Configuring a Nokia N95 phone for PEAP+MSCHAPv2 (v2.0, 27th Feb 2014)

Described here are the steps involved in configuring the wireless client in a Nokia N95 phone to authenticate via eduroam using PEAP+MSCHAPv2. Your home site will be able to tell you whether PEAP+MSCHAPv2 is the appropriate authentication method that you should use (as it depends on the back-end solution in place at your home site), and they will also be able to provide you with the information required during the configuration steps below.

Configuration instructions

In the following instructions, you can click on the reduced images for a legible full-sized representation. The image will open in a separate browser window. When filling in fields, any values that appear in the text below in this colour are sample strings only and must be replaced with the appropriate value for your case - contact your home site for clarification of what specific values you should use.

  1. On the Nokia phone, wifi profiles are shown as "access points". Navigate to the current list of defined wireless access points via the following screens: Menu->Tools->Settings->Connection->Access Points.
  2. Existing defined profiles/access points are shown, ordered alphabetically. To add a new profile, click Options and select New access point.

  3. Define the general profile settings. Once done, highlight and click on WLAN security settings tab.
    Connection name eduroam
    Data bearer Wireless LAN
    WLAN network name eduroam
    Network status Public
    WLAN network mode Infrastructure
    WLAN security mode WPA/WPA2
    Homepage None
  4. Under WLAN security settings, select EAP as the means of authentication. Once done, highlight and click on EAP plug-in settings.
    WPA/WPA2 EAP
    WPA2 only mode Off
  5. Under EAP plug-in settings, select EAP-PEAP as the only authentication protocol. By default, several authentication protocols are enabled, so for each one highlight the entry in the list and use Options->Disable to disable it. Once all of the other protocols have been disabled, highlight EAP-PEAP and use Options->Enable to enable it. The final list should show only EAP-PEAP as enabled (i.e. with a tick beside it), as shown. Once done, highlight and click on EAP-PEAP in order to configure it further.
  6. Define the EAP-PEAP properties. These identify the details of the SSL certificate on your home authentication server, and are essential in order to prevent your phone's wireless client from sending your credentials to a fake server. Your home site will be able to provide you with the necessary details, which you should substitute as appropriate below (the images below show sample values for the fields, which you will need to replace with the values for your home site). It is assumed here that the correct CA certificate is already installed on your wireless device and therefore appears in the list of known certificate issuers. Once done, use your phone's right arrow button to move to the EAPs tab.
    Personal certificateNot defined
    Authority certificate Select the appropriate CA entry for your home site from the list.
    Username in useUser defined
    User nameanonymous
    Realm in useUser defined
    Realmmysite.ie
    Allow PEAPv0Yes
    Allow PEAPv1Yes
    Allow PEAPv2No
  7. Under the EAPs tab, select MSCHAPv2 as the only authentication method. By default, several authentication methods are enabled, so for each one highlight the entry in the list and use Options->Disable to disable it. Once all of the other methods have been disabled, highlight EAP-MSCHAPv2 and use Options->Enable to enable it. The final list should show only EAP-MSCHAPv2 as enabled (i.e. with a tick beside it), as shown. Once done, highlight and click on EAP-MSCHAPv2 in order to configure it further.
  8. The EAP-MSCHAPv2 details contain your credentials. Your credentials consist of your username, in a form much like an e-mail address, and your password. Your home site will be able to advise you of the values that you should substitute in the fields below. In this example the option to cache your credentials is chosen but you should consider for yourself whether this option is appropriate for you - if in doubt then opt to not have your credentials cached (by leaving the username field empty and setting Prompt password to "yes") so that you are prompted for them each time you use the profile. Once done, use the Back button to exit the configuration (you may have to work back through several levels within the configuration utlility) and the profile will be saved.
    User name myname@mysite.ie
    Prompt password No
    Password mypassword
  9. Your wireless client is now configured to avail of eduroam and will connect when you choose to use this profile at a site where the eduroam service is available. If you have opted to save/cache your credentials with the profile as described above then your client will connect without any intervention required by you, otherwise you will be prompted for your credentials each time.