Question Problem with Enterprise WiFi - Android 12

[almirsahbaz]

Hi,

Can someone help me with this problem.

Since I updated my Xperia 1 III this morning, I can't connect to my two different Enterprise WiFi networks.

WiFi window ask me for a domain name, but our IT admin doesn't know anything about it.

Without domain name, my connect button is greyed out, can someone help me to fix this without rooting my phone?

 

[hotcakes_shinku]

PURPOSE OF DOMAIN FIELD WHEN CONNECTING TO WIFI 802.1X (PEAP) ANDROID 11 PIXEL - Google Pixel Community

Does this help? I just googled abit so Im not too sure about your issue. You can also show this to ur IT admin maybe he will understand it better.

 

[almirsahbaz]

PURPOSE OF DOMAIN FIELD WHEN CONNECTING TO WIFI 802.1X (PEAP) ANDROID 11 PIXEL - Google Pixel Community

Does this help? I just googled abit so Im not too sure about your issue. You can also show this to ur IT admin maybe he will understand it better.

Thank you for your answer.

Unfortunately this can't help me, because my company isn't using "freeradius".

I spent whole day on Google trying to find fix or temporary solution.

 

[hotcakes_shinku]

Thank you for your answer.

Unfortunately this can't help me, because my company isn't using "freeradius".

I spent whole day on Google trying to find fix or temporary solution.

Domain issue: the domain is the url name of the SSL Certificate.

The "freeradius" here is just an example. You need the url name of the SSL certificate that your company uses. It doesn't need to be freeradius

 

[almirsahbaz]

The "freeradius" here is just an example. You need the url name of the SSL certificate that your company uses. It doesn't need to be freeradius

Thank you for answering.

I know that, but my company doesn't know what their domain server is.

 

[Hudrator]

Hi,

Can someone help me with this problem.

Since I updated my Xperia 1 III this morning, I can't connect to my two different Enterprise WiFi networks.

WiFi window ask me for a domain name, but our IT admin doesn't know anything about it.

Without domain name, my connect button is greyed out, can someone help me to fix this without rooting my phone?

I suspect you normally would use your account credentials to connect to the WiFi network?
Normally the domain name ist something like "your-company.com" or "your-company.local" (even if .local wouldn't be the best choice).
If so you could look for "EAP-Method" and change the value to "PWD". There you can enter your credentials which you normally use to lock in into your User-Account.

 

[almirsahbaz]

I suspect you normally would use your account credentials to connect to the WiFi network?
Normally the domain name ist something like "your-company.com" or "your-company.local" (even if .local wouldn't be the best choice).
If so you could look for "EAP-Method" and change the value to "PWD". There you can enter your credentials which you normally use to lock in into your User-Account.

My Enterprise WiFi network requires PEAP method.

I tried with PWD value, but it won't work.

 

[Hudrator]

If PEAP is the thing then you will need to provide a certificate, the domain name of the WLAN Controller... Basically everything all that the posts beforehand suggest.

When you were connecting prior android 12 to this network, what did you need to submit? Just some credentials? Certificates? That's something your admin should be able to tell...

 

[almirsahbaz]

If PEAP is the thing then you will need to provide a certificate, the domain name of the WLAN Controller... Basically everything all that the posts beforehand suggest.

When you were connecting prior android 12 to this network, what did you need to submit? Just some credentials? Certificates? That's something your admin should be able to tell...

This is what I needed:

EAP method: PEAP
Phase 2 authentication: MSCHAPV2
CA Certificate - Do not validate (this option is now removed, and now asks for domain, which needs to be put in)
Identity: My e-mail address
Anonymous identity: Blank
Password: My password

And that was it, I was successfully connecting to this network for a years.

 

[Hudrator]

Well you can try to fill in the last part of your email addresses for domain - so everything after the "@".
As written in one of the guides, normally you would enter the domain address of the authentication server / the common name which is part of the certificate of the server...
Seems that some restrictions in Android12 got tighter and you are now not allowed to skip the certificate validation part. Might be that now that Android12 is going to be published more, your it will need to change some things...

