You can only install a CA from inside the Settings now to prevent users from unintentionally installing a malicious root.
Assuming you don't have a commercial supplicant provisioning platform, why not just use the CAT tool? tim ________________________________ From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> on behalf of Hunter Fuller <[email protected]> Sent: Tuesday, September 22, 2020 14:15 To: [email protected] <[email protected]> Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Try these instructions. We had one Android 11 user report that they work. You will obviously need a copy of your institution's certificate. https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fuah.teamdynamix.com%2FTDClient%2F2075%2FPortal%2FKB%2FArticleDet%3FID%3D84342&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684306020&sdata=2NjMMbhReWpbYGQk3pN6xNF%2BsxHpUnDSm1RTm5reIxQ%3D&reserved=0 -- Hunter Fuller (they) Router Jockey VBH Annex B-5 +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering On Tue, Sep 22, 2020 at 12:10 PM Fishel Erps <[email protected]> wrote: > > Tim, > > We use: > > EAP Method = PEAP > Phase 2 = MSCHAPv2 > CA Certificate = Unspecified > Identity = [username] > Password = [password] > > The credentials trigger the return of a filter-ID from the RADIUS server to > the controller, which the controller then uses to put the user into a VLAN. > > Some android devices that are running version 11 no-longer have an option of > “unspecified” under CA Certificate, and none of the other choices seem to > work. > > > > > __________________________________ > __________________________________ > > Fishel Erps, > Sr. Network & Infrastructure Engineer > School of Visual Arts > 136 W 21st St., 8th Floor > New York, NY, 10011 > LL: 212-592-2416 > E: [email protected] > _______________________________ > > Please excuse any typographical > errors as this e-mail has been sent > from my mobile device > _______________________________ > > > On Sep 22, 2020, at 12:04, Tim Cappalli > <[email protected]> wrote: > > > Can you please provide some basic details? > > What exactly is "broken"? > Which EAP method? > Which credential type? > How is/was the supplicant provisioned? > Are only new devices affected or just upgraded devices? > > ________________________________ > From: The EDUCAUSE Wireless Issues Community Group Listserv > <[email protected]> on behalf of Fishel Erps > <[email protected]> > Sent: Tuesday, September 22, 2020 12:02 > To: [email protected] <[email protected]> > Subject: [WIRELESS-LAN] Android 11 and WPA-Enterprise > > Hi, > > v11 seems to have broken credential authentication for RADIUS and > WPA2-Enterprise/802.1x. > > Has anyone found a workaround? > > > > __________________________________ > __________________________________ > > Fishel Erps, > Sr. Network & Infrastructure Engineer > School of Visual Arts > 136 W 21st St., 8th Floor > New York, NY, 10011 > LL: 212-592-2416 > C: 347-539-6380 > E: [email protected] > _______________________________ > > Please excuse any typographical > errors as this e-mail has been sent > from my mobile device > _______________________________ > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation and subscription information can be found at > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684306020&sdata=5R4mqpUD8YmQ%2BkaPMmmAwsxkYJ4EmCxmQG8%2B6EkBjIQ%3D&reserved=0 > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation and subscription information can be found at > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684306020&sdata=5R4mqpUD8YmQ%2BkaPMmmAwsxkYJ4EmCxmQG8%2B6EkBjIQ%3D&reserved=0 > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation and subscription information can be found at > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684306020&sdata=5R4mqpUD8YmQ%2BkaPMmmAwsxkYJ4EmCxmQG8%2B6EkBjIQ%3D&reserved=0 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7a6227f7cbbf452acf5208d85f238224%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637363953684316016&sdata=%2F9vP4epsKrkE7HfHN8fhWdMDwCugGLcA%2FSRk3v6xVE8%3D&reserved=0 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
