Side-Note that I wanted to mention about the wlan profiles in Android 10 and Android 11. At least in several of the devices I've had, there's a GUI defect where if you view a saved WLAN Profile – it’ll appear that the certificate settings have reverted back to “System Settings” – which can be a nuisance for two reasons. One being no visual distinction for end user that the profile is actually enforcing CA restrictions or the perception that the wlan profile isn’t configured correctly - https://issuetracker.google.com/issues/157535154 Christopher Johnson Wireless Network Engineer Office of Technology Solutions | Illinois State University (309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on Facebook<https://www.facebook.com/ISUITHelp/> and Twitter<https://twitter.com/ISUITHelp> -----Original Message----- From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Hunter Fuller Sent: Tuesday, September 22, 2020 1:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise [This message came from an external source. If suspicious, report to ab...@ilstu.edu<mailto:ab...@ilstu.edu>] Tim, We use CAT but we had to develop those instructions because CAT on Android is very, very difficult for non-technical users. I guess we will have to revise them. Unfortunately it does not appear that the OP's institution is a member of eduroam, so CAT won't help them in any case. -- Hunter Fuller (they) Router Jockey VBH Annex B-5 +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering On Tue, Sep 22, 2020 at 1:22 PM Tim Cappalli <00000194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: > > You can only install a CA from inside the Settings now to prevent users from > unintentionally installing a malicious root. > > Assuming you don't have a commercial supplicant provisioning platform, why > not just use the CAT tool? > > tim > ________________________________ > From: The EDUCAUSE Wireless Issues Community Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Hunter Fuller > <hf0...@uah.edu> > Sent: Tuesday, September 22, 2020 14:15 > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Android 11 and > WPA-Enterprise > > Try these instructions. We had one Android 11 user report that they > work. You will obviously need a copy of your institution's > certificate. > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fuah.teamdynamix.com%2FTDClient%2F2075%2FPortal%2FKB%2FArticleDet%3FID%3D84342&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684306020&sdata=2NjMMbhReWpbYGQk3pN6xNF%2BsxHpUnDSm1RTm5reIxQ%3D&reserved=0 > > -- > Hunter Fuller (they) > Router Jockey > VBH Annex B-5 > +1 256 824 5331 > > Office of Information Technology > The University of Alabama in Huntsville > Network Engineering > > On Tue, Sep 22, 2020 at 12:10 PM Fishel Erps > <00000030ecf871d2-dmarc-requ...@listserv.educause.edu> wrote: > > > > Tim, > > > > We use: > > > > EAP Method = PEAP > > Phase 2 = MSCHAPv2 > > CA Certificate = Unspecified > > Identity = [username] > > Password = [password] > > > > The credentials trigger the return of a filter-ID from the RADIUS server to > > the controller, which the controller then uses to put the user into a VLAN. > > > > Some android devices that are running version 11 no-longer have an option > > of “unspecified” under CA Certificate, and none of the other choices seem > > to work. > > > > > > > > > > __________________________________ > > __________________________________ > > > > Fishel Erps, > > Sr. Network & Infrastructure Engineer > > School of Visual Arts > > 136 W 21st St., 8th Floor > > New York, NY, 10011 > > LL: 212-592-2416 > > E: fe...@sva.edu > > _______________________________ > > > > Please excuse any typographical > > errors as this e-mail has been sent > > from my mobile device > > _______________________________ > > > > > > On Sep 22, 2020, at 12:04, Tim Cappalli > > <00000194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: > > > > > > Can you please provide some basic details? > > > > What exactly is "broken"? > > Which EAP method? > > Which credential type? > > How is/was the supplicant provisioned? > > Are only new devices affected or just upgraded devices? > > > > ________________________________ > > From: The EDUCAUSE Wireless Issues Community Group Listserv > > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Fishel Erps > > <00000030ecf871d2-dmarc-requ...@listserv.educause.edu> > > Sent: Tuesday, September 22, 2020 12:02 > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > > Subject: [WIRELESS-LAN] Android 11 and WPA-Enterprise > > > > Hi, > > > > v11 seems to have broken credential authentication for RADIUS and > > WPA2-Enterprise/802.1x. > > > > Has anyone found a workaround? > > > > > > > > __________________________________ > > __________________________________ > > > > Fishel Erps, > > Sr. Network & Infrastructure Engineer > > School of Visual Arts > > 136 W 21st St., 8th Floor > > New York, NY, 10011 > > LL: 212-592-2416 > > C: 347-539-6380 > > E: fe...@sva.edu > > _______________________________ > > > > Please excuse any typographical > > errors as this e-mail has been sent > > from my mobile device > > _______________________________ > > > > ********** > > Replies to EDUCAUSE Community Group emails are sent to the entire community > > list. If you want to reply only to the person who sent the message, copy > > and paste their email address and forward the email reply. Additional > > participation and subscription information can be found at > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684306020&sdata=5R4mqpUD8YmQ%2BkaPMmmAwsxkYJ4EmCxmQG8%2B6EkBjIQ%3D&reserved=0 > > > > ********** > > Replies to EDUCAUSE Community Group emails are sent to the entire community > > list. If you want to reply only to the person who sent the message, copy > > and paste their email address and forward the email reply. Additional > > participation and subscription information can be found at > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684306020&sdata=5R4mqpUD8YmQ%2BkaPMmmAwsxkYJ4EmCxmQG8%2B6EkBjIQ%3D&reserved=0 > > > > ********** > > Replies to EDUCAUSE Community Group emails are sent to the entire community > > list. If you want to reply only to the person who sent the message, copy > > and paste their email address and forward the email reply. Additional > > participation and subscription information can be found at > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684306020&sdata=5R4mqpUD8YmQ%2BkaPMmmAwsxkYJ4EmCxmQG8%2B6EkBjIQ%3D&reserved=0 > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation and subscription information can be found at > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684316016&sdata=%2F9vP4epsKrkE7HfHN8fhWdMDwCugGLcA%2FSRk3v6xVE8%3D&reserved=0 > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation and subscription information can be found at > https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community