Entomological Description

My photo
Sydney, NSW, Australia
I'm a Christian husband currently finishing a Software Eng degree and wondering what God's plan for my life is. I sleep soundly in the knowledge that time will assuredly answer that question with little effort on my part.

Saturday, October 11, 2008

UNSW Uniwide Wireless on a Nokia E71

OK, this post is really meant to catch some flies. Looking at my site logs, I know that people sometimes stumble upon my blog looking for solutions to things that I haven't really got solutions for. Here's another such thing, but hopefully we can work something out.

In a previous post I sang the praises of my new Nokia E71 running Symbian S60 3rd ed. It's a great little unit and has the full complement of connectivity options, including 802.11g Wifi supporing WPA/WPA2/802.1x authentication.

In case you also weren't aware, I go to the University of New South Wales, who recently provisioned their campus with a free wireless network for students and staff.

The Uniwide network, as it is known, uses WPA2/EAP-PEAP/MSCHAPv2 to authenticate students, all of which are supported by the E71. The ITS setup page lists these details but rather unhelpfully only provides an actual guide, or support, for the iPhone and its bretheren. (I'll have a rant about trading one monopoly-type technology organisation for another in a separate, future post. Go FLOSS!)

So here is a run down of what I tried, in order:

  1. The "I'm an iPhone user" approach. That is, I went to uni, scanned for networks, found the "uniwide" network, and told it to connect. Result: Authentication failed. No network, no way.

  2. The "OK, I was just pretending. I actually do like fiddling with settings" approach. That is, taking the automatically created Access Point as a starting point, I delved into the settings to see what was wrong. It had correctly set the network up as a WPA2, EAP-based network, but was attempting to use EAP-SIM or EAP-AKA to authenticate. "Aha!" I cried, deftly enabling EAP-PEAP and disabling the other EAP protocols. In so doing I also then found that the settings for EAP-PEAP allowed you to set up another layer of EAPs, which were also defaulting to EAP-SIM and EAP-AKA. This time I enabled EAP-MSCHAPv2 and set my username and password for MSCHAPv2 accordingly. Feeling rather pleased with my own powers of reasoning, I tried connecting. Result: No network, no way. "EAP-PEAP Authentication failed"

  3. The "This is starting to get a little ridiculous" approach. I happen to know, from setting up my laptop with this network, and from the iPhone setup guide, that you have to accept UNSW's security certificate to connect to the network. I also happen to know that the Authority certificate that the uni is using is called UTN-USERFirst-Hardware, and is issued by a company called Comodo. It is available for download here. I cleverly determined that this CA isn't installed on the E71, so maybe the poor phone can't authenticate the certificate it's being presented with. Not knowing a huge amount about certificate chains and all that, I installed those certificates onto the phone from the comodo website. This in itself didn't change anything. So I went one step further and in the EAP-PEAP settings, I set the Authority Certificate to be the UTN-USERFirst-Hardware certificate that I had just installed. Result: The phone takes a really long time thinking about connecting before finally failing in exactly the same way as before. Not happy.

  4. The "Somebody out there must have worked this out already" approach. I wrote a blog post about my troubles and will wait for some kind soul who finds this through Google to comment on the post with their experiences, be they positive or the same as mine.

Seriously. Any Symbian S60 users out there who have worked out the voodoo that makes these little suckers want to play nice with Uniwide? I'm a little bit perplexed by it all.

And while you're here, you might as well comment on this too: does anybody else have issues connecting to some wireless networks with a "No Gateway Reply" error? This is unrelated to the Uniwide network, as it seems to happen consistently at my parents home network, which is just a regular WPA-PSK network, with MAC restriction, and it also occassionaly happens at my own home (oh the shame...)

So although I am pleased with my E71 and it does what it's told most of the time, I am also looking forward to the next firmware update, which will hopefully be not to far away, thankyou, Nokia.


Tim Bennett said...

Hi Matthew, you've rubbed the lamp and here I am!

It sounds like you're a new UNSW employee, so I'll wager you're having the same problem that I did (with my iPhone, funnily enough, before those instructions were on the IT website).

The first, most, most, MOST important thing to do is reset your Unipass. For some inexplicable reason this isn't detailed on the setup page! You can reset your Unipass here - note that you don't actually have to change it, and can just enter your existing password as your new one.

This ought to sort your problem out!

tim bennett said...

Actually, on closer reading, it sounds like you're a student, not an employee. Doesn't change a thing with the instructions, though. Once you reset your device, everything should work fairly easily.

Matthew Frazer said...

Thanks Tim. I wasn't expecting my little honey pot of search keywords (sprinkled liberally throughout my post) to attract anyone so quickly!

I have already reset my UniPass once before, as I have Uniwide access for my laptop computer - I didn't mention that in my original post but I guess it's prudent. So I don't think that's it, but in the spirit of leaving no stone unturned, I'll reset it once more and try again when I go into campus tomorrow.

Matthew Frazer said...

Just to confirm, I've tried resetting my UniPass and I'm still unable to connect using EAP-PEAP. I can login using the web authentication method, which is something, but doesn't let my email get checked automatically or anything like that.

Anyone have any other thoughts?

olivier said...

Just to confirm in the other direction (the good one!).

I was manually configuring wpa_supplicant on my Linux computer. Everything seemed alright, but I couldn't connect.

Messing with the configuration and certificates didn't work. Eventually, resetting my password (to the same value...), as Tim pointed out, worked!

For reference, the working wpa_supplicant.conf entry:

pairwise=TKIP CCMP

Michael Man said...

use the instruction of uniwide_webauth. It works for my E71 for web browsing. Though I haven't figured out how to make my unimail working with it.

Sheen 赵欣 said...
This comment has been removed by the author.
Sheen 赵欣 said...

Hi Mat,

I am a student in unsw as well. Today I have successfully connected to uniwide with my E65, after read you post and some nokia forum. ;)

I post my configuration in my pages and you can try it with you E71. Let me know if you can or not.




Frustrated e71 user said...

Thanks you!

Anonymous said...

Thanks Sheen for the link. It works perfect for the E75 with uniwide as well.
Thanks a heap!!!

ryuhayabusa said...

thank you all for your help.

for other peoples reference.

i am connected to uniwide using certificate UTN-USERFirst-Hardware.crt
from the site recommended

using wicd with peap tkip and ipw2200 driver on ibm r51 thinkpad.

i tried before using a dlink g650 with ar5212 driver but was unable to connect.
I am happy as larry

thanks to redback/guys for getting me online.

Anonymous said...

Thanks for the link to the certificate. It worked perfectly well on Symbian 60 5th ed. in combination with the settings at the ITS site.