×

Discussion Board

Results 1 to 9 of 9
  1. #1
    Registered User
    Join Date
    Apr 2007
    Posts
    6

    EAP config via OMA Client Provisioning

    I am using OMA Client Provisioning to configure WLAN access points via SMS configuration messages. I have everything working except for being able to set the configuration stuff for certain EAP types. In particular I would like to be able to configure the PEAP type, and inside that enable and configure MSCHAPV2.

    I have successfully configured the LEAP type (i.e. the username and password). Does anyone know the format of the XML document required for configuring the PEAP type?

    Detail of what I've tried

    I've been using the WLAN options specified here:
    http://member.openmobilealliance.org...R_CP-WLAN-.zip

    and I'm currently trying to configure an E60 (with 3.0633.09.04 firmware, the current latest). I'm using Kannel to send the SMS messages.

    The majority of the stuff in the above linked document works fine. I can create a WLAN AP using EAP-LEAP with the following XML snippet:

    Code:
            <characteristic type="NAPDEF">
                    <parm name="NAPID" value="NAP1"/>
                    <parm name="BEARER" value="WLAN"/>
                    <parm name="NAME" value="EAP wlan"/>
                    <characteristic type="WLAN">
                            <parm name="PRI-SSID" value="mywlan"/>
                            <parm name="NETMODE" value="INFRA"/>
                            <parm name="SECMODE" value="WPA"/>
                            <parm name="EDIT-SET" value=""/>
                            <characteristic type="EAP">
                                    <parm name="EAPTYPE" value="EAP-LEAP"/>
                                    <parm name="USERNAME" value="user"/>
                                    <parm name="PASSWORD" value="pass"/>
                            </characteristic>
                    </characteristic>
            </characteristic>
    But if I try to configure PEAP, based on the example XML in the OMA document, it doesn't work. It creates the access point, but none of the PEAP configuration options are set (they all have default values). The example XML is:

    Code:
    <characteristic type="NAPDEF">
      <parm name="NAPID" value="NAP1"/>
      <parm name="BEARER" value="WLAN"/>
      <parm name="NAME" value="MY WLAN"/>
      <characteristic type="WLAN">
        <parm name="PRI-SSID" value="MYWLAN"/>
        <parm name="NETMODE" value="INFRA"/>
        <parm name="SECMODE" value="WPA"/>
        <characteristic type="EAP">
          <parm name="EAPMETHOD" value="EAP-PEAP" />
          <parm name="VER-SER-REALM" value="1" />
          <parm name="CLIENT-AUTH" value="1" />
          <parm name="SES-VAL-TIME" value="10" />
          <parm name="CIP-SUIT" value="10" />
          <parm name="CIP-SUIT" value="11" />
          <parm name="PEAP-V0" value="1" />
          <characteristic type="CERT">
            <parm name="ISS-NAME" value="/CN=My Cert" />
            <parm name="CERT-TYPE" value="USER" />
            <parm name="SER-NUM" value="12345" />
          </characteristic>
          <characteristic type="CERT">
            <parm name="ISS-NAME" value="CN=Verisign" />
            <parm name="CERT-TYPE" value="CA" />
            <parm name="SER-NUM" value="12345" />
          </characteristic>
          <characteristic type="CERT">
            <parm name="ISS-NAME" value="/CN=My CA" />
            <parm name="CERT-TYPE" value="CA" />
            <parm name="SER-NUM" value="12345" />
          </characteristic>
        </characteristic>
        <characteristic type="EAP">
          <parm name="EAPMETHOD" value="EAP-MSCHAPV2" />
          <parm name="USERNAME" value="username" />
          <parm name="ENCAPS" value="EAP-PEAP" />
        </characteristic>
      </characteristic>
    </characteristic>
    I put valid values in for the certificate serial numbers, and I tried removing the certificate blocks altogether. I can't find any way of affecting any of the PEAP options. In particular the encapsulated MSCHAPV2 stuff doesn't appear on the phone, and changing the boolean PEAP-V0, PEAP-V1, PEAP-V2 values doesn't work either.

    So, if anyone has any ideas about provisioning connection settings that use EAP it would be great to hear anything. I've just about run out of ideas with my trial and error approach!

    Thanks in advance for any comments.

