing about WiFi encription and certificates but judging from the fact that all other devices I tried( iphone, linux laptop and vista laptop, Android HTC Thunderbolt) connect without any problem I guess certificate is not required for this type of connection. So a question:

Is there any way to tell n900 to ignore certificate for this type of connection and just use username and password?

many thanks in advance.

abuelmagd 2011-12-28 08:46
Re: How to connect to WPA2 PEAP MSCHAP v2 ?
 
I have the same issue but does our phone support WPA2 to begin with? I don't have that option in the authentication methods

don_falcone 2011-12-28 09:58
Re: How to connect to WPA2 PEAP MSCHAP v2 ?
 
"WPA pre-shared key" works as i setup my AP to just use WPA2-AES. Just set "WPA2-only mode" in Advanced settings. Also, EAP type can be chosen for "WPA with EAP": PEAP (=user/password), TLS (=certificate), TTLS.

buchanmilne 2011-12-28 11:24
Re: How to connect to WPA2 PEAP MSCHAP v2 ?
 
There is an existing thread about WPA2 EAP/PEAP/MSCHAPv2, and there, I ask for some details of your setup (e.g. exact username or at least the form it has, compared to what you use on other platforms).

Have you looked there? Can you provide the details?

Otherwise, you may want to try and extract the certificate presented, and load that as a trusted cert .... but I am not sure what the easiest way to do this is, and whether it will work with an expired cert ...

I can't remember if N900 actually does all certificate validation (wpa_supplicant doesn't by default, IIRC), but my work setup does actually have a working PKI setup, with EAP cert issued by internal CA, which is loaded on my phone, and renewed as necessary.

I really have had fewer problems with N900 than:
-Windows XP (worst)
-Windows Vista (2nd worst)
-Symbian (bad)
-Windows 7 (not too bad)
-Linux (mostly no issues, unless you want specific behaviour ...)

The only one that was easier was:
-Mac OS X (easiest, as it presents the EAP certificate and asks if you want to trust it ...).


All times are GMT. The time now is 15:34.

vBulletin® Version 3.8.8