WPA2 enterprise authentication issue: retry attempts too quick

photon
Tags: #<Tag:0x00007fe21e2c7718>

#1

I have tried to connect a bunch of photons to the university WPA2 Enterprise networks and have not been successful despite numerous attempts. Both networks (the university network and eduroam) use the same authentication server and certificates (with PEAP/MSCHAPv2); the credentials and PEM certificate have been tested on other devices. I have followed the WPA2 Enterprise troubleshooting guide and IT has confirmed the credentials and settings.

The photon returns error codes 1007 and 1006 in an alternating fashion. IT has confirmed in their logs that the device is authenticating properly, but it looks like the connection is ultimately refused because the photon initiates a new attempt to connect before receiving the final ok. Is there a way I can increase the time between connection attempts? It looks like the photon just needs to be a little more patient…

Thank you for your help!
Max


#2

@maximiliaan Welcome to the Particle Community. There are a couple of threads covering this issue and I have responded in the last month to someone else trying to connect a Photon to eduroam. Since Device OS 0.7.0 the Photon has supposedly been able to use WPA2 Enterprise secured WAPs. I have done a lot of testing and have found that once the Photon receives the authentication success from the Radius server it dumps the session and restarts the process. It would help to increase the priority on the development team to fix this if you could raise a support ticket with Particle.


#3

Hi @armor, thank you for your reply. It sounds like we are experiencing the largely the same problem. The IT people I talked to were convinced the Photon was eventually denied access because it attempted to start a new connection before the previous authentication sequence had completed (even though the authentication was successful). You’re saying that you think it is the Photon that dumps the connection after receiving the ok; do you think that’s because of a time-out or is there some other cause for rejection?
I’ve opened a support ticket with Particle as well; I will let you know if I learn anything new.


#4

You and I and anyone trying to use WPA2 Enterprise on a ‘eduroam’ standard is getting the same. I have heard of one person who has managed to connect. From the radius server side the access is authenticated but then this does not proceed to getting the IP address from the WAP. From the photon side the LED flashes green trying to first authenticate and then get the IP address but never gets that far, with the trace on can see it appears to drop the session or you may see a 1007 error - not keyed. Maybe it is timing out - it is really something that Particle’s networks engineer needs to sort out but there is only one person and mesh has been the priority!