  2. #2
    Registered User
    Join Date
    Apr 2007
    Posts
    34

    Re: EAP config via OMA Client Provisioning

    Maybe it can't help but you need to:
    1. Read the file Client_Provisioning_Registration_v1_7.zip found on the Nokia web site. I hope you did this already.
    (http://www.forum.nokia.com/info/sw.n..._v1_7.zip.html)
    2. Bear in mind that proprietary fields leads to inability of some WBXML encoders to do the encoding of some fields correctly.
    (i.e. http://discussion.forum.nokia.com/fo.../t-105398.html)

    Have you tried NowSMS with the same SMS?

  3. #3
    Registered User
    Join Date
    Apr 2007
    Posts
    6

    Re: EAP config via OMA Client Provisioning

    Thanks for the reply.

    Unfortunately Client_Provisioning_Registration_v1_7.zip doesn't contain any information about WLAN configuration provisioning.

    I've read the thread you linked to, and have implemented the appropriate changes in Kannel, and SIP & VoIP provisioning is working perfectly for me.

    But of course there could be similar issues in the WLAN stuff. However, I'm not sure about this, since the majority of the WLAN stuff works with the XML tags left as text, and not converted to a WBXML number. I have tried adding further changes to Kannel to convert the WLAN tags to the WBXML values specified in OMA-DM-CP-2005-001R02-CR_CP-WLAN-.doc (the same place the values to make the SIP&VoIP link work were taken from). But using those WBXML values caused the provisioning of simple WLAN APs not to work!

    But maybe the PEAP stuff does need the tags converted to values, even though the rest of the WLAN stuff does not. More trial and error required, I guess!

    I haven't yet tried NowSMS. Thanks for suggesting that.

  4. #4
    Registered User
    Join Date
    Apr 2007
    Posts
    34

    Re: EAP config via OMA Client Provisioning

    You seems to have advanced more than me. You got my idea, what could be wrong and I think you have an idea what docs to search for.

    { "name", "PEAP-V0", 0x01, 0x60 }, /* OMA */
    { "name", "PEAP-V1", 0x01, 0x61 }, /* OMA */
    { "name", "PEAP-V2", 0x01, 0x62 }, /* OMA */
    Does this helps?

    P.S. We will be very happy if you contribute your work on Kannel & VoIP.
    Last edited by del_lover; 2007-06-25 at 16:24.

  5. #5
    Registered User
    Join Date
    Apr 2007
    Posts
    6

    Re: EAP config via OMA Client Provisioning

    I've just been trying a similar thing, but with different parameter names.

    I've been playing with the following XML, which I was hoping would create an AP that uses EAP-SIM encapsulated in EAP-PEAP.
    Code:
    <wap-provisioningdoc version="1.0">
    	<characteristic type="NAPDEF">
    		<parm name="NAPID" value="NAP1"/>
    		<parm name="BEARER" value="WLAN"/>
    		<parm name="NAME" value="EAP wlan"/>
    		<characteristic type="WLAN">
    			<parm name="PRI-SSID" value="mywlan"/>
    			<parm name="NETMODE" value="INFRA"/>
    			<parm name="SECMODE" value="WPA2"/>
    			<parm name="EDIT-SET" value=""/>
    			<characteristic type="EAP">
    				<parm name="EAPTYPE" value="EAP-PEAP"/>
    				<parm name="CIP-SUIT" value="10" />
    				<parm name="CIP-SUIT" value="11" />
    				<parm name="USERNAME" value="peapuser"/>
    				<parm name="PEAP-V0" value="1"/>
    			</characteristic>
    			<characteristic type="EAP">
    				<parm name="EAPTYPE" value="EAP-SIM"/>
    				<parm name="USERNAME" value="simuser"/>
    				<parm name="ENCAPS" value="EAP-PEAP"/>
    			</characteristic>
    		</characteristic>
    	</characteristic>
    </wap-provisioningdoc>
    This causes an AP to be created, but the EAP-SIM is not encapsulated in the EAP-PEAP. Instead EAP-SIM is enabled without any encapsulation. I.e. it has a tick by it in the first page of "EAP plug-in settings" (as does EAP-PEAP) and the username is set to the one in the XML ("simuser").

    Inside the EAP-PEAP configuration, the username is also set to that from the XML ("peapuser"). However the other parameters (CIP-SUIT, PEAP-V?) don't appear to make a difference - the values are left at their defaults.

