Setting up Photon/P1 on WPA Enterprise (0.7.0)

Firmware
22

1006, 1024, 1025 are all WICED-specific error codes which can be found in wwd_constants.h header file.

Judging by NETWORK_NOT_FOUND and NOT_AUTHENTICATED, you could be in an area with poor signal. As @BDub has already suggested, I would appreciate you trying to connect in a different location.

INVALID_JOIN_STATUS (1025) is the most troubling, and I’ve personally seen it a few times, however we are not sure what causes it. It would greatly help if you could provide some additional information on your environment. Something like verbose output from wpa_supplicant on your Ubuntu machine could provide some insight into it.

2 Likes
23

I’m currently not working at the project, but I tried a few things:

  • Setup Mode: No difference, getting the same error message from WICED SDK
  • Different Locations: No difference, the signal strength is at it’s best from all tested locations
  • SetOuterIdentity commented out: No difference (in code as well as in the setup tested without anything enterd)

I rechecked the settings i made in ubuntu, all given data is correct. I hope you can manage to find what’s going on there.

1 Like
24

I did some additional testing with Windows NPS server, which probably does the authentication for your CampusWLAN.

  1. By default NPS uses outer identity as the username, so your outer identity needs to match identity (inner identity).
  2. Photon does not support Microsoft Secured password (EAP-MSCHAP v2), so this will only work if NPS is configured with Protected EAP (PEAP) and MSCHAPv2 enabled.
    Screenshot from 2017-08-23 19-41-48.png736×609 15.9 KB

My suggestion is to try setting outer identity to your username and seeing if that helps. Let me know whether it works for you!

2 Likes
25

@Visionary if you could try Andrey’s suggestions that would be very helpful, thanks!

27

Hi. I’m getting 1007 (not_keyed) errors when I try to join PEAP/MSCHAPv2 university network. Here are the things I’ve tried:

  • With username/password, no certificate
  • With username/password, with certificate
  • With username/password, with outer identity matching username, no certificate
  • With username/password, with outer identity matching username, certificate

I’m doing the WiFI setup via particle serial wifi (with automatic scanning and detection). My office is right next to the access point. I occasionally get 1024 errors. Any suggestions?

1 Like
28

I’m having trouble connecting to a WPA2 enterprise network. Is this because WPA2 is not supported (the original post said that WPA enterprise was supported, but did not specify WPA2)? What’s the best way to troubleshoot this? @Visionary, how do I find the log information you posted?

Thanks,
Dan

29

Hi @daniel-ohz WPA/WPA2 Enteprise is supported.

You can enable logging output over USB by adding this global command:

SerialLogHandler logHandler(115200, LOG_LEVEL_ALL);

Or over the TX pin:

Serial1LogHandler logHandler(115200, LOG_LEVEL_ALL);

Another good way to debug, is to watch the logging output from the authentication server, but you probably don't have access to that in a non-test environment.

Post your setup logs here (with secrets removed/******) and we can help you from that end as well.

30

How do I enter global commands? Is this something that I add to the sketch, or something I type into the particle command line interface, or something else?

And if the logging output happens over USB, where do I see the output?

-Dan

31

Checking the docs is hardly ever a bad idea :wink:
https://docs.particle.io/reference/firmware/electron/#log-handlers

32

In the sketch, you can see an example of where as @Moors7 linked to.

Monitor the output with the Particle CLI or your Serial client of choice. CLI command:

particle serial monitor

33

I can connect my Particle Photon to the internet at home (normal wifi), but not at work (WPA-2 enterprise wifi). In order to add the serial log handler to my program at work, where I can test it, I need to be able to update the firmware. So I’m trying to flash a program via the command line interface.

I just tried to follow the CLI-firmware example:
https://docs.particle.io/guide/tools-and-features/cli/photon/

  1. Put device in listening mode
  2. Saved code to blinky.ino file
  3. Typed “particle flash freezer_watcher blinky.ino” at the command line (note: freezer_watcher is the name of my Photon)
  4. And then I got the following error message (copied below).

Any ideas?

