×

Discussion Board

Results 1 to 4 of 4
  1. #1
    Registered User
    Join Date
    Nov 2008
    Posts
    2

    Connect to my school network. Algonquincollege

    Hi everybody,

    I have been reading about 40 web pages and it does not seem to help much. My school only support Windows XP & Vista. The IT guys are too busy to help me out. They were able to get the iphone on but... I own a Nokia N95 8g.

    To setup for windows XP
    - SSID AlgSecureWLAN
    - Network Authentication: WPA
    - Data Encryption: TRIP
    - Enable IEEE 802.1x
    - EAP type: Protected EAP (PEAP)
    - Secured password (EAP - MSCHAP V2
    - Hidden WLAN

    once all the setting is enter. It ask you to enter your user name, password and domain

    the domain is PERTH

    this is how the school setup their laptop.
    http://www.algonquincollege.com/its/...eless/PEAP.htm

    This is My setup
    Connection: AlgSecureWLAN
    Data bearer: Wireless LAN
    WLAN Network name: AlgSecureWLAN
    Network status: Hidden
    WLAN Network mode: Infrastructure
    WLAN security mode: 802.1x
    WLAN Security Settings:
    -WPA/WPA2 -EAP
    -EAP plug-in settings
    -EAP-PEAP(check)
    -personal certificate -Not defined
    -Authority certificate -Not defined
    -User name is use -User defined
    -User name -"my user name"
    -Realm in use -User defined
    -Realm - Perth.ad.algonquincollege.com
    -allow peap v0 v1 v2 "yes"
    -EAPS
    -EAP-MSCHPv2 (check and move to top)
    -User name - "my username"

    I do a search for Wireless LAN on the phone it show up two wireless lan.. Both say "AlgSecureWLAN" one with full signal strength the other one have one bar. The one with the full signal strength require a pre-shared key for WLAN(which the school don't use). The other one gave me an error saying "WLAN: EAP-PEAP authentication fail"
    I saw somewhere to be able to get TKIP working, you must turn WPA2 only mode "off". If I have WPA enable then it ask for a pre share key which the school do not use. Any clue???

  2. #2
    Registered User
    Join Date
    Nov 2008
    Posts
    4

    Re: Connect to my school network. Algonquincollege

    Hi,

    Your EAP-PEAP authentication attempt failed most likely because you have not defined a valid "Authority Certificate" in to your phones PEAP settings. Authority certificate is the one which has been used for singing the "Server Certificate" of the EAP authentication server on your WLAN network.

    It should be noted that in case of Nokia phones usage of PEAP (and TTLS) always requires that EAP authentication server presents a valid (trusted) "Server certificate" to phone during the authentication process. Phone will not allow PEAP or TTLS authentication to succeed without being able to validate identity of the EAP authentication server by checking that the authentications servers "Server certificate" is signed by the "Authority Certificate" which user has selected to be trusted for this particular WLAN connection profile (IAP).

    In practise this means that phone must be configured with a valid authority certificate (CA Root) and phone must be configured to trust to this CA certificate within the IAP's PEAP or TTLS settings for authentication to succeed.

    You can ask your WLAN network administrators which CA Root certificate has been used for signing your EAP authentication server's own server certificate and then either install that CA certificate on the phone's certificate manager and/or enable correct CA certificate on phone's PEAP settings in case appropriate CA Root sertificate happens to be one of the pre-installed CA certificates on the phone.

    Note that some other client side WPA implementations (e.g. MS XP/Vista, Odyssey PC client) may allow usage of TTLS or PEAP without client ever verifying the EAP authentication server's certificate. However allowing this type of authentication configuration pretty much invalidates the added security and whole point of using TTLS or PEAP tunneling for EAP authentication.

    Main purpose of TTLS and PEAP tunneling is to protect user's actual authentication credentials (e.g. Windows domain username and password) which will be transferred between client and authentication server on top of un-secure legacy authentication methods like MSCHAPv2.

    In case WPA client device would be allowed to reveal user's credentials to un-authenticated EAP authentication server this would create opportunity for man-in-the-middle type of attacks. Attacker could relatively easily gain access to user credentials e.g. by setting up a single rogue WLAN AP which contains built-in EAP authentication server functionality.

    Thus it's generally not good idea to run e.g. publicly "accessible" PEAP-EAP-MSCHAPv2 authenticated WLAN network in such a mode where client devices are not required to validate identity of the authentication server (via certificate check).

    For example NIST considers WLAN devices not validating the server certificate as an security vulnerability:

    http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1113

  3. #3
    Registered User
    Join Date
    Nov 2008
    Posts
    2

    Re: Connect to my school network. Algonquincollege

    Thanks for your reply.

    The reason I have to post my IT problem online is because my Algonquin college is a rip off. We pay for IT infrastructure and they don't even support my device. I am in a small college learning how to build houses. Their IT support goes as far as installing and reinstalling. This discussion board is my last hope to get wifi working. They do not have authority certificate, check out this link.. this is their setup. And yes their SSID is hidden and I don't think I am good enough to hack their network.

