1. Are you ready for the Galaxy S20? Here is everything we know so far!

Android 11 'couldn't connect to network' NPS with PEAP/MS-CHAPv2

Discussion in 'Android Apps & Games' started by spharaus, Sep 28, 2021.

  1. spharaus

    spharaus Lurker
    Thread Starter

    Hi All,

    I am trying to connect company-owned / unmanaged Android 11 devices to a Cisco WAP SSID using our public certificate wireless.fqdn

    For my Galaxy A20 Android 11 phone , when connecting the SSID the phone returns:
    'couldn't connect to network'
    'couldn't authenticate connection'

    On the NPS Server, the wireless.fqdn certificate is installed in the Certificates (Local Computer) Personal / Certificates container

    We are using Windows NPS/PEAP/MS-CHAPv2 which I believe requires a certificate on the server-side only
    I believe PEAP encapsulates the EAP type MS-CHAPv2 authentication in a secure TLS tunnel.

    As a further configuration item, I installed the wwireless.fqdn certificate into the cert store on my Android device (User certificates, installed for WiFi)

    NPS / RADIUS Server is Windows Server 2016 Datacenter
    NPS Role installed with the following Windows NPS Policy

    Connection Request Policy:
    Wireless connections, NAS Port Type: wireless - other or wireless IEEE 802.11

    Network Policy: Staff
    CONDITIONS:
    Wireless - Other OR Wireless IEEE 802.11
    Windows Groups: ADDSGroup
    Calling Station ID: ^[^:]+:SSID$

    CONSTRAINTS:
    EAP TypesMicrosoft: Protected EAP (PEAP)
    Edit / certificate issued to: wireless.fqdn
    Issuer: DigiCert TLS RSA SHA256 2020 CA1
    Enable Fast Reconnect
    EAP Type:
    Seure password (EAP-MSCHAP v2)

    Android 11:
    I got into settings / biometrics and security
    Other security settings
    PFX user certificates: wireless.fqdn installed for WiFi (contains root/intermediate/cert chain)
    View security certificates / system / CA root
    No user certificates

    Click the WiFI SSID / manage
    EAP method: PEAP
    Enter identity / password
    CA certificate: Use system certificates (if I choose 'select certificate' there is nothing to select, android stated in a red color "CA certificate must be selected")
    Online certificate status: don't validate
    Domain: wireless.fqdn

    When connecting to the SSID the phone returns:
    'couldn't connect to network'
    'couldn't authenticate connection'

    MAC of Android phone not in NPS logs

    Hope someone with more experience can assist.

    Thanks!
     



    1. Download the Forums for Android™ app!


      Download

       

Cyber Security

Cyber Security Forum

com.cybergenius.cybertor

READ MORE
Last Updated
0
Rating
Installs
Loading...
Similar Threads - Android 'couldn't connect
  1. Epic555
    Replies:
    2
    Views:
    93
  2. JuryWithBigNose
    Replies:
    0
    Views:
    102
  3. shanks123
    Replies:
    0
    Views:
    168
  4. 6012dpe
    Replies:
    3
    Views:
    247
  5. Towson_Steve
    Replies:
    10
    Views:
    498
  6. Six dots Software
    Replies:
    2
    Views:
    240
  7. brentc
    Replies:
    2
    Views:
    312
  8. corkyboy
    Replies:
    5
    Views:
    290
  9. ironass
    Replies:
    3
    Views:
    434
  10. ironass
    Replies:
    3
    Views:
    507

Share This Page

Loading...