Unable to join wireless from an android using PKI user cert

  • 0
  • 1
  • Problem
  • Updated 4 years ago
We have implemented a wireless network for company employees that uses user based certificate authentication. It is working fine for laptops and iPhones, but we have been unable to get any of the android (Galaxy S4's) to work. We have installed the cert (both the root and user) on the phone. When we attempt to join, we get a setting box that has type, CA and user cert but also has a section named "IDENTITY". We set it to TLS, select the root cert for the CA section and the user cert (just called androiduser). But I have no idea what the "Identity" is. We have tried entering the user domain/ad_name, ad_name, etc. but nothing works.The whole reason behind the cert is so that users don't have to enter anything. I checked my wm3400 log and all it says is user authentication failed. Again, the same certificate setup works fine on laptops and iPhones/iPads. Has anyone had success setting up and android (specifically an S4 since each release of android changes something) on wireless with user certificates? If so can you let me know what steps you used.

Thanks
Derek
Photo of Derek Brown

Derek Brown

  • 170 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Naoman Nabil Ghani

Naoman Nabil Ghani

  • 80 Points 75 badge 2x thumb
Which version of Android?
Photo of MrGuga

MrGuga

  • 294 Points 250 badge 2x thumb
Have you tried leaving it blank?
Also try ad_name@domain.com
(Edited)
Photo of Derek Brown

Derek Brown

  • 170 Points 100 badge 2x thumb
The phone is dead right now but the user says it is 4.0...... We did trying leaving it blank and it keeps popping up for an entry.

Derek
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,086 Points 20k badge 2x thumb
Try to use the name that was used in the user certificate.

Here a example...
http://networklessons.com/wireless/eap-tls-certificates-for-wireless-on-android/

Please check the log of the Authentication Server, that should give you the answer why the authentication failed.
The wm only get's the reject information from the AS but the AS log should show the reason for the reject.