Android 11 / FP3 : entreprise wifi bug

Hi,

I recently upgraded my fairphone3 to android 11 and almost everything works, but my employer Wifi: it requires login via PEAP/MSCHAPV2 with AD login credentials

It worked just fine on android 10

since the upgrade : it no longer works.

I tried the following :

  1. Delete wifi configuration and redo it > same results

  2. Import enterprise cert and reconfigure wifi > same results

  3. After 2. Delete wifi configuration and redo it > same results

The select list for the CA certificates is greyed and unavailable (ergo my try with the enterprise CA)

according to the wifi server logs my credentials are not correct (I triple checked them) it is a generic message.

Are there any logs on the device ?

Here is a screenshot :

Welcome to our community forum! :slight_smile:

A shot in the dark:

In Settings > Network and internet > Wi-Fi > [your employer network] > Advanced > Pricacy, is it set to Use device MAC or Use randomised MAC (default)?

In my own network, I had to change the setting to “Use device MAC” to be admitted – with an FP4, but also on Android 11. This option was not available in Android 10.

1 Like

You may have look at this discussion which might bring some helpful information:

Did you fill out the domain (“Domaine”) field?

Yes of course, all possible combinations :wink:
But that doesn’t help because the domain has no valid certificate.
The information came from my own IT department after I called them for help. They know the solution, but they won’t apply it any time soon. In any case, as an end-user there’s nothing you can do.

That I have to try! One never knows…

1 Like

Hi,

thanks for the reply. Worth a try, but same results with the “Use device MAC” option: failure to authenticate

1 Like

Hi,

thanks for the reply.

I replicated the same configuration I used with Android 10 best I could:

  • Méthode EAP : PEAP as indicated by my IT colleagues
  • Authentification étape 2: MSCHAPV2 as indicated by my IT colleagues
  • certificat CA: use system certificates (non modifiable) whereas my IC colleagues indicateed “do not verify”
  • Etat du certificat en ligne : ne pas valider (default) (I tried all values)
  • domain (required): set to the correct value indicated by my IT colleagues
  • Identité : my username as indicated by my IT colleagues (I tried variations)
  • anonyme : empty as indicated by my IT colleagues
  • passowrd : my usual password (triple-checked)

I tried multiples variations on domain and username…

Is there somewhere I could unlock the “certificat CA” option ?

Where should I look for find any useful logs on failed WIFI authentication on my FP3 ?

To illustrate that wi-fi can be weird: with me, the upgrade to Android solved a woody problem problem: I could never log in to my employers wi-fi at my own office, but at all other locations where this same network (eduroam) was present, it connected without problem. This issue disappeared with the upgrade.

Of course it does not help you…

That may be as before the upgrade you did not have both 2.4GHz and 5GHz enabled.

In Android 11 it is not possible to select Wi-Fi bands both are active

1 Like

IT can see at RADIUS and you can with developer options enabled there’s an option to debug on your side.

I use the same feature on my FP4 (as successor of my FP3 which is my backup phone; I just started it up with Android 11 and it works). However you have not selected a CA certificate (I use a self-signed one, so I must select it) which means it uses the ones available on system (hence no option). Online status is for CRL (certificate revoked list). These are certificates which used to be valid but are not longer, it allows the admin to revoke a cert for example in case of private key compromise. I also remember than in Android 11 (in contrast to Android 10) you had to specify the domain if you add a new entry. Although this article here does not mention it https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/

In short I suggest you try with adding the domain. Ask IT for it if you don’t know.