Thanks,
Dan

C:\Users\Dan…\blinky>particle flash freezer_watcher blinky.ino
Including:
blinky.ino
attempting to flash firmware to your device freezer_watcher
Flash device failed.
Processing blinky.ino
make -C …/modules/photon/user-part all
make[1]: Entering directory '/firmware/modules/photon/user-part’
make -C …/…/…/user
make[2]: Entering directory '/firmware/user’
Building cpp file: blinky.cpp
Invoking: ARM GCC CPP Compiler
mkdir -p …/build/target/user/platform-6-m
arm-none-eabi-gcc -DSTM32_DEVICE -DSTM32F2XX -DPLATFORM_THREADING=1 -DPLATFORM_ID=6 -DPLATFORM_NAME=photon -DUSBD_VID_SPARK=0x2B04 -DUSBD_PID_DFU=0xD006 -DUSBD_PID_CDC=0xC006 -DSPARK_PLATFORM -g3 -gdwarf-2 -Os -mcpu=cortex-m3 -mthumb -DINCLUDE_PLATFORM=1 -DPRODUCT_ID=6 -DPRODUCT_FIRMWARE_VERSION=65535 -DUSE_STDPERIPH_DRIVER -DDFU_BUILD_ENABLE -DSYSTEM_VERSION_STRING=0.6.2 -DRELEASE_BUILD -I./inc -I…/wiring/inc -I…/system/inc -I…/services/inc -I…/communication/src -I…/hal/inc -I…/hal/shared -I…/hal/src/photon -I…/hal/src/stm32f2xx -I…/hal/src/stm32 -I…/hal/src/photon/api -I…/platform/shared/inc -I…/platform/MCU/STM32F2xx/STM32_USB_Host_Driver/inc -I…/platform/MCU/STM32F2xx/STM32_StdPeriph_Driver/inc -I…/platform/MCU/STM32F2xx/STM32_USB_OTG_Driver/inc -I…/platform/MCU/STM32F2xx/STM32_USB_Device_Driver/inc -I…/platform/MCU/STM32F2xx/SPARK_Firmware_Driver/inc -I…/platform/MCU/shared/STM32/inc -I…/platform/MCU/STM32F2xx/CMSIS/Include -I…/platform/MCU/STM32F2xx/CMSIS/Device/ST/Include -I…/dynalib/inc -I -I./libraries -I -I -I -I -I. -MD -MP -MF …/build/target/user/platform-6-mblinky.o.d -ffunction-sections -fdata-sections -Wall -Wno-switch -Wno-error=deprecated-declarations -fmessage-length=0 -fno-strict-aliasing -DSPARK=1 -DPARTICLE=1 -DSTART_DFU_FLASHER_SERIAL_SPEED=14400 -DSTART_YMODEM_FLASHER_SERIAL_SPEED=28800 -DSPARK_PLATFORM_NET=BCM9WCDUSI09 -fno-builtin-malloc -fno-builtin-free -fno-builtin-realloc -DLOG_INCLUDE_SOURCE_INFO=1 -DPARTICLE_USER_MODULE -DUSE_THREADING=0 -DUSE_SPI=SPI -DUSE_CS=A2 -DUSE_SPI=SPI -DUSE_CS=A2 -DUSE_THREADING=0 -DUSER_FIRMWARE_IMAGE_SIZE=0x20000 -DUSER_FIRMWARE_IMAGE_LOCATION=0x80A0000 -DMODULAR_FIRMWARE=1 -DMODULE_VERSION=4 -DMODULE_FUNCTION=5 -DMODULE_INDEX=1 -DMODULE_DEPENDENCY=4,2,108 -D_WINSOCK_H -D_GNU_SOURCE -DLOG_MODULE_CATEGORY="“app”" -fno-exceptions -fno-rtti -fcheck-new -std=gnu++11 -c -o …/build/target/user/platform-6-mblinky.o blinky.cpp
blinky.ino:1:1: error: stray ‘\357’ in program
// Copy me to blinky.ino
^
blinky.ino:1:1: error: stray ‘\273’ in program
blinky.ino:1:1: error: stray ‘\277’ in program
…/build/module.mk:267: recipe for target ‘…/build/target/user/platform-6-mblinky.o’ failed
make[2]: *** […/build/target/user/platform-6-mblinky.o] Error 1
make[2]: Leaving directory ‘/firmware/user’
…/…/…/build/recurse.mk:11: recipe for target ‘user’ failed
make[1]: *** [user] Error 2
make[1]: Leaving directory ‘/firmware/modules/photon/user-part’
…/build/recurse.mk:11: recipe for target ‘modules/photon/user-part’ failed
make: *** [modules/photon/user-part] Error 2

34

You've probably got some bad characters in that code by copying it. Try pasting it as plain text, and give it another shot?

35

I’m using a text editor (EditPad Pro), so if there were extra characters, I should be able to see them.

I did some research and it looks like the problem may be the character encoding. I was using UTF-8. I switched to Windows 1252: Western European and the problem with extra characters goes away. Now I’m getting a shorter error message, “Flash device failed. Request Timed Out”

I get the same problem when I try to flash tinker using the command “particle flash freezer_watcher tinker.” Could this be a problem with the 0.7.0 firmware? Is it possible my photon is in the wrong mode?

-Dan

36

@daniel-ohz, put the Photon in Safe mode and try flashing tinker again.

37

I talked to the people running my network and they have a special wifi network set up for devices that can’t handle WPA2-enterprise encryption. This network is unsecured, only allows registered MAC addresses and doesn’t broadcast its SSID. Theoretically this should avoid the whole problem with WPA2-enterprise.

I tried to set this up via the CLI, but it required that I choose an encryption type. I think this is a bug in the 0.7.0 firmware because when I downgraded to the 0.6.2 firmware, and tried to setup the unsecured network, it did not ask for encryption.

