8320, WPA-TKIP, PEAP and no certificate?
My office WLAN is set up as follows:
Cisco AP-1200 b/g 802.1x via PEAP, WPA TKIP, MS-CHAPv2. I do not require client certificates, and windows clients do not require a server certificate. I set up my 8320 as follows: Security Type: PEAP username: I tried username, and domain\username password: my password CA Certificate: None Selected (also tried selecting a random one) Inner Link Security: EAP-MSCHAP-V2 Token: None Selected Server subject: I have no idea what this is Server SAN: I have no idea what this is... It doesn't work. All my other clients are configured similarly but the BB won't connect and it claims "incorrect credentials". The AP's log merely states invalid authentication. There is no entry in the IAS server, because this seems to be hanging up at the authentication between the client and AP radios, not actual USER authentication. It seems like I need to be able to specify WPA-TKIP in addition to PEAP, but I don't seem to be able to do so.... Any hints? |
You probably need to use the Certificate Sync to transfer the appropriate .cer certificate file to your Blackberry. I had to do the same thing to get mine to login correctly with the work wireless.
|
Quote:
|
What I meant to communicate in my first post is that my 802.1x implementation does not require a server or client certificate. It works fine with windows clients, you just don't configure that portion of the wireless settings. Apparently the Blackberry requires it??
|
Wirelessly posted (BlackBerry8320/4.2.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100)
Oh I understood you and I have the same exact problem I was wondering if the second poster could elaborate some more he seem to have it working |
have you resolved this problem?
|
I figured out a solution, I set up the BB to connect using LEAP instead of PEAP and it works just fine. I am shocked and happy at the same time.
|
Thanks, this fix worked for me as well!
:smile: You are the man!
|
Quote:
|
I'm having the exact same issue as the topic starter:
Device: BlackBerry 8820 Network: WPA Enterprise 802.1x through PEAP, using EAP-MS-CHAP v2 with password based authentication However, no certificate is required. It seems like the blackberry is attempting to authenticate the certificate anyway... which I'm not quite sure what to do about because there's no "do not verify certificate" like there is in Windows/Linux (wpasupplication) Our AP is not broadcasting another/same SSID with LEAP -- so the above suggested isn't working for me. I think these topics are related: PEAP using the same with a certificate has issues: http://www.blackberryforums.com/wifi...p-support.html Possibly the same issue on the ATT forums: Re: Wi fi conncetion problem with 8820 - RIM BlackBerry - Wireless Forums from AT&T Any further ideas? :? |
Quote:
|
Quote:
|
I have exactly the same problem (with similar configuration), it is a client of mine so I can't really bother their IT with setup/test request/questions :-(
The LEAP workaround is not working for me either. Did anyone get their IT to contact RIMM for suggestions? Obviously the carrier won't care much but a BES admin with WiFi users might get better treatment directly from RIMM. Thanks! Ix. |
Still no resolution for me. I even went so far as to add my domain controller's certificate via the certificate sync plugin for BBDM but even with a valid trusted server certificate installed on the BB, I still cannot get this to work.
The LEAP workaround did not work for me. The problem appears to be at the association level, not authentication. |
When I connected to the wireless network at work, I needed to add the certificate to my Blackberry. What certificate? Whatever certificate was sent when I connected using my Apple MacBook Pro laptop.
I'm not sure if it's the same with yours, but when I connected using my laptop, it asked to verify the certificate, and saved it in my keychain. Maybe with Windows and Linux, it saves it automatically and uses it, even if you do nothing to accept it. Before transferring the certificate manually, it kept failing and I thought my account was disabled. Are you absolutely sure no certificate is transferred? |
Same Issue
I'm having the same problem. My company uses WPA with TKIP. They do require a certificate. I've got the certificate in my phone. I've talked to the IT guy for how to set it up. I've entered the proper user name, password and the certificate they gave me. I get is W010: Wifi Association Failed.
Any ideas? Is there a way to get more error information from the phone? |
Quote:
|
Quote:
|
Correct me if I'm wrong, but PEAP uses Server side public key certificates in its authentication process because it sets up an SSL tunnel during the authenticaion process. So if you are using PEAP, you must have a certificate on there
When syncronising certificates, you have to manually tick the certificates you want to sync because by default they are switched off. Perhaps your certificates were pushed by group policy. You need the trusted root and intermediate certificates. |
Quote:
|
All times are GMT -5. The time now is 05:34 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.