Bug 3655 – EAP-LEAP (Cisco) not supported

Bug 3655 - EAP-LEAP (Cisco) not supported


Summary:	EAP-LEAP (Cisco) not supported

Status:	RESOLVED WONTFIX

Product:	Connectivity
Component:	WiFi
Version:	5.0/(1.2009.42-11)
Platform:	All Linux

Importance:	Medium enhancement with 21 votes (vote)
Target Milestone:	---
Assigned To:	unassigned
QA Contact:	wifi-bugs

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree

Reported:	2008-09-01 00:45 UTC by Daniel Would
Modified:	2010-02-19 19:23 UTC (History)
CC List:	11 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description Daniel Would (reporter) 2008-09-01 00:45:24 UTC

A separate bug https://bugs.maemo.org/show_bug.cgi?id=1017
had many people requesting EAP-LEAP support for the nokia internet tablets
770/800/810

The last comment on that bug is:


"Comment #23 from Patrik Flykt (Nokia)   2008-08-25 16:03:31 GMT+3 [reply]

(In reply to comment #19)
> I can confirm this bug/limitation renders wireless access from my n810 useless
> as well. Our radius server supports TTLS/PAP/MSCHAPv2 and PEAP/MSCHAPv2
> however I cannot connect using the latest OS2008 wireless client as the
> username sent to the radius server is garbled and does not match that
> supplied.

So this bug is actually about the random identity? Does anyone know which
radius servers are affected and/or can anyone confirm that Freeradius works?
The authentication methods supported in version 4.1 seem to be sufficient, as
the following ones are provided according to the UI:
- WPA with EAP using PEAP-MSCHAPv2
- WPA with EAP using TTLS with EAP MSCHAPv2
- WPA with EAP using MSCHAPv2

Please file a new bug for Cisco LEAP requests."

I couldn't find another bug already opened and since I would also really value
EAP-LEAP support I figured I'd file this request.

I was a little surpised that my Nokia e61 supports EAP-LEAP no problems, but
the 770 doesn't have support.

I will raise a separate bug to cover the fact that the EAP-TLS support in the
770 does not appear to work fixing either this missing feature or the problem
with TLS would solve my problem of connecting at work.

Comment 1 Daniel Would (reporter) 2008-09-01 01:00:13 UTC

I forgot to add link to a user on the other mentioned bug that suggested adding
wpa_supplicant support as a suitable route.
He provides good comment on the current situation and links to useful info:

https://bugs.maemo.org/show_bug.cgi?id=1017#c22

Comment 2 Quim Gil nokia

2009-03-10 22:56:54 UTC

Cisco itself is phasing out LEAP due to weaknesses found in its security model.
Therefore Maemo has no plans to support it.

Comment 3 Andre Klapper maemo.org

2009-12-16 17:36:58 UTC

*** Bug 7034 has been marked as a duplicate of this bug. ***

Comment 4 rod 2009-12-20 14:30:32 UTC

(In reply to comment #2)
> Cisco itself is phasing out LEAP due to weaknesses found in its security model.
> Therefore Maemo has no plans to support it.
> 

Could you point me to some documentation / announcement from Cisco please

Comment 5 Andre Klapper maemo.org

2009-12-20 15:40:16 UTC

(In reply to comment #4)
> Could you point me to some documentation / announcement from Cisco please

Please try Google?
5th hit when searching for "Cisco LEAP":
http://searchnetworking.techtarget.com/news/article/0,289142,sid7_gci959510,00.html

Comment 6 rod 2009-12-20 15:49:47 UTC

(In reply to comment #5)
> (In reply to comment #4)
> > Could you point me to some documentation / announcement from Cisco please
> 
> Please try Google?
> 5th hit when searching for "Cisco LEAP":
> http://searchnetworking.techtarget.com/news/article/0,289142,sid7_gci959510,00.html
> 

The only quote from CISCO in that I see is "Cisco, meanwhile, is not pushing
any single security approach, Bolinger said"  Am I missing something?

Comment 7 peter_kissa 2009-12-28 19:04:29 UTC

The following document cites (Page 5) a study from 2004 (a bit old - I agree):
  http://i.t.com.com/i/tr/downloads/home/gou_secure-wireless-guide.pdf

"46 percent of IT executives in the enterprise said that they used LEAP in
their organizations."

Not sure how much this number has changed - more recent studies are needed.
What I can say - my employer (one of the biggest IT enterprises) still uses
LEAP on their sites worldwide...

So the question really is: can Nokia afford to risk ignoring this?

Comment 8 Juha 2010-01-25 11:10:17 UTC

I updated my firmware (maemo 2.2009.51-1) and voila ... select EAP, TLS,
provide your previously installed certificate with the codeword, and the world
is now your oyster :)

http://www.nokia.co.uk/support/download-software/device-software-update#

Browser supports portrait mode now as well (ctrl-shift-0).

Comment 9 Andre Klapper maemo.org

2010-01-26 12:30:46 UTC

*** Bug 8498 has been marked as a duplicate of this bug. ***

Comment 10 Daniel Would (reporter) 2010-01-28 15:58:36 UTC

(In reply to comment #8)
> I updated my firmware (maemo 2.2009.51-1) and voila ... select EAP, TLS,
> provide your previously installed certificate with the codeword, and the world
> is now your oyster :)
> 
> http://www.nokia.co.uk/support/download-software/device-software-update#
> 
> Browser supports portrait mode now as well (ctrl-shift-0).
> 
this still did not work for me.
also this bug was about lack of leap support not tls.

its a real shame nokia sees no value in this support for maemo. 
it works in linux, it works on my e71. android phones and ipdones support lesp.
so why nokia with just maemo write it off as being phased out and not worth
supporting?

Comment 11 Cláudio "Patola" Sampaio 2010-01-28 23:50:05 UTC

I second Daniel Would's opinion. LEAP is very important, it is a "de facto"
standard on several businesses, including the one I work in. Please reconsider
reopening this bug report. Linux supports LEAP, why shouldn't Maemo?

Comment 12 Andre Klapper maemo.org

2010-01-29 13:55:58 UTC

(In reply to comment #11)
> Linux supports LEAP, why shouldn't Maemo?

Because "Linux" (whatever that exactly means) is a codebase with a longer
history, while Maemo is younger and hence implementing old deprecated stuff is
low priority if other more often used stuff is still missing either. See other
open bugs in Connectivity.

Comment 13 Naterator 2010-02-19 19:23:03 UTC

Well this stinks.. I was excited about my n900 until i read this. So 50 percent
of cisco customers are using Leap and Nokia thinks that it is being fazed out.
(We are actually pushing leap harder then ever) 

So with Nokia's comments, I am only to assume any other "new" phone nokia puts
out can 'not' be used by me in my application of their product...