05-12-2017 04:49 AM
26 12
tools
  1. Marox1's Avatar
    This is my question...if anyone could answear me please. Thanks
    12-09-2015 07:39 AM
  2. Alexander Long's Avatar
    I don't' really know, but it seems work with EDUROAM and it uses ttls-pap from what I know, so I guess it does.
    12-09-2015 08:53 AM
  3. Marox1's Avatar
    Without the necessiti of a certificate of the university?
    12-09-2015 01:55 PM
  4. Marox1's Avatar
    Because in my university (from Spain) they use TTLS config with PAP without a certificate, so I need the option to select PAP authentification also and not only the TTLS parametre. Sorry for my Enlish expression...thank you
    12-09-2015 02:28 PM
  5. xbrtll's Avatar
    I have not found a way to connect to eduroam (nor to the local university network with TTLS/PAP, for that matter) yet and the data center here says that it is not supported. It would be great if they were wrong about that, but most of what I have read thus far seems to support their statement and the few suggestions otherwise (mostly some certificate stuff) did not work for me.
    12-10-2015 03:25 AM
  6. Alexander Long's Avatar
    I have no trouble with EDUROAM here, at all the campus and universities that I visited the last couple of months, I am be able to connect to EDUROAM without issues.
    And to connect to eduroam , just click the eduroam network when you're at campus, then it will open up for login info, enter the login info normally same as your school email and password. Then click never on the certificate check thing. Click connect. It should work. After the first time configuring at your own school, you should be able to 'roam' between 'edu's.
    Last edited by Alexander Long; 12-10-2015 at 10:48 PM.
    daimv likes this.
    12-10-2015 10:31 PM
  7. Marox1's Avatar
    Yes, but on my wp 8.1 doesn't work in my own university. For these reason I was asking if it works with wp 10.
    In my university I have to put these options: User and pass, select TTLS and authentification phase 2: PAP and it doesn't work with wp 8.1, i will try with wp 10 when it will be release.
    12-11-2015 01:00 AM
  8. xbrtll's Avatar
    Alexander: And you are sure that your institution uses TTLS/PAP for authentication? The process you describe sounds more like PEAP MS-CHAP v2 as you cannot choose 'never' for the certificate-check on TTLS/PAP. As far as I know it depends on your institution which of the two (or possibly even more) authentication methods they use.
    12-11-2015 02:40 AM
  9. Marox1's Avatar
    My university don't use the certificate and yes they use TTLS/PAP. These are the options for the wifi:
    SSID: eduroam (en minsculas)
    seguridad: 802.1x
    mtodo EAP: TTLS (Tunneled TLS)
    autenticacin interna o de fase 2 (inner Authentication): PAP
    12-11-2015 08:24 AM
  10. Marox1's Avatar
    Oh sorry, now I see that the question is for Alexander...
    12-11-2015 08:25 AM
  11. Alexander Long's Avatar
    Alexander: And you are sure that your institution uses TTLS/PAP for authentication? The process you describe sounds more like PEAP MS-CHAP v2 as you cannot choose 'never' for the certificate-check on TTLS/PAP. As far as I know it depends on your institution which of the two (or possibly even more) authentication methods they use.
    You were right my school switched to peap ms-chap v2, it was TTLS-EAP yrs ago when I was undergrad there and try to configure on my Nokia N95. but I guess they switched sometime after that. But I thought back in 8.1 v1 should support TTLS-EAP
    Wait second are you it is TTLS-PAP not TTLS-EAP? Because eduroam has to be 802.1x EAP
    Last edited by Alexander Long; 12-11-2015 at 11:23 AM.
    12-11-2015 11:09 AM
  12. Alexander Long's Avatar
    Ok, I found this link https://msdn.microsoft.com/en-us/library/dn643706.aspx from Microsoft which apply to WP8.1 but I assume should same as w10m .
    And from what I read from here, it dose support EAP-TTLS (PAP) .
    12-11-2015 11:32 AM
  13. xbrtll's Avatar
    Wait second are you it is TTLS-PAP not TTLS-EAP? Because eduroam has to be 802.1x EAP
    I don't think TTLS-EAP ist a thing. Full version is EAP-TTLS/PAP, i.e. EAP-TTLS to authenticate to the network and then PAP to authenticate the user (if I recall that correctly). The problem lies in the PAP-part: I can enter my data, then windows asks me to accept the server certificate (i.e. the EAP-TTLS part seems to work) and after that it tells me the connection is not possible.

    And from what I read from here, it dose support EAP-TTLS (PAP) .
    Thanks, it's interesting that they mention PAP in the table but not in the explanation how to configure it later. I'll look into that and give it another try on monday.
    fusionfan likes this.
    12-11-2015 01:25 PM
  14. Alexander Long's Avatar
    I did a little more search on this topic, looks like since back couples yrs ago, almost all mobile device has issues with TTLS-PAP (including iPhones blackberry, and I do remember I can't connect with Android for long time until one day it magically connected too) therefore all universities in Canada switched to more common PEAP MSChapv2 for both eduroam and their own secure network, some even just ditch their own, only have the unsecured one with eduroam replacing the secure one.
    12-11-2015 11:36 PM
  15. Alexander Long's Avatar
    I don't think TTLS-EAP ist a thing. Full version is EAP-TTLS/PAP, i.e. EAP-TTLS to authenticate to the network and then PAP to authenticate the user (if I recall that correctly). The problem lies in the PAP-part: I can enter my data, then windows asks me to accept the server certificate (i.e. the EAP-TTLS part seems to work) and after that it tells me the connection is not possible.

