09-18-2014 06:33 AM - edited 07-05-2021 01:33 AM
We have an older SSID using LEAP (we are scheduled to migrate away from this BTW, but not soon enough) and existing Apple client devices who upgraded to iOS 8 are having authentication issues.
Just wondering if anyone else is experiencing this same issue.
Thanks.
Jeff
Solved! Go to Solution.
09-23-2014 12:47 PM
OK, I have been having this same problem so, I called Apple Enterprise support. The fix is as follows:
- Use Apple Configurator to create a WiFi profile with LEAP enabled
- Go to Make Profile
- Click on WiFi Payload for IOS8 or Later except Apple TV
- and click LEAP as the Authentication type
- Go to the Prepare screen and find the profile you created and click the Share button. That exports the profile that can be pushed to the IOS devices or (as in my case) imported into my third party MDM software and pushed out that way. You can also email that profile to the users device.
I hope this helps some of you.
Cheers
***************************(UPDATE) I have tested this and it works.************************************
09-18-2014 06:46 AM
Per the KB, it sounds like you need to re-enable it after upgrading to iOS8
http://support.apple.com/kb/HT6441
Depending on how you configured authentication, it may require pushing out a new profile
Eric
09-18-2014 07:02 AM
Eric,
Thanks for the reply and we are testing this with a device and I will post our results.
Jeff
09-18-2014 11:49 AM
Thanks for the link Eirc +5
04-04-2015 07:17 AM
May I know how to enable that in my iOS8 devices? I don't have Mac, so Apple Configurator is not a solution to me. I reset my network in my iOS8 devices, it is not working.
Any thing I need to do?
09-18-2014 12:08 PM
According to the Apple Knowledge base "LEAP is disabled by default". So far we haven't been able to find where to enable it and when adding an SSID LEAP is not an option.
Does anyone know where to enable it?
Thanks.
Jeff
09-22-2014 10:20 PM
Hi Jeff,
This link may not give answer to your question. But it is a worth document to understand iOS8.0 Security policies.
http://images.apple.com/privacy/docs/iOS_Security_Guide_Sept_2014.pdf
HTH
Rasika
**** Pls rate all useful responses ****
09-23-2014 05:18 AM
Rasika,
Thanks for the document as it says iOS supports LEAP but we are not able to find where to enable it in ver 8. The Apple KB says LEAP is disabled by default so by this wording it can be enabled. If its removed in iOS 8 then they should have worded it that way.
We are still searching and waiting but its not looking good.
Thanks again.
Jeff
09-23-2014 12:47 PM
OK, I have been having this same problem so, I called Apple Enterprise support. The fix is as follows:
- Use Apple Configurator to create a WiFi profile with LEAP enabled
- Go to Make Profile
- Click on WiFi Payload for IOS8 or Later except Apple TV
- and click LEAP as the Authentication type
- Go to the Prepare screen and find the profile you created and click the Share button. That exports the profile that can be pushed to the IOS devices or (as in my case) imported into my third party MDM software and pushed out that way. You can also email that profile to the users device.
I hope this helps some of you.
Cheers
***************************(UPDATE) I have tested this and it works.************************************
09-23-2014 01:42 PM
Thanks for this update...
09-23-2014 02:00 PM
You're very welcome. We were able to push this to all 94 of our corporate iPads and it works fine. Cheers
09-23-2014 11:09 PM
I was also stuck with this. Luckily, I upgraded early so I was able to roll back to 7.1.2 on iPhone because Apple was still signing the previous version. But I know that I cannot play trial and error because I may not be able to roll back if I upgrade again. Also, the current config utility for iPhone requires OS-X 10.9 which I don't have.
My config (12.4(15)T on an old 871W) is many years old, and I had to do a lot of trial and error setting it up since 99% of examples on the internet are "this doesn't work, what is wrong with it" :-(
dot11 ssid VaxinationWiFi
vlan 10
authentication open eap eap_list_name
authentication network-eap eap_list_name
authentication key-management wpa optional
guest-mode
(there is a local radio server on the router).
I have no idea whether the above is kosher, but it works fine for my laptop and my iPhones whuch never had problems before until IOS 8.
Unless Apple explicitely states that it has re-enabled LEAP (is LEAP the same as EAP ?), I would rather change my router to another flavour of WPA2 Enterprise.
within config mode, these are the options given by my router for the authentication command:
router1(config-ssid)#authentication ?
client LEAP client information
key-management key management
network-eap leap method
open open method
shared shared method
Note that I do not use "client" in my config.
So what would be recommended in terms of ssid config to maintain similar authentication secrity AND please Apple ?
This router caused me no end in headaches because I got the cripped "advanced security" instead of "advanced IP" without knowing there were options. I realise it is time to replace but not sure by what model yet.
09-28-2014 05:18 PM
Spent a bit more time on the issue.
Some said that the issue isn't with EAP itself but the encryption used.
Here is what my router can handle: (871W, 12.4(15)T9 IIRC.
router1(config)#int Dot11Radio0router1(config-if)#encryption vlan 10 mode ciphers ?
aes-ccm WPA AES CCMP
tkip WPA Temporal Key encryption
wep128 128 bit key
wep40 40 bit key
Has anyone gotten confirmation from Apple on which of the above is acceptable to "out of the box" IOS8 ? My router is setup with aes-ccm, and that one does not work with IOS-8.
Or are all of the above unacceptable to Apple which means I need to buy a new router if I want to upgrade to IOS8 and not use the configurayion utility (requires 10,9) ?
09-25-2014 05:20 AM
Thanks for the reply.
We don't use the Apple Configurator as the Apple devices are personally owned. Can we create, export and distribute these profiles for just the SSID without affecting other settings on the device? We don't want to be liable settings caused by a profile we provided and the user imported.
Appreciate the help.
Jeff
09-25-2014 12:48 PM
That is an excellent question for Apple support. I would like to say yes but, PLEASE verify before attempting. Have a great day.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide