Wireless WPA/TKIP/PEAP+MSCHAP problem
 

(Edit: 2010-06: my problem was solved, see settings below)

Why can't I select the certificates I installed wireless networking? It isn't showing up in the wireless connection settings.

I am trying to connect to my organization's wireless LAN, it uses WPA2/AES with PEAP + MSCHAPv2. I don't have much Linux or networking experience, so I apologize if I am making an obvious mistake:

These are the steps I took:

1. I downloaded the .pb7 certificate files, and saved them to a random folder on my Nokia N900.

2. I followed: http://talk.maemo.org/showthread.php...L+certificates. I used 'File Manager', clicked on the certificate to install, got the 'install certificate' window. I selected all the purposes (initially i tried just 'Wi-Fi', but it didn't show up in step 4 below, so i selected all the purposes, but it still doesn't show up in step 4).

3. I verified the certificates are installed through the "certificate manager" (under Applications -> Settings -> Certificate Manager). The certificates show up with all the purposes listed, so I think they are installed properly.

4. I tried to set up the WLAN using the instructions from http://wiki.maemo.org/PEAP%2BMSCHAPv2 (and Slocan's suggestions below). I used these settings:

• Network Mode: Infrastructure
• Security Method: WPA with EAP
• EAP Type: PEAP
• Select Certificate: NONE (no other options)
• EAP method: EAP MSCHAPv2
• User Name: domain\username (note: this was the problem, username@domain didn't work)
• Password: (password)
• Advanced settings - EAP: Use manual user name = Selected
• Advanced settings - EAP: Manual User Name = domain\username
• Advanced settings - EAP: Require Client Authentication = Unselected

Note that the certificate doesn't show up in the menu for 'Select Certificate'.

5. Connect to the wireless, but all I get is a 'Authentication Failed. Try Again?'

I think the problem is step 4. Why doesn't my certificate show up under the drop-down box for "Select Certificate"?

Thanks for any suggestions people might have.

... More info: My Mac pretty much automatically figures out the settings. I was given the Windows XP settings required:

• Network Authentication: WPA
• Data encryption: TKIP
• EAP type: Protected EAP (PEAP)
• Selected "Authenticate as computer when computer information is available".
• Select "Validate server certificate", and select the certificate to use.
• Authentication Method: Secured password (EAP-MSCHAP v2)
• Infrastructure mode only

Re: Wireless WPA/TKIP/PEAP+MSCHAP problem
 

I don't think you actually need to add the certificate in the connection settings. I'm in a similar setup at work. I added it, like you, through the file manager, as wifi certificate, and it seems to be picked up automatically, even when choosing None in the settings (prior to adding the certificate, I could connect as well, but getting a Certificate warning message).

I think your issue might be in how you entered the username. Make sure it is of the form username@domain . You also need to add it a 2nd time in the Advanced/EAP Settings screen, under Manual Username (and check the Use Manual Username checkbox).

Re: Wireless WPA/TKIP/PEAP+MSCHAP problem
 

Thanks for the suggestion, Slocan. I tried entering in the username@domain like you suggested, but it still gives an error (Authentication Error). I'll try playing with more settings and see if I can get it to work, let me know if you have more suggestions.

Re: Wireless WPA/TKIP/PEAP+MSCHAP problem
 

In most of cases you don't need certificates because if they was installed they will be automatically used. You can check installed certificates in Settings> Certificate manager.

Error could be because you use: username@domain.
In our network this is not working. I just need username. But in some networks it is necessary

Re: Wireless WPA/TKIP/PEAP+MSCHAP problem
 

This looks to be why I can't authenticate:
EAP[4407]: certman_main.cpp(174): ERROR Invalid certificate '/C=ES/ST=BARCELONA/L=BARCELONA/O=IPS Seguridad CA/OU=Certificaciones/CN=IPS SERVIDORES/emailAddress=ips@mail.ips.es'

That certificate is a recently expired CA certificate, that has absolutely nothing to do with anything I have ever tried to do.

Certificate "Manager" won't let you remove it. I've figured out that the certificate is at /etc/certs/common-ca/753f48bf4f8988704335de50c66f3b14e3f652fe.pem but moving that file just gets me a different error that it is unable to verify the file.

Re: Wireless WPA/TKIP/PEAP+MSCHAP problem
 

Oh wow, that's a useful error message. How did you find that? Where did you get this error message? Do i have to run in some type of developer mode to see these kinds of error reporting? I am not getting any useful error messages about why it is failing.

(... which is not surprising, I couldn't get my previous HTC/Windows Mobile device to connect either, with a similar lack of descriptive error messages, so I had zero expectations of this working...)

Re: Wireless WPA/TKIP/PEAP+MSCHAP problem
 

syslog.

First, you add the devtools repository:
http://wiki.maemo.org/Documentation/devtools/maemo5
Then you install rootsh and syslog from that repository. Reboot, try connecting.
Then, open up the X Terminal, and use this to gain root permissions
Things will be logged to /var/log/syslog
To print out messages relating to EAP:
That might miss things that are important, though. Viewing the full log from the terminal is inconvenient, so copy it into your documents folder as syslog.txt: (Keep in mind this is Linux so it's case sensitive)
And then you can look at it through the file manager, or hook it to your computer and copy it off.


And yeah, I could never get this set up on my E51. "Error: There was an error" style messages do not make things easy. I love these error messages- I'm just disappointed that maemosec appears to be closed source (I don't quite have everything figured out here so I'm not sure) so I can't figure out how to fix it myself.

Re: Wireless WPA/TKIP/PEAP+MSCHAP problem
 

I keep getting a "certificate expired" error message even though the certificate is valid til 2014. I gave up trying. Anyone else getting that?

Re: Wireless WPA/TKIP/PEAP+MSCHAP problem
 

Are you connecting to your home Wifi? or else where?

For Home Wifi - It's more likely the Router has something that the N900 cannot resolved. So reset the router to default factory setting and setting it up from little by little and connect it with N900.

This worked for me, in my case I can't get it to connect at all. It keep saying "......Failed, try again?" after reset router everything works

As for my University Wifi it has a bit of trouble some trying to connect as well. Keep saying "...Failed, try again?" but at one time I did a manual configuration editing it and it still say " ...Failed"..

So I keep trying and a few times later it works lol. It only work when I connect and then I go to Email. After it just say connected.

Weird.. but it work every time now. lol

Re: Wireless WPA/TKIP/PEAP+MSCHAP problem
 

Its my work WiFi. People with iPhones seem to connect fine (i hope iPhone worshippers arent reading this) so i didnt think it would be that difficult to get my n900 to work.

Maybe ill try looking at the syslogs and see if some other error is causing the "certificate expired" error im getting.