At one point I got a message saying the Tinker flash was successful, but then I got the following event status message
{“Event”:“spark/status/safe-mode”,“DeviceID”:“43004c000f51353532343635”,“Data”:"{“f”:[],“v”:{},“p”:6,“m”:[{“s”:16384,“l”:“m”,“vc”:30,“vv”:30,“f”:“b”,“n”:“0”,“v”:100,“d”:[]},{“s”:262144,“l”:“m”,“vc”:30,“vv”:30,“f”:“s”,“n”:“1”,“v”:108,“d”:[]},{“s”:262144,“l”:“m”,“vc”:30,“vv”:30,“f”:“s”,“n”:“2”,“v”:108,“d”:[{“f”:“s”,“n”:“1”,“v”:108,"":""}]},{“s”:131072,“l”:“m”,“vc”:30,“vv”:26,“u”:“B85EF4C0857A84EC62ADB2CC4321C1DDCF3D77AD04922C8403667A044B9234A9”,“f”:“u”,“n”:“1”,“v”:5,“d”:[{“f”:“s”,“n”:“2”,“v”:202,"":""}]},{“s”:131072,“l”:“f”,“vc”:30,“vv”:0,“d”:[]}]}",“Time”:“2017-11-01 15:22::36-0400”,“TTL”:60}

When I run “particle serial inspect” from the CLI, I noticed that my user module 1 has a dependancy fail
C:\Users\Dan…>particle serial inspect
Platform: 6 - Photon
Modules
Bootloader module #0 - version 100, main location, 16384 bytes max size
Integrity: PASS
Address Range: PASS
Platform: PASS
Dependencies: PASS
System module #1 - version 108, main location, 262144 bytes max size
Integrity: PASS
Address Range: PASS
Platform: PASS
Dependencies: PASS
System module #2 - version 108, main location, 262144 bytes max size
Integrity: PASS
Address Range: PASS
Platform: PASS
Dependencies: PASS
System module #1 - version 108
User module #1 - version 5, main location, 131072 bytes max size
UUID: B85EF4C0857A84EC62ADB2CC4321C1DDCF3D77AD04922C8403667A044B9234A9
Integrity: PASS
Address Range: PASS
Platform: PASS
Dependencies: FAIL
System module #2 - version 202
empty - factory location, 131072 bytes max size

When I try to put it in safe mode, it shows magenta for a moment and then immediately starts blinking green.

I’m going to test things out on my home network this evening to make sure it still works there.

If anyone has any suggestions, I’m all ears.

-Dan

38

Are you trying this at home or work? You won't be able to do this at work until it's properly connected to your network.

particle flash freezer_watcher tinker

Now that I think about a bit, device side logs are not going to be super helpful unless you are using the wiring API to setup your device (i.e. WiFi.setCredentials(), etc..). Since you're probably not doing that, just show us what your CLI setup or Serial setup logs look like for WPA Enterprise setup.

39

I would like to follow your suggestion to “show us what your CLI setup or Serial setup logs look like for WPA Enterprise setup,” but I’m not sure where to begin.

  1. Does the device need to be connected to the internet, or can it be connected by USB?
  2. I can’t connect the serial monitor “particle serial monitor” until the device is in listening mode, and when I do, the device isn’t sending any serial data. If I reset the device, the serial connection is closed. I don’t understand how I can actually get data about the initial stages of wifi setup.

-Dan

40
  1. The device won't be connected to WiFi yet, and all credentials can be erased to start.
  2. You will only be able to see your debugging logs if you are running your user app (typically this will not be running when you are in Listening Mode) and trying to setup WPA Enterprise via WiFi.setCredentials() API. I would not suggest doing that at the moment, since setup over serial is easier (albeit more manual). It should be easier for us to debug what's going on. So no debugging code needed at the moment.

Please see the section above Setup the Photon/P1 in the Setting up a WPA2 Enterprise Test Environment with a local computer via Docker image tutorial:

You will of course choose one of the EAP types and substitute your own values for your Work network.

Is this how you've been trying to set it up already or have you been using a different method?

41

I did not set up the WPA2 test environment. I did my initial setup at home, on my unsecured network. Then I brought it to work and tried to connect to the WPA2-enterprise network using the CLI “particle serial wifi” command.

I think I may have broken my Photon. After upgrading the firmware to 0.7.0 rc3 and then reverting back to 0.6.2, now I can’t even connect to my home network.

-Dan

42

I went back to the 0.7.0 rc3 firmware and I can connect to my WPA2-personal secured network at home, however I can’t connect to my unsecured “guest” network via the CLI due to the firmware bug I mentioned previously (i.e. you are required to choose a “cipher type” for an unsecured network).

Interestingly, if I set up the photon using my phone, I can connect to my unsecured home network. I may try this at work tomorrow.

-Dan

-Dan