Question Problem with Enterprise WiFi - Android 12

Search This thread

almirsahbaz

Member
Feb 3, 2015
35
8
Sarajevo
Hi,

Can someone help me with this problem.

Since I updated my Xperia 1 III this morning, I can't connect to my two different Enterprise WiFi networks.

WiFi window ask me for a domain name, but our IT admin doesn't know anything about it.

Without domain name, my connect button is greyed out, can someone help me to fix this without rooting my phone?
 

almirsahbaz

Member
Feb 3, 2015
35
8
Sarajevo

hotcakes_shinku

Senior Member
Sep 27, 2016
126
39
Xperia XZ2
Thank you for your answer.

Unfortunately this can't help me, because my company isn't using "freeradius".

I spent whole day on Google trying to find fix or temporary solution.
Domain issue: the domain is the url name of the SSL Certificate.
The "freeradius" here is just an example. You need the url name of the SSL certificate that your company uses. It doesn't need to be freeradius
 

Hudrator

Senior Member
Hi,

Can someone help me with this problem.

Since I updated my Xperia 1 III this morning, I can't connect to my two different Enterprise WiFi networks.

WiFi window ask me for a domain name, but our IT admin doesn't know anything about it.

Without domain name, my connect button is greyed out, can someone help me to fix this without rooting my phone?


I suspect you normally would use your account credentials to connect to the WiFi network?
Normally the domain name ist something like "your-company.com" or "your-company.local" (even if .local wouldn't be the best choice).
If so you could look for "EAP-Method" and change the value to "PWD". There you can enter your credentials which you normally use to lock in into your User-Account.
 

almirsahbaz

Member
Feb 3, 2015
35
8
Sarajevo
I suspect you normally would use your account credentials to connect to the WiFi network?
Normally the domain name ist something like "your-company.com" or "your-company.local" (even if .local wouldn't be the best choice).
If so you could look for "EAP-Method" and change the value to "PWD". There you can enter your credentials which you normally use to lock in into your User-Account.
My Enterprise WiFi network requires PEAP method.

I tried with PWD value, but it won't work.
 

Hudrator

Senior Member
If PEAP is the thing then you will need to provide a certificate, the domain name of the WLAN Controller... Basically everything all that the posts beforehand suggest.

When you were connecting prior android 12 to this network, what did you need to submit? Just some credentials? Certificates? That's something your admin should be able to tell...
 

almirsahbaz

Member
Feb 3, 2015
35
8
Sarajevo
If PEAP is the thing then you will need to provide a certificate, the domain name of the WLAN Controller... Basically everything all that the posts beforehand suggest.

When you were connecting prior android 12 to this network, what did you need to submit? Just some credentials? Certificates? That's something your admin should be able to tell...
This is what I needed:

EAP method: PEAP
Phase 2 authentication: MSCHAPV2
CA Certificate - Do not validate (this option is now removed, and now asks for domain, which needs to be put in)
Identity: My e-mail address
Anonymous identity: Blank
Password: My password

And that was it, I was successfully connecting to this network for a years.
 

Hudrator

Senior Member
Well you can try to fill in the last part of your email addresses for domain - so everything after the "@".
As written in one of the guides, normally you would enter the domain address of the authentication server / the common name which is part of the certificate of the server...
Seems that some restrictions in Android12 got tighter and you are now not allowed to skip the certificate validation part. Might be that now that Android12 is going to be published more, your it will need to change some things...
 

almirsahbaz

Member
Feb 3, 2015
35
8
Sarajevo
Well you can try to fill in the last part of your email addresses for domain - so everything after the "@".
As written in one of the guides, normally you would enter the domain address of the authentication server / the common name which is part of the certificate of the server...
Seems that some restrictions in Android12 got tighter and you are now not allowed to skip the certificate validation part. Might be that now that Android12 is going to be published more, your it will need to change some things...
I'm using public hotspots from my internet provider, so I can't do that, because I'm using my @hotmail.com e-mail to access this network.

I contacted them, but they don't know how to set up a domain.
 

Hudrator

Senior Member
Okay... now i am a bit stunned.

You are using public hotspots (not related to your enterprise). To connect you are authenticate with the credentials that you have configured at a side of the ISP?
If the hotspot is provided by your ISP you will have to ask him about accessing and credentials for the WLAN and not your IT-Admin.
 

almirsahbaz

Member
Feb 3, 2015
35
8
Sarajevo
Okay... now i am a bit stunned.

You are using public hotspots (not related to your enterprise). To connect you are authenticate with the credentials that you have configured at a side of the ISP?
If the hotspot is provided by your ISP you will have to ask him about accessing and credentials for the WLAN and not your IT-Admin.
The thing is, I'm working for that ISP provider, so I asked their IT Admin, but I'm also their user and I'm using my private ISP account to access these hotspot locations :)
 

Hudrator

Senior Member
@almirsahbaz

Ahhhhhh - now that make sense for me. Thanks for clearing things up. Back to your problem:

It will get troublesome....
PEAP Authentication "normally" requires the authenticator (aka the Server, Wifi Controller... some referring to it as a RADIUS-Server - which can also be a "role" performed by another server; often used are Domaincontrollers ) to offer a certificate. Simple speaking: Kind of similar to webserver-authentication for https.
Your phone then "checks" the provided certificate on validity. This validation step was "skipped". Skipping isn't supported anymore. This started already with android 11 (depending on oem-implementations).

So your Admins will have to deploy certificates as mentioned above and provide them to you.
The "domain" field you are mentioning is used to select the certificate of the authenticator (for a user it is often easier to enter the proper name then select the certificate out of the certificate store an the device).

The thing for you is:
You can't do anything, as your admins will have to think about the whole process. So you won't be able to use the hotspots until there have been some changes made by the admins.

What you can do is to inform the admins on the changes that google made starting at Android 11

If they want to use PEAP further on with devices running Android 12, they will have to change something!
 

almirsahbaz

Member
Feb 3, 2015
35
8
Sarajevo
@almirsahbaz

Ahhhhhh - now that make sense for me. Thanks for clearing things up. Back to your problem:

It will get troublesome....
PEAP Authentication "normally" requires the authenticator (aka the Server, Wifi Controller... some referring to it as a RADIUS-Server - which can also be a "role" performed by another server; often used are Domaincontrollers ) to offer a certificate. Simple speaking: Kind of similar to webserver-authentication for https.
Your phone then "checks" the provided certificate on validity. This validation step was "skipped". Skipping isn't supported anymore. This started already with android 11 (depending on oem-implementations).

So your Admins will have to deploy certificates as mentioned above and provide them to you.
The "domain" field you are mentioning is used to select the certificate of the authenticator (for a user it is often easier to enter the proper name then select the certificate out of the certificate store an the device).

The thing for you is:
You can't do anything, as your admins will have to think about the whole process. So you won't be able to use the hotspots until there have been some changes made by the admins.

What you can do is to inform the admins on the changes that google made starting at Android 11

If they want to use PEAP further on with devices running Android 12, they will have to change something!
Thank you for your detailed answer.

I found possible solution for them online, and I sent that to them.

I guess this is what they need to do: "Radius server's certificate needs to contain a fully-qualified domain name (FQDN) in the Common Name field."
 

Top Liked Posts