Kalle Valo wrote: > "ext Peter Flynn" <peter at silmaril.ie> writes: > >> Pretty much everything is working on my N800, including all my WEP >> connections. WPA, however, is not. >> >> The campus LAN uses a hidden SSID and requires my MAC address and >> provides a username and password. This works fine in WPA Enterprise >> using Network-Manager on my Ubuntu Gutsy laptop: >> >> Network Name: (the SSID) >> EAP: PEAP >> Key: Auto Default >> Phase2: None >> Identity: (username) >> Password: (password) >> Anon Ident: (username again) >> Client Cert: none >> CA Cert: none >> Priv Key: none >> Priv Key password: blank >> >> In OS 2007, I am using: >> >> Connection name: (I made one up) >> Connection type: WLAN >> SSID: (the SSID) >> Network is hidden: checked >> Mode: Infrastructure >> Security: WPA with EAP >> EAP Type: PEAP >> Select cert: none >> EAP method: MSCHAPv2 >> Usename: (username) >> Password: (password) >> Prompt for password: unchecked (ie No) >> >> In Advanced/EAP: >> Use manual username: checked >> Manual username: (username) >> Require client auth: checked > > I think you should try with client auth disabled, because you have > disabled similar sounding setting (Client Cert) from Network Manager. > >> Is there a known problem with WPA authentication? Or am I doing >> something obviously wrong? > > I'm not aware of any big problems with WPA authentication. With EAP > there's always a Radius server involved, so maybe this is a some kind > of interoperability problem with the Radius server? Problem solved. When you edit a WPA connection, and get to the end, and click on Advanced, and click on the EAP tab to set the parameters, the "Require client authentication" is ambiguous, as I mentioned. If you leave it unchecked, then when you try to connect, you get the error message saying that it "can't find a certificate to validate the server". I then clicked Cancel, as it was "obvious" that connection had failed. Wrong. The message is a comment only: if you click on OK it goes right ahead and connects just fine. This is suboptimal :-) client-server authentication with certificates (either way) is an option in WPA, as far as I understand it (which may not be far) and both should be checkable options in the EAP tab mentioned above: Require client to authenticate server Require server to authenticate client That way you shouldn't get an error message box for something which isn't an error :-) I had to set Manual Username (as I had guessed: I think this is the same thing that NetworkManager refers to as "Anonymous Identity"), but I also had to set the proxy manually to the IP address of the proxy server, as auto-detect doesn't seem to detect anything, and setting it to the cname of the proxy server doesn't seem to work either. But it's working now, and very many thanks to everyone for their help. ///Peter