    I have setup the phone to connect to the network but it keep asking me for a pre-share key which is provided to you once you connect to their network, if that makes any sense.

    http://www.algonquincollege.com/its/...eless/PEAP.htm

    My current setting


    Connection: AlgSecureWLAN
    Data bearer: Wireless LAN
    WLAN Network name: AlgSecureWLAN
    Network status: Hidden
    WLAN Network mode: Infrastructure
    WLAN security mode: WPA/WPA2 -- this enables the WPA authentication
    WPA2 only mode: No -- this allows the phone to use TKIP and not just AES as data encryption

    WLAN Security Settings:
    -WPA/WPA2 - EAP
    -EAP plug-in settings
    -EAP-PEAP(check and move to top and disable others)
    -personal certificate -Not defined
    -Authority certificate -Not defined
    -User name is use -User defined
    -User name -"my user name"
    -Realm in use -User defined
    -Realm - Perth.ad.algonquincollege.com
    -allow peap v0 v1 v2 "yes"
    -EAPS
    -EAP-MSCHPv2 (check and move to top and disable others)
    -User name - "my username"
    -Ask password - No
    -Password - "my password"


    Quote Originally Posted by paskli View Post
    Hi,

    Your EAP-PEAP authentication attempt failed most likely because you have not defined a valid "Authority Certificate" in to your phones PEAP settings. Authority certificate is the one which has been used for singing the "Server Certificate" of the EAP authentication server on your WLAN network.

    It should be noted that in case of Nokia phones usage of PEAP (and TTLS) always requires that EAP authentication server presents a valid (trusted) "Server certificate" to phone during the authentication process. Phone will not allow PEAP or TTLS authentication to succeed without being able to validate identity of the EAP authentication server by checking that the authentications servers "Server certificate" is signed by the "Authority Certificate" which user has selected to be trusted for this particular WLAN connection profile (IAP).

    In practise this means that phone must be configured with a valid authority certificate (CA Root) and phone must be configured to trust to this CA certificate within the IAP's PEAP or TTLS settings for authentication to succeed.

    You can ask your WLAN network administrators which CA Root certificate has been used for signing your EAP authentication server's own server certificate and then either install that CA certificate on the phone's certificate manager and/or enable correct CA certificate on phone's PEAP settings in case appropriate CA Root sertificate happens to be one of the pre-installed CA certificates on the phone.

    Note that some other client side WPA implementations (e.g. MS XP/Vista, Odyssey PC client) may allow usage of TTLS or PEAP without client ever verifying the EAP authentication server's certificate. However allowing this type of authentication configuration pretty much invalidates the added security and whole point of using TTLS or PEAP tunneling for EAP authentication.

    Main purpose of TTLS and PEAP tunneling is to protect user's actual authentication credentials (e.g. Windows domain username and password) which will be transferred between client and authentication server on top of un-secure legacy authentication methods like MSCHAPv2.

    In case WPA client device would be allowed to reveal user's credentials to un-authenticated EAP authentication server this would create opportunity for man-in-the-middle type of attacks. Attacker could relatively easily gain access to user credentials e.g. by setting up a single rogue WLAN AP which contains built-in EAP authentication server functionality.

    Thus it's generally not good idea to run e.g. publicly "accessible" PEAP-EAP-MSCHAPv2 authenticated WLAN network in such a mode where client devices are not required to validate identity of the authentication server (via certificate check).

    For example NIST considers WLAN devices not validating the server certificate as an security vulnerability:

    http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1113

  4. #4
    Registered User
    Join Date
    Mar 2009
    Posts
    8

    Re: Connect to my school network. Algonquincollege

    I heard of lot of problems with IT infrastructure in colleges. Lot of them praise their services and their great infrastructure and then students can't use it because it's incompatible with many computers and devices. A friend of mine attends a construction college and they also had difficulties with the Internet there but fortunately the issues were resolved by the IT department. The only thing you can do is to contact the college board and put some pressure on them. Maybe then the IT department starts working on the issue.

Similar Threads

  1. Failed to connect a TCP client app with a server
    By abolfoooud in forum Symbian Networking & Messaging (Closed)
    Replies: 10
    Last Post: 2008-08-24, 07:47
  2. HTTS problem when connect to network from midlet
    By amipatel in forum Mobile Java Networking & Messaging & Security
    Replies: 2
    Last Post: 2008-07-31, 07:03
  3. how can i create AD HOC connection?
    By ts2000abc in forum General Development Questions
    Replies: 14
    Last Post: 2008-06-21, 21:52
  4. Setting Network in 3rd SDK
    By jawir212 in forum Symbian Tools & SDKs
    Replies: 0
    Last Post: 2006-06-08, 11:53
  5. connect to network failed?
    By jimever in forum Mobile Java Networking & Messaging & Security
    Replies: 1
    Last Post: 2006-03-29, 19:23

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×