Setting up Photon/P1 on WPA Enterprise (0.7.0)

Just tried to get things working at work, and the Particle Android app crashes when I try to connect to an unsecured network with a hidden SSID.

I’d like to revert back to the 0.6.2 firmware, but last time I tried to reinstall it, things didn’t work. Should it be possible to revert from 0.7.0 to 0.6.2? Has anyone else done this successfully?

-Dan

Follow the instructions here: https://docs.particle.io/reference/firmware/photon/?fw_ver=0.6.2&cli_ver=1.22.0&electron_parts=3#programming-and-debugging-notes

That worked, sort of. My photon has firmware 0.6.2, and tinker is working, but I can’t upload any programs. Even the basic “Blink” program. When I use the online IDE, I get a message saying things were successful, but the program is not uploaded. When I use the CLI, I get a message saying “Flash device failed. Request timed out”

Any thoughts?

-Dan

Is the Photon breathing cyan?

Yes.

It seems to be connected to the cloud, because I can see status updates (such as when it goes online or offline) in the web console.

So you are saying that the device is breathing cyan but you cannot flash it via OTA?

Also, you are using a WPA Enterprise network?

Yes, It’s breathing cyan and I cannot flash it via OTA (note, there aren’t any error messages, but after restarting, tinker is still present, and the new software I’m trying to flash is not).

I’m doing all of the troubleshooting at home with a standard unsecured wifi setup.

Can you place it in safe mode and try flashing the blink led code to the Photon and see if it works ok?

I can’t seem to get it into safe mode.

1. I hold down the setup and reset buttons, then release reset
2. The LED starts blinking magenta
3. I release the setup button
4. It stops blinking magenta, then cycles through a bunch of other colors (white, then green, I think), then resets and goes back to breathing cyan. At this point, tinker is functional again

If you are downgrading from 0.7.0 to 0.6.2 you need to replace the bootloader for 0.6.2 or some things won't work right that require DCT access.

CLI command:

particle flash --serial bootloader-0.6.2-photon.bin

Binary found here: Release 0.7.0-rc.3 Prerelease (Core/Photon/P1/Electron) · particle-iot/device-os · GitHub

Hey guys. Trying to get my photon connected to my university PEAP/MSCHAPv2 network. I’m using the latest v0.8.0 (Update: I tried v0.7.0-rc6 too) firmware. I’m on Windows and an using Tera Term via USB to view the log. I’ve tried the things above for both my university network and eduroam network:

• With username/password, no certificate
  

• With username/password, with certificate
  

• With username/password, with outer identity matching username, no certificate
  

• With username/password, with outer identity matching username, certificate
  

After finally figuring out how to show logs, here’s what I have:

0000035666 [hal.wlan] INFO: Joining eduroam
0000035666 [hal.wlan] TRACE: Free RAM connect: 38216
0000043070 [hal.wlan] ERROR: wiced_join_ap_specific(), result: 1007
0000043070 [hal.wlan] TRACE: Stopping supplicant
0000043870 [hal.wlan] TRACE: Supplicant stopped
0000043870 [hal.wlan] TRACE: Free RAM after suppl stop: 53368
0000044729 [hal.wlan] TRACE: Free RAM before suppl: 53368
0000044729 [hal.wlan] TRACE: Starting supplicant
0000044742 [hal.wlan] TRACE: Supplicant started 0
0000044742 [hal.wlan] TRACE: Free RAM after suppl: 38216

I get mostly 1006 and 1007 errors with an occasional 1024. What else can I try? I bought this in hopes I could get it to work here on campus so hopefully we can figure this out. Thanks!

Can you share how to do that? I am having issues connecting to my enterprise's Wi-Fi as well, and I'm not sure what's breaking. A log would really help.

Strange how hard it is to find a seemingly simple answer, eh? Here's how I did it:

• I downloaded Particle CLI and Particle Dev and installed them
• I wanted to make sure the Dev was compiling the firmware properly, so I had to register my Photon from my home network. Once it was registered, I could select it as the correct device. Not 100% sure if this was necessary.
• Create a new project and put just the following in it (I'm assuming you can have other stuff, but this is all I have in it):

SerialLogHandler logHandler(115200, LOG_LEVEL_ALL);

• Compile the code in the cloud (the cloud icon with a check mark) and it will give you a .bin file
• Connect the Photon to your computer via USB and install the firmware using this command:

particle flash --usb your_photon_firmware.bin

• The rest of the instructions at the top (Setup the Photon/P1) apply from here, but you should have all the system messages displayed now also.

Hope this helps. Maybe we can figure this thing out...

OK, I’ve done this and I think now it’s going to come down to getting the WiCED error code list. Looks like Adafruit has a library which contains them.

I can see from some Adafruit library code that
1006 means Authentication failed
1024 means network not found

1007 isn’t listed.

Getting closer I think.

1006 doesn’t make sense though. I’m using the proper user/pass. Maybe I’m using the wrong identity, or I’m not forcing MSCHAPv2 somehow. Any ideas?

Ah, here we go. I should have read higher up in the thread.

1007 is “not keyed” which means exactly nothing to me.

Well, looks like we’re both in the same boat now. I’ve tried my identity using every combination I can think of (username, username@school.edu, etc) with no luck. I was able to get my Raspberry Pi connected and tried to use lessons learned there on this, but no luck.

Raspberry Pi (Linux, in general) is a dream to connect to enterprise Wi-Fi by comparison.

I’m certain that it’s some default in WiCED that differs from the associated default in Linux. I just need to work out what it is. Today or tomorrow I will be speaking with The WiFi Guy in my enterprise. Perhaps he can offer some clue.

@avtolstoy can you explain this? I don't understand the difference between the two things you mention, there.

In my case, we don't use NPS, but a Cisco solution with 3 letters that I can't remember right now. I don't know how that's configured and I can't easily get that information. I do know that the phase 2 auth is MSCHAPV2 but I don't know about phase 1.

The first one is just EAP type 26 (EAP-MSCHAPv2) defined in draft-kamath-pppext-eap-mschapv2-00, the second one is the same authentication method tunneled through EAP type 25 defined in draft-josefsson-pppext-eap-tls-eap-06 (PEAPv0/EAP-MSCHAPv2).

That would be either Cisco ACS or ISE. If that's the case, I think the only outer tunneling authentication methods that may have inner EAP-MSCHAPv2 supported in ACS/ISE are PEAP (most commonly used) and EAP-FAST.

@naikrovek, since you can easily connect with your raspberry pi, would you mind sharing wpa_supplicant debug/verbose logs along with server and CA certificates, or at the very least their features: algorithm and signature algorithm. This information would be really helpful, as WICED is not very verbose during authentication failures.

I'm thinking this might possibly be incompatibility in TLS cipher suites supported on Photon and what the authentication server is offering.

@avtolstoy

I don’t know how to get debug / verbose logs out of wpa_supplicant but I can share a few lines that appear relevant to me:

Jan 30 08:04:55 tegra-ubuntu wpa_supplicant[914]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 -> NAK
Jan 30 08:04:55 tegra-ubuntu wpa_supplicant[914]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Jan 30 08:04:55 tegra-ubuntu wpa_supplicant[914]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
....
Jan 30 08:04:56 tegra-ubuntu wpa_supplicant[914]: wlan0: WPA: Key negotiation completed with 80:e0:1d:5b:09:af [PTK=CCMP GTK=CCMP]

This was not taken from a Raspberry Pi, but an Nvidia Jetson TX2 connecting to the same network which I’m trying to connect the Photon.

Does this help? If not, I’ll get some assistance on turning on debug logs.