Log file returned. The reason it is still not connecting is this:
Error with TLS client handshake 5023
TLS handshake failed
Supplicant received link event
0000033757 [hal.wlan] wlan_hal.cpp:623, wlan_join(): ERROR: wiced_join_ap_specific(), result: 1007
1007 error is UN_KEYED , what is 5023?
5023 is not assigned in the RFC for Radius servers.
The internet seems to think that 5023 means that the router has seen a device with this MAC address before and so it is trying to avoid spoofing. Could that be happening here?
Can you see what devices are provisioned on the router?
I have checked the MAC address screening/ white list - there was nothing there. However, in the system log on the AP there was this:
Nov 12 14:37:24 kernel: e0:4f:43:xx:xx:xx had associated successfully
Nov 12 14:37:24 kernel: [WLAN] EAPOL process start.^M
Nov 12 14:37:31 kernel: e0:4f:43:xx:xx:xx had disassociated.
Nov 12 14:37:31 kernel: [del_web_portal_client] but hash_id:[37] is empty!
Can anyone help with what hash_id[37] is empty! means and whether it is significant. Other photons have the same message but with a different number in the hash_id:[xx].
Dave, any update on this thread? I have been contacted again by customers wanting to know when WPA Enterprise security will be supported. There still appears to be an issue here with certain signature methods causing the TLS handshake to fail. I have tried the same code on a CISCO AP and I cannot connect there either.
Armor,
I will re-ping the fellow that was supposed to review the log. My apologies for the delay.
I just heard back from the engineer. He will look at it ātomorrowā (heās 15 hours ahead of Pacific Standard Time).
Thanks
@nrobinson2000 Nathan, did you get WPA Enterprise working? Looks like you are in a university environment - possibly using eduroam?
Yup eduroam.
No CA certificate.
I do have to use an external antenna with a photon since the strength of the access points is weak.
I am trying to access eduroam in the UK, the standard here is username, password, Root CA certificate. Have you tried with a CA certificate or is it just not required where you are? Are you entering credentials via CLI or programmatically. Thanks
CA certificate isnāt required and didnāt work when I provided one. I entered the credentials via CLI.
Thanks - that is very useful to know - the debug feedback I am getting kind of suggests that there is an issue with the certificate input process with the CLI it appears to accept the certificate successfully when loaded but actually there is a format issue when cutting and pasting.
I think I understand why your eduroam environment works - all the testing done by Particle has used a FreeRadius Radius server rather than a Windows based AD server. Your organization must be using FreeRadius (more than a 1/3 of all eduroam sites do). The 2 universities I visited in London both use Windows based Radius server linked to Active Directory and my test setup uses the Radius server internal to the AP - none of these work with the Particle devices!!
I am trying to setup an exact copy of the Particle Radius test environment - having some issues with the instructions which appear to be missing a couple of steps / detail for someone not used to Linux.
We have actually tested RADIUS implementations: FreeRADIUS, Microsoft NPS, Cisco Secure ACS and Cisco ISE with Ubiquiti, Cisco and Aruba access points.
Thanks for this confirmation. It makes it harder to explain why I have had no success in the following environments:
Hi All,
My company considers implementing this feature, and I want to get the full picture before advising to go ahead with it or not.
Before I read all this correspondence, I want to verify that the documentation in this thread is up to date and this feature actually (connecting to WPA2 Enterprise) works as expected. Someone had implemented this feature from a to z, and it works well for him?
I will be glad to hear more about the best practice and recommendations for the easy and convenient way to set up the test WPA2 Enterprise environment (via Raspberry or Docker).