PEAP is not standardized and was not designed to be used outside a Windows AD-joined, GPO controlled environment.
I'm hoping Google's changes (very welcome IMO) and continued restrictions on Apple platforms will steer people away from legacy, deprecated protocols/EAP methods. tim On 8/7/18, 3:25 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Norman Elton" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of normel...@gmail.com> wrote: We've got an encrypted network with the classic PEAP + MSCHAPv2 combo, allowing users to connect with their domain credentials. We've shied away from onboarding tools like SecureW2, especially for student devices, as they seem more cumbersome than just having the user configure the connection properly the first time. Preparing for the fall, we've noticed that recent versions of Android make the process a little more cumbersome. It appears that 8.1 & 9.0 allow the user to validate the certificate by domain, which is great. Although the steps to get this setup are far from intuitive. 8.0 doesn't give that option, instead displaying a scary warning, "This connection will not be secure". The user is forced to go ahead with "do not validate certificate", leaving them open to leak their credentials to a rogue AP. Far from ideal. Theoretically, we could ask the user to trust the CA certificate in advance, and (hopefully) the warning message would go away. But I haven't gotten this to work. Is there a general consensus that these devices are better served with an onboarding tool that can accommodate the various flavors of Android? Or is there a recipe for a user to setup 802.1x securely (with some sort of certificate validation) on Android devices pre-8.1? Thanks, Norman Elton ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.