Tim, Do you have a few minutes for a phone call? Could you please send me a number where I can reach you?
__________________________________ __________________________________ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts <x-apple-data-detectors://0/1>136 W 21st St., 8th Floor <x-apple-data-detectors://0/1> <x-apple-data-detectors://0/1>New York, NY, 10011 <x-apple-data-detectors://0/1> LL: 212-592-2416 C: 347-539-6380 E: [email protected] _______________________________ Please excuse any typographical errors as this e-mail has been sent from my mobile device _______________________________ On Sep 23, 2020, at 09:09, Tim Cappalli < [email protected]> wrote: You should avoid using a public CA issued web server certificates for an EAP server identity wherever possible. But to directly answer your question, yes, you'd select Use System Certificates and set the subject name. ------------------------------ *From:* The EDUCAUSE Wireless Issues Community Group Listserv < [email protected]> on behalf of Tariq Adnan < [email protected]> *Sent:* Tuesday, September 22, 2020, 22:04 *To:* [email protected] *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Hi Tim, How about choosing “use system certificate”, provided the CA cert is a valid public cert (QuoVadis CA) and in default certificate store of Android? Thanks, *From:* The EDUCAUSE Wireless Issues Community Group Listserv < [email protected]> *On Behalf Of *Fishel Erps *Sent:* Wednesday, 23 September 2020 5:17 AM *To:* [email protected] *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Tim, Thank you. This was extremely helpful. __________________________________ __________________________________ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 E: [email protected] _______________________________ Please excuse any typographical errors as this e-mail has been sent from my mobile device _______________________________ On Sep 22, 2020, at 15:13, Tim Cappalli < [email protected]> wrote: Fishel - as an aside, if the configuration guidance to users has been to ignore the EAP server identity or configure their devices to not validate it and the credential used for Wi-Fi is their primary password, I highly recommend you issue an organization-wide password reset as all of those credentials may have been compromised. ------------------------------ *From:* The EDUCAUSE Wireless Issues Community Group Listserv < [email protected]> on behalf of Felix Windt < [email protected]> *Sent:* Tuesday, September 22, 2020 15:10 *To:* [email protected] <[email protected] > *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise https://www.eduroam.org/configuration-assistant-tool-cat/ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2FH83ZCk81N9t2QxV6f2CKrv%3Fdomain%3Deduroam.org%2F&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554596634&sdata=pdW1tfy9ba96gP3PYEFJVCBsTneUnVhbNvx0DmbaVcs%3D&reserved=0> thx, felix *From: *The EDUCAUSE Wireless Issues Community Group Listserv < [email protected]> on behalf of Patrick Mauretti < [email protected]> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv < [email protected]> *Date: *Tuesday, September 22, 2020 at 3:02 PM *To: *"[email protected]" < [email protected]> *Subject: *Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Okay I’ll bite. What’s the CAT tool you mentioned? Link? -Patrick *From:* The EDUCAUSE Wireless Issues Community Group Listserv < [email protected]> *On Behalf Of *Floyd, Brad *Sent:* Tuesday, September 22, 2020 3:00 PM *To:* [email protected] *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise *CAUTION:* This email originated from outside of Massasoit. Do not click links or open attachments unless you recognize the sender and know the content is safe. Fishel, We have run into this on some versions of Android OS and the solution that works for us is to import our CA’s root certificate into the device. Once we import the root certificate and select it during the profile setup, the connection is established. Thanks, Brad *From:* The EDUCAUSE Wireless Issues Community Group Listserv [ mailto:[email protected] <[email protected]>] *On Behalf Of *Fishel Erps *Sent:* Tuesday, September 22, 2020 12:10 PM *To:* [email protected] *Subject:* Re: [WIRELESS-LAN] Android 11 and WPA-Enterprise Tim, We use: EAP Method = PEAP Phase 2 = MSCHAPv2 CA Certificate = Unspecified Identity = [username] Password = [password] The credentials trigger the return of a filter-ID from the RADIUS server to the controller, which the controller then uses to put the user into a VLAN. Some android devices that are running version 11 no-longer have an option of “unspecified” under CA Certificate, and none of the other choices seem to work. __________________________________ __________________________________ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-241 <212-592-2416>6 E: [email protected] _______________________________ Please excuse any typographical errors as this e-mail has been sent from my mobile device _______________________________ On Sep 22, 2020, at 12:04, Tim Cappalli < [email protected]> wrote: Can you please provide some basic details? - What exactly is "broken"? - Which EAP method? - Which credential type? - How is/was the supplicant provisioned? - Are only new devices affected or just upgraded devices? ------------------------------ *From:* The EDUCAUSE Wireless Issues Community Group Listserv < [email protected]> on behalf of Fishel Erps < [email protected]> *Sent:* Tuesday, September 22, 2020 12:02 *To:* [email protected] <[email protected] > *Subject:* [WIRELESS-LAN] Android 11 and WPA-Enterprise Hi, v11 seems to have broken credential authentication for RADIUS and WPA2-Enterprise/802.1x. Has anyone found a workaround? __________________________________ __________________________________ Fishel Erps, Sr. Network & Infrastructure Engineer School of Visual Arts 136 W 21st St., 8th Floor New York, NY, 10011 LL: 212-592-2416 C: 347-539-6380 E: [email protected] _______________________________ Please excuse any typographical errors as this e-mail has been sent from my mobile device _______________________________ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2F9eyUCmO5gluynOwKcBW6Eq%3Fdomain%3Dnam06.safelinks.protection.outlook.com&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554596634&sdata=9ZUtxXtz6yQhJzz9gAe3lUIOz4hxM%2FGbyvlJgUI8C28%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2F2h4LCnx1jni9o80qIZAiSQ%3Fdomain%3Dnam06.safelinks.protection.outlook.com&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554606590&sdata=0Epq7rRqbnBaT40m6CXWsZQKnk00KnMnbmEBBy%2B6%2Bgk%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2FQTpYCoV1kpf2zONLfOPr_n%3Fdomain%3Dnam06.safelinks.protection.outlook.com&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554606590&sdata=z2AApCVNtgU09mvExaBhPW6aySqA6AcZDj4pHB06k18%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2FIQcDCp81lrt48YrNU2N_Nk%3Fdomain%3Dnam06.safelinks.protection.outlook.com&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554606590&sdata=34WZZmjKkMMq9U4SAhW%2BhxH5akj%2FSS%2FFmJh0HuW4kNw%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2FxjJ-Cq71mwfY5qAPsqhtoX%3Fdomain%3Dnam06.safelinks.protection.outlook.com&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554616543&sdata=NkGBCJlqDwkeU%2BM5wSi5eAo5k%2FsvuhNBeDRDhUrUGJs%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2FAkVfCr81nytQvgK0cQBypO%3Fdomain%3Dnam06.safelinks.protection.outlook.com&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554616543&sdata=cl0Soytk5ka%2BEqfGuTEAWPPyg%2BWOUKbKpPi3yalYokE%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2FyN_fClx1NjiRZQJ5c9NNh4%3Fdomain%3Deducause.edu&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554626505&sdata=ws7jjA7FlqdRbN1CQ07O8xU1DXCbE0UCWEYbhwgMnVc%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2FyN_fClx1NjiRZQJ5c9NNh4%3Fdomain%3Deducause.edu&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554626505&sdata=ws7jjA7FlqdRbN1CQ07O8xU1DXCbE0UCWEYbhwgMnVc%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Ce931942d792949012b0508d85f64f7ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637364234554626505&sdata=DxD5k8xsKiddHd0hrrivJeLlvXcVnfrNEKFJb1ANd5E%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