    Thanks, it's interesting that they mention PAP in the table but not in the explanation how to configure it later. I'll look into that and give it another try on monday.
    Hi, I am really cautious on this topic these days, since I also read some old pages from my school ITS support site, it did mention some thing like below:
    "The recommended authentication protocols to use (EAP-PEAP with MS-CHAPv2) are given above, there are many other available combinations:
    ◾EAP-TTLS with CHAP, MS-CHAP and MS-CHAPv2 work and are also supported
    ◾EAP-TTLS with PAP is supported but strongly advised against (if used, the server must be authenticated by name and the certificate validated) as it may reveal your Network Access Token to third party sites
    ◾EAP-LEAP is not supported and will not work
    ◾EAP-FAST is not supported and will not work "
    So if you don't mind , may I ask which Institute you are attending? And maybe the ITS support page link for eduroam?
    12-12-2015 12:12 AM
  16. xbrtll's Avatar
    Unfortunately the support pages are only in German, but I'll you a link anyway.

    EAP-TTLS with PAP is supported but strongly advised against (if used, the server must be authenticated by name and the certificate validated) as it may reveal your Network Access Token to third party sites
    My knowledge on the technical details is pretty limited, so I don't know if "may" means that it happens in practice and whether or not this would be a problem from a security or privacy point of view.

    As my univerity provides a third WLAN I can use, the (maybe) missing TTLS/PAP-support is not that big of a problem to me, but it would be easier as I do not have to start VPN manually each time I connect to it. Or is this something my phone could do automatically?
    12-12-2015 03:58 AM
  17. Alexander Long's Avatar
    Sorry for not responding sonnet, I was away from campus for holiday until now. So today is did be able to connect my campus eduroam through TTLS too.
    So click the table of EAP method, then you can chang eat from MS Chapv2 to TTLS. See if that would work with your university.
    Attached Thumbnails fantasia-painting.jpg  
    01-05-2016 11:52 PM
  18. xbrtll's Avatar
    No, it does not. I can enter my username and password and am asked to accept the certificate. Then I'm told that authentication was not possible (I think that's due to the lack of PAP-support) and can reenter username and password once more before I get the message that the attempt to connect to eduroam has failed. See also attached screenshots.
    Attached Thumbnails wp_ss_20160108_0002.jpg   wp_ss_20160108_0003.jpg   wp_ss_20160108_0004.jpg   wp_ss_20160108_0005.jpg  
    01-08-2016 05:11 AM
  19. fusionfan's Avatar
    You all have to understand that the authentication method is determined by your eduroam account PROVIDER, and NOT the location you are trying to use it. So if your home institute uses a method not possible to enable on your phone, it doesn't matter where you are, it is not going to work. Whereas if your home institute uses an other method it is going to work. I have the same issue: the institute supports EAP-TTLS / PAP, and while win 10 supports it, there is no way to enable it in W10M! :( You can push this setting using mobilde device management (which I / we don't have) but you cannot enable it. To repeat: the system supports it, you just cannot tell said system to use this specific method because nobody at Microsoft bothered to add a checkbox to the GUI since _YEARS_.

    Since then, the institute had started supporting MS-CHAPv2, which again, does not work on my phone for some odd reason. Same error message all the time.
    06-28-2016 11:28 AM
  20. Gjuro Kladaric's Avatar
    neither of my windows phone 8.1 nor windows 10 mobile do work on our eduroam network. android does. iPhone does. so, just TTLS/PAP/certificate. end of story.
    10-28-2016 03:46 PM
  21. daimv's Avatar
    MS-CHAPv2 works fine with my 950 in my university :v
    10-29-2016 07:49 AM
  22. Gjuro Kladaric's Avatar
    but it does not work for me, and for thousands of others, while android and iPhone do, out of the box.

    so, my only reasonable answer to our students, users of our eduroam network which I can not make to change, unfortunately is: do not use windows phones :(
    10-29-2016 08:29 AM
  23. daimv's Avatar
    What phones have you tried? Could it be related to specific hardware that some phones support it and some don't?
    10-30-2016 03:34 AM
  24. daimv's Avatar
    Because maybe you should change your recommendation to just "don't use this or that phone, but this and that others do work". Because more than one of us here said they were able to connect. I am guessing newer phones have a higher chance of working with it.
    10-30-2016 03:37 AM
  25. Gjuro Kladaric's Avatar
    I have tried nokia 520 and nokia 925 with windows 8.1 and microsoft 532 with windows 10... and people come occasionally to me with windows phones unable to connect... and I see that people wordwide are complaining about that... also, it appears that it works in some places, but with crippled configuration...

    and remeber, android and iphone work with no problems... and I have never seen any windows phone working on that network... go figure...
    10-30-2016 10:22 AM
26 12

Similar Threads

  1. Replies: 6
    Last Post: 04-07-2016, 03:27 PM
  2. Why won't Windows 10 mail allow me to open or download photos?
    By Windows Central Question in forum Windows 10
    Replies: 1
    Last Post: 12-09-2015, 02:28 PM
  3. can i upgrade to windows 10 with expired windows 7 activation key?
    By WPCentral Question in forum Ask a Question
    Replies: 1
    Last Post: 12-09-2015, 07:50 AM
  4. Awesome Band Backgrounds updated with Band 2 support, still offers a boatload of Band wallpapers
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 12-09-2015, 07:11 AM
  5. Radeon will support next-gen HDR displays in 2016
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 12-09-2015, 07:11 AM
LINK TO POST COPIED TO CLIPBOARD