 

[almirsahbaz]

Well you can try to fill in the last part of your email addresses for domain - so everything after the "@".
As written in one of the guides, normally you would enter the domain address of the authentication server / the common name which is part of the certificate of the server...
Seems that some restrictions in Android12 got tighter and you are now not allowed to skip the certificate validation part. Might be that now that Android12 is going to be published more, your it will need to change some things...

I'm using public hotspots from my internet provider, so I can't do that, because I'm using my @hotmail.com e-mail to access this network.

I contacted them, but they don't know how to set up a domain.

 

[Hudrator]

Okay... now i am a bit stunned.

You are using public hotspots (not related to your enterprise). To connect you are authenticate with the credentials that you have configured at a side of the ISP?
If the hotspot is provided by your ISP you will have to ask him about accessing and credentials for the WLAN and not your IT-Admin.

 

[almirsahbaz]

Okay... now i am a bit stunned.

You are using public hotspots (not related to your enterprise). To connect you are authenticate with the credentials that you have configured at a side of the ISP?
If the hotspot is provided by your ISP you will have to ask him about accessing and credentials for the WLAN and not your IT-Admin.

The thing is, I'm working for that ISP provider, so I asked their IT Admin, but I'm also their user and I'm using my private ISP account to access these hotspot locations

 

[Hudrator]

@almirsahbaz

Ahhhhhh - now that make sense for me. Thanks for clearing things up. Back to your problem:

It will get troublesome....
PEAP Authentication "normally" requires the authenticator (aka the Server, Wifi Controller... some referring to it as a RADIUS-Server - which can also be a "role" performed by another server; often used are Domaincontrollers ) to offer a certificate. Simple speaking: Kind of similar to webserver-authentication for https.
Your phone then "checks" the provided certificate on validity. This validation step was "skipped". Skipping isn't supported anymore. This started already with android 11 (depending on oem-implementations).

So your Admins will have to deploy certificates as mentioned above and provide them to you.
The "domain" field you are mentioning is used to select the certificate of the authenticator (for a user it is often easier to enter the proper name then select the certificate out of the certificate store an the device).

The thing for you is:
You can't do anything, as your admins will have to think about the whole process. So you won't be able to use the hotspots until there have been some changes made by the admins.

What you can do is to inform the admins on the changes that google made starting at Android 11

Android 11 will no longer let you connect to some enterprise WiFi networks

The Android 11 update will break connecting to certain enterprise WiFi networks. Here's why and what you can do to fix it.

www.xda-developers.com

If they want to use PEAP further on with devices running Android 12, they will have to change something!

 

[almirsahbaz]

@almirsahbaz

Ahhhhhh - now that make sense for me. Thanks for clearing things up. Back to your problem:

It will get troublesome....
PEAP Authentication "normally" requires the authenticator (aka the Server, Wifi Controller... some referring to it as a RADIUS-Server - which can also be a "role" performed by another server; often used are Domaincontrollers ) to offer a certificate. Simple speaking: Kind of similar to webserver-authentication for https.
Your phone then "checks" the provided certificate on validity. This validation step was "skipped". Skipping isn't supported anymore. This started already with android 11 (depending on oem-implementations).

So your Admins will have to deploy certificates as mentioned above and provide them to you.
The "domain" field you are mentioning is used to select the certificate of the authenticator (for a user it is often easier to enter the proper name then select the certificate out of the certificate store an the device).

The thing for you is:
You can't do anything, as your admins will have to think about the whole process. So you won't be able to use the hotspots until there have been some changes made by the admins.

What you can do is to inform the admins on the changes that google made starting at Android 11

Android 11 will no longer let you connect to some enterprise WiFi networks

The Android 11 update will break connecting to certain enterprise WiFi networks. Here's why and what you can do to fix it.

www.xda-developers.com

If they want to use PEAP further on with devices running Android 12, they will have to change something!

Thank you for your detailed answer.

I found possible solution for them online, and I sent that to them.

I guess this is what they need to do: "Radius server's certificate needs to contain a fully-qualified domain name (FQDN) in the Common Name field."

 

[Hudrator]

Basically they will need to implement PEAP as it was intended, yes

 

[almirsahbaz]

Basically they will need to implement PEAP as it was intended, yes

Thank you once again for all support that you have provided