PEAP is not standardized and was not designed to be used outside a Windows
AD-joined, GPO controlled environment.
I'm hoping Google's changes (very welcome IMO) and continued restrictions on
Apple platforms will steer people away from legacy, deprecated protocols/EAP
methods.
tim
On 8/7/18, 3:25 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv
on behalf of Norman Elton" wrote:
We've got an encrypted network with the classic PEAP + MSCHAPv2 combo,
allowing users to connect with their domain credentials. We've shied
away from onboarding tools like SecureW2, especially for student
devices, as they seem more cumbersome than just having the user
configure the connection properly the first time.
Preparing for the fall, we've noticed that recent versions of Android
make the process a little more cumbersome. It appears that 8.1 & 9.0
allow the user to validate the certificate by domain, which is great.
Although the steps to get this setup are far from intuitive.
8.0 doesn't give that option, instead displaying a scary warning,
"This connection will not be secure". The user is forced to go ahead
with "do not validate certificate", leaving them open to leak their
credentials to a rogue AP. Far from ideal.
Theoretically, we could ask the user to trust the CA certificate in
advance, and (hopefully) the warning message would go away. But I
haven't gotten this to work.
Is there a general consensus that these devices are better served with
an onboarding tool that can accommodate the various flavors of
Android? Or is there a recipe for a user to setup 802.1x securely
(with some sort of certificate validation) on Android devices pre-8.1?
Thanks,
Norman Elton
**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/discuss.
**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.
