[maemo-users] WPA difficulties

From: Peter Flynn peter at silmaril.ie
Date: Mon Nov 5 22:48:46 EET 2007
Kalle Valo wrote:
> "ext Peter Flynn" <peter at silmaril.ie> writes:
>> Pretty much everything is working on my N800, including all my WEP 
>> connections. WPA, however, is not.
>> The campus LAN uses a hidden SSID and requires my MAC address and 
>> provides a username and password. This works fine in WPA Enterprise 
>> using Network-Manager on my Ubuntu Gutsy laptop:
>> Network Name: (the SSID)
>> Key: Auto Default
>> Phase2: None
>> Identity: (username)
>> Password: (password)
>> Anon Ident: (username again)
>> Client Cert: none
>> CA Cert: none
>> Priv Key: none
>> Priv Key password: blank
>> In OS 2007, I am using:
>> Connection name: (I made one up)
>> Connection type: WLAN
>> SSID: (the SSID)
>> Network is hidden: checked
>> Mode: Infrastructure
>> Security: WPA with EAP
>> EAP Type: PEAP
>> Select cert: none
>> EAP method: MSCHAPv2
>> Usename: (username)
>> Password: (password)
>> Prompt for password: unchecked (ie No)
>> In Advanced/EAP:
>> Use manual username: checked
>> Manual username: (username)
>> Require client auth: checked
> I think you should try with client auth disabled, because you have
> disabled similar sounding setting (Client Cert) from Network Manager.
>> Is there a known problem with WPA authentication? Or am I doing 
>> something obviously wrong?
> I'm not aware of any big problems with WPA authentication. With EAP
> there's always a Radius server involved, so maybe this is a some kind
> of interoperability problem with the Radius server?

Problem solved.

When you edit a WPA connection, and get to the end, and click on 
Advanced, and click on the EAP tab to set the parameters, the "Require 
client authentication" is ambiguous, as I mentioned. If you leave it 
unchecked, then when you try to connect, you get the error message 
saying that it "can't find a certificate to validate the server".

I then clicked Cancel, as it was "obvious" that connection had failed.

Wrong. The message is a comment only: if you click on OK it goes right 
ahead and connects just fine. This is suboptimal :-) client-server 
authentication with certificates (either way) is an option in WPA, as 
far as I understand it (which may not be far) and both should be 
checkable options in the EAP tab mentioned above:
Require client to authenticate server
Require server to authenticate client
That way you shouldn't get an error message box for something which 
isn't an error :-)

I had to set Manual Username (as I had guessed: I think this is the same 
thing that NetworkManager refers to as "Anonymous Identity"), but I also 
had to set the proxy manually to the IP address of the proxy server, as 
auto-detect doesn't seem to detect anything, and setting it to the cname 
of the proxy server doesn't seem to work either.

But it's working now, and very many thanks to everyone for their help.


More information about the maemo-users mailing list