31 May

iPod touch/iPhone – EAP/MSCHAP wifi authentication (solution)

Posted by XtraSimplicity in MP3 Players | Tags :, , , , , , |

I was having trouble getting my iPod touch to connect to my University’s wireless network, as it requires MSCHAP PEAP authentication with WPA2-Enterprise, but the iPod touch/iPhone does not include the ability to set such settings.

I managed to find a tutorial in German on the internet, and so have translated it into English, for those who can’t speak German. For those who do speak German, however, the original link can be found here: http://www.apfeltalk.de/forum/802-1x-iphone-t158493.html#post1527965

So, on to the translation of the article:

Many of you know that the iPhone 2.0 software now finally also supports 802.1X. Many have missed this feature, especially us students, as many Universities use this standard for authentication in their WLANs.
I have searched in my device for a possibility to change such settings to no avail. After a few Google searches, I then found out that one must use the “iPhone Configuration Utility”, which Apple offers as a free download (Links can be found after this clause.

There is also a version for Mac OSX, and Windows.

Download (Windows)
Download (OSX)

I will quickly explain the required steps. The procedure is also described in a support  document (which no longer exists, but similar documentation can be found here: <a href=”http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf”>http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf</a>).

Next, one must create a profile with all necessary settings, in the Configuration Utility. This can then be exported as a .mobileconfig file. One can simply either leave this file on a webserver, and then open the link on the device, using Safari, or send the file by Email to the device. When one uses the Webserver method, one should set the Webserver settings to use the MIME-type “application/x-apple-aspen-config mobileconfig”, as the profile file will otherwise be displayed as a general XML-document.
You will need to request the actual settings to use, from your WLAN admin(s). At Universities, such information can normally be found on the page of the IT services website. In my case, I only had to untick “Protocol” TTLS, and enable PAP under “Internal Identification”. A certificate was not required, this will be transferred during connection, and must be confirmed.
The Username can be saved, so that it isn’t required to be entered in the future. Otherwise, the username will be requested on first connection to the network. One selects  “Request password with every connection”, so the password will always be requested, in other cases it will only be requested once, and then saved.

Once you’ve opened the file, the following dialog appears:

After the confirmation of the Installation, the Profile appears in the Settings. It is also possible to have more Profiles.

Input of the Username into the Device: