WPA2 Enterprise and iOS8

I followed this thread with interest as had same problem on my Corporate WLAN that uses WPA 2 LEAP authentication. Via another forum discussion thread, their advise pointed to some of the authentication credentials changing in IOS 8 from previous versions.

I previously had a working iPhone 4s working with IOS 7 and then no longer with the 8 upgrade (includes 8.0.2).

End of last week I managed to find a work around for me after trying everything including a complete wipe of entire phone and starting with a clean configuration.

I downloaded the "iPhone Configuration Utility tool" for Windows and entered the WLAN settings via the tool. Using USB I then applied WLAN profile to the phone which worked instead of entering manually via the settings on the phone.

I also created a profile file for several of my colleagues for various iPhone types, 5, 5c, 5s, 6 and an iPad Air. I emailed them the profile file which they installed via email on their iPhones. It worked equally well on devices.

Not sure if latest 8.1 overcomes these issues, but if it doesn't definitely worth giving this a manual configuration via iPhone tool a try.....

hey,

please can some one confirm if this issue was solved by ios 8.1???

Hello

i've just tried now with my iphone (ios 8.1) in my company (with wpa2 enterprises) and unfortunately still the same error like with 8.02 ; (authentication error)

same iphone had working with ios 7 😟

I've also tried with "iPhone Configuration Utility tool" as described above (using usb) i've created a profile with a Leap authentication (what i need) but is impossible to apply in my iphone (an error appear)

OOh well!

I Asked for help from Apple Call centre. They asked me to visit the Customer Care office.

can someone (@Bidgooj) please detail the steps of getting it to work if you have made yours work!

@Anuj vir - Apparently there isn't something to be "solved" or fixed in IOS 8. The fact is Apple has tightened up security. Basically what appears to be "broken" is stuff where stuff was working before but it wasn't secure enough. There are two changes that I see so far that were not required pre-IOS 8 : 1. LEAP is not an option anymore because it is an inherently unsecure protocol. 2. When a profile is pushed via MDM software, the CA root needs to be pushed and the RADIUS server name needs to be trusted. It used to allow the user to manually accept the RADIUS cert, but not anymore. Although in a post on this thread it was said that the RADIUS cert needed to be pushed, I found that only the CA cert was needed but the RADIUS server name needs to be trusted. Look for a field in your MDM software like Trusted Server Name under the WiFi profile. If there is more than one radius server you can use a wildcard such as *.company.comp.corp or *.company.com etc.

HEy @Robbgior.

thanks for the response.

whats bugging me is the fact that all the others in my institute are using its wifi while i rely on my 3G all thanks to one of those apple geniuses who while trying to solve a problem that my phone had with auto brightness had me reset all my settings without a backup. when i did the reset, the autobrightness problem wasnt solved and another huge problem occoured... No WiFi.

anyway, could you please break down what you quoted above into simpler steps.

can you tell me what should i do or check in a little less technical jargon!

IS something required from the server's side.

your help will be hugely appreciated

Hi Everyone ..!!!

Bata release 8.1.1 for developer is ON. Does that atleast solves the WPA2-Etnerprise network connectivity issue ???

NO i don't think so.

you see it is not a problem. It is just that Apple sees the issue as a security threat and have implemented counter-measures.

I was able to get my Wi-Fi working by loading an older backup.

if you don't have an old backup then I don't think that you have any other choice. you may try to create security certificates by following the steps enlisted in older posts but it's a very long and tedious procedure which requires a bit of technical skill. If you think you can do that then you might be in luck otherwise well

My schools wifi uses WPA Enterprise, I installed the LDAP.cert that they gave me and it always takes me 2 tries to connect, yes 2 tries. Upon first try I always get a Unable to join the network message and then on the second try it works. This is really annoying as I have to do it every single time I want to use the wifi

What I have found on our network (which we upgraded one of our Cisco wireless controllers from 7.3 to 7.6.130), is that IOS has "improved" security, and that the authentication behavior/saved certs don't really work anymore. We have had several IOS devices delete their network settings (Settings -> General -> Reset -> Reset Network Settings), and when they've reauthenticated to the network, the certificate prompt appears, and connection works just fine. One device had to login a second time before working.

For people who use MDM, I've found the solution :

Yes Apple has improved the security in iOS 8. Now, the user can't validate the CA certificate himself. You have to include the CA certificate in the wifi profile if it's a self-signed certificate.

After doing this, your CA will be included in the truted certificates database and the handshake will be OK.

I tried your way, it is not working for mine.

It is pending for a long time, and no solution provided by Apple till now.

Hi there,

Is there a solution for IPAD to ask for a password when an AD user changes his password. Currently when a user changes his password then his IPAD tries to connect to the network with the old password provided without asking for a new password. The user then gets locked and has to forget the network every time he/she changes AD Password.

I would ideally like for the users not to forget the network as we then need to provide them assistance for configuring a new proxy server.

Please advise?

Thanks,

Your IT needs to add a health policy in your network policy server, which handles radius authentication to get on your corporate wireless network.

😁 made my day