    I modified Kannel to use 0x4b instead of "ENCAPS" in its message compiling, but that made things worse! It causes the entire SMS to be silently discarded by the phone. The same happened when I put in WBXML values for other WLAN parameters. This, combined with the fact that the username does get set, implies that either the device does not want WBXML values, or that the values published on the OMA website are not the values used by Nokia.

    I've also tried changing the order of parts of the XML, putting the ENCAPS in different places, putting the entire EAP-SIM block inside the EAP-PEAP block (rather than at the same XML nesting level), and a few other possible fixes. None of them worked

    I've posted a patch for my VoIP related Kannel mods to the thread you linked to earlier: http://discussion.forum.nokia.com/fo...4&postcount=16
    Last edited by henjam; 2007-06-25 at 18:16.

  6. #6
    Registered User
    Join Date
    Sep 2007
    Posts
    5

    Re: EAP config via OMA Client Provisioning

    Is there ANYONE who have successfully provisioned a Nokia S60 Series with WLAN settings with EAP-PEAP/EAP-MSCHAPV2 authentication?

    Do Nokia phones even support this through client provisioning?

    I think the example in the first post is from a OMA change request and it is definately not working.

  7. #7
    Registered User
    Join Date
    Apr 2007
    Posts
    6

    Re: EAP config via OMA Client Provisioning

    I have recently had it confirmed from Nokia that this is not currently possible in S60 - it is a known issue. To quote, "the different EAP types and especially combinations are not handled very well". It is apparently being "looked into" and will be fixed at some point in the future.

  8. #8
    Registered User
    Join Date
    Sep 2007
    Posts
    5

    Re: EAP config via OMA Client Provisioning

    Ah, that is a major blow to our plans. Thanks for letting me know.

  9. #9
    Registered User
    Join Date
    Apr 2007
    Posts
    29

    Re: EAP config via OMA Client Provisioning

    Quote Originally Posted by mammamia View Post
    Is there ANYONE who have successfully provisioned a Nokia S60 Series with WLAN settings with EAP-PEAP/EAP-MSCHAPV2 authentication?
    I'm not sure if this is what you need, but this EAP-PEAP/EAP-MSCHAPv2 works for me:
    Code:
    <?xml version="1.0"?>
    <!DOCTYPE wap-provisioningdoc PUBLIC "-//WAPFORUM//DTD PROV 1.0//EN"
    "http://www.wapforum.org/DTD/prov.dtd">
    <wap-provisioningdoc version="1.1">
    
    <characteristic type="NAPDEF">
        <parm name="NAPID" value="MyNapdefName"/>
        <parm name="BEARER" value="WLAN"/>
        <parm name="NAME" value="MyNapdefName"/>
        <characteristic type="WLAN">
          <parm name="PRI-SSID" value="MySSID"/>
          <parm name="NETMODE" value="INFRA"/>
          <parm name="SECMODE" value="WPA"/>
          <characteristic type="EAP">
            <parm name="EAPMETHOD" value="EAP-PEAP"/>
            <parm name="USERNAME" value="MyUserName"/>
            <parm name="PEAP-V0" value="1"/>
            <parm name="PEAP-V1" value="1"/>
          </characteristic>
    
          <characteristic type="EAP">
            <parm name="EAPMETHOD" value="EAP-MSCHAPV2"/>
            <parm name="USERNAME" value="MyUserName"/>
            <parm name="PASSWORD" value="MyPassword"/>
            <parm name="ENCAPS" value="EAP-PEAP"/>
          </characteristic>
        </characteristic>
      </characteristic>
    
    </wap-provisioningdoc>
    regards
    frodek
    Last edited by frodek; 2007-10-26 at 16:46.

Similar Threads

  1. OMA DM and OMA Over-The-Air Provisioning
    By saurabh.gupta in forum OMA DM/DS/CP
    Replies: 2
    Last Post: 2010-02-10, 21:56
  2. Replies: 28
    Last Post: 2009-05-07, 10:29
  3. OMA client provisioning SMS-binary example
    By cislsystems in forum OMA DM/DS/CP
    Replies: 1
    Last Post: 2003-12-24, 00:01
  4. OMA Client Provisioning Sample
    By koayst in forum OMA DM/DS/CP
    Replies: 0
    Last Post: 2003-09-18, 10:13

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×