Search Discussions:
Advanced Search...
Welcome to Nokia Support Discussions! Here you can share advice and tips with thousands of other Nokia users around the world in English. Many Nokia employees also follow and participate in the discussions, see our guidelines for more information. Everyone can search and read the discussions, but to post your own question or reply to others, simply sign in with your Nokia account. If this is your first time here, you can choose an alias to represent you. And if you don't have a Nokia account yet, please register.
Reply

Re: wpa2 with n85

New Member
Posts: 3
Accepted Solution

wpa2 with n85

I am having trouble with configuring my N85 to connect to my school network with WPA2 secure connection.

 

So far I have tried

1)selecting the wpa2 using the wizard and keep getting an error, I am not even being asked my password.

2)contacted my network they suggested trying to use a packet geared towards iphones (downloaded the packet doesnt seem like it can be installed)

3) the network suggested that I enter the following settings manually:

    --  Use PEAP security type
    --  User your NetID & Active Directory (AD) Password
    --  Inner link security: Auto
    --  Token: None
    --  server certificate: thawte premium
    --  server subject: neauth1.cites.uiuc.edu
    --  server SAN: leave blank

How can I enter these configuration details I am having trouble finding wifi settings the wizard doesnt let me do anything and in the settings menu I cant get to wifi settings.

 

We also have another network without WPA2 but I need to setup the nokia vpn client for that(i have already installed it) The problem is I dont have policies installed and I cant seem to figure out how to enter specific settings for that either (for which I will post another topic)

Please use plain text.
Sage
Posts: 134

Re: wpa2 with n85

If you are trying to access WPA/WPA2-EAP authenticated networks via "wizard" I think it tries to enable EAP-SIM and EAP-AKA authentication methods by default. This probably why your connection attempts against the WLAN network that requires EAP-PEAP authentication are failing.

 

You can create / edit your WLAN connection methodd (IAPs) manually e.g. in a following manner:

 

1. Go to Tools -> Settings -> Connection -> Network Destinations

2. Check if wizard had already managed to create IAP named as your WLAN SSID (=WLAN network name). If so then it's most likely under "Internet" destination.

3. If you can see existing IAP named as your WLAN SSID then you can Edit that one. (skip to 7)

4. If you don't see any existing IAPs that are named like your WLAN SSID then go to the desired "Destination" (e.g. Internet) and select Options -> Add Connection Method.

5. Assuming you are in the coverage area of your WLAN network you can let phone "Automatically check for connection methods" (i.e. scan available WLAN networks) and you should be able to select the correct WLAN network name (SSID) from the list. Once you have selected the WLAN network your "Destination" should now have been added with new Connection Method (IAP) named as your WLAN SSID. Note that at this point the particular connection method is still "incorrectly" configured (EAP-SIM & EAP-AKA enabled) for your purposes.

6. Now you should manually Edit your new connection method (IAP) with required PEAP settings.

 

7. Edit / ensure following WLAN settings manually from your connection method (IAP):

 

- "Connection name" defaults to name of your WLAN SSID but you can also change this if you wish

- "Data Bearer" naturally needs to be "Wireless LAN"

- "WLAN network name" should match your WLAN network's SSID exactly (do not edit)

- "Network status" Public (if your WLAN network would be configured to hidden mode then set this to "Hidden" )

- "WLAN network mode": Infrastructure

- "WLAN Security mode": WPA/WPA2

 

=> Go to "WLAN security settings"

- Ensure that "WPA/WPA2 mode is set to "EAP"

- Leave "WPA-2 Only mode" to "Off" unless you are absolutely sure that your WLAN network is configured to stricly pure WPA2 mode (i.e. network might be supporting both WPA and WPA2 security thus enabling WPA-2 Only mode on the phone will cause your connection attempts to fail)

 

=> Go to "EAP plug-in configuration"

- Enable "EAP-PEAP" and make sure that "EAP-SIM" and "EAP-AKA" are disabled (via Options -> Disable)

 

=> Select "Configure" for EAP-PEAP authentication method

 

- Leave "Personal Certificate" to "Not defined"

- Select "Thawte Premium Server CA" as an "Authority certificate"

- Set "User name in use" to "User defined" (since there is no Personal Certificate where it could be read automatically)

- Enter your username (NetID) to "Username" field

- Set "Realm in use" to "User defined" and leave following "Realm" field empty.

- Note that in case your username (NetID) contains the realm (i.e. format is username@realm ) then you can enter realm part of your ID to "Realm" field and enter only the username part to the "Username" field.
- Configure "Allow PEAPv0" to Yes

- Configure both "Allow PEAPv1" and "Allow PEAPv2" to "No"

 

=> Go to "EAP's" tab to configure inner authentication method for the PEAP (go right on the joystick)

- Enable "EAP-MSCHAPv2" authentication method and Disable all other methods

- Select "Edit" for the EAP-MSCHAPv2

- Enter you username (NetID) to "User name" field

- Configure "Prompt password" to No or Yes depending on whether you want password to be prompted everytime you make an connection or if you prefer "saving" your password to following "Password" field beforehand so that it won't be prompted during the PEAP/EAP-MSCHAPv2 authentication process.

- If you you selected "No" to password prompting then enter your password to "Password" field.

 

=> Exit the connection method configuration with "Back" (several times) and you should be good to go and give this new PEAP-EAPMSCHAPv2 configured WLAN connection method a try.

 

If needed you can also change the priority order of the connection methods within a "Destination" since your new connection most likely ended up being lowest priority WLAN connection within your Internet destination (or whatever Destination you created this new PEAP WLAN connection method to).

 

Please note that these instructions are an example (somewhat guess) based on the your description of the network settings. There are some uncertainties like what is the "inner" PEAP authentication method supposed to be since your description says "Auto".

 

Typically PEAP is used with EAP-MSCHAPv2 or EAP-GTC inner authentication methods so you might have to try swithing to EAP-GTC in case above mentioned EAP-MSCHAPv2 does not seem to work. Note that you might also have to try changing "PEAPv1" to "Allowed" especially if you select EAP-GTC as an inner authentication method for PEAP.

 

Another uncertainty is related to the "Authority Certificate". Your N85 probably already contains pre-installed "Thawte Premium Server CA" certificate but it's not possible to say for sure whether this pre-installed Thawte CA root certificate is the correct one to be used on your particular WLAN network. Most likely it is OK but if in doubt you could try consulting your network administrators if they are able to provide you the correct Authority CA certicate in "X.509 DER" encoded binary file format so that you can install it on your N85 and select it from the PEAP settings instead of the preinstalled Thawte Premium CA certificate.

 

 

Please use plain text.
New Member
Posts: 3

Re: wpa2 with n85

Thanks a lot, the settings worked perfectly and you were right about the certificate choice, I did not need to install any additional certificates. I dont think think I could've managed this if your answer wasnt as detailed as this one.

Please use plain text.
Registered Member
CuajuCun
Posts: 2

Re: wpa2 with n85

I followed just like what you had said, and my phone would just keep saying "WLAN not found" after like a min "Connecting." So, I have no idea. It is weird because I worked it out perfectly before with my Nokia 5800 XM, but not this N85. Still the same school network, just different phones. I even tried putting my NetID both with & without the "realm" (the @blah.blah) on the username thing. Any thoughts on how to fix it? Thanks!

Please use plain text.
Registered Member
CuajuCun
Posts: 2

Re: wpa2 with n85

Never mind. I just figured it out myself. Seems like my school network was something like "Equifax watev" insteada "Thawn watev." So yeah, I'm happy now :smileyhappy: Please disregard my other post.

Please use plain text.