Trouble connecting to WiFi after Chromebook updated to OS 45

1 806 skatījumi
Pāriet uz pirmo nelasīto ziņojumu

Joe Brownfield

nelasīta,
2015. gada 16. sept. 21:03:4716.09.15
uz Apps User Group
As I was enrolling a few new devices last week they auto-updated to 45 before I could stop them from going past 44.  Now they drop their Internet connection, give me a DHCP Lookup failed error, or won't connect at all.  Any one else dealing with this?  I've been in contact with both Google and Samsung.

Colleen Tegeler

nelasīta,
2015. gada 17. sept. 18:18:0417.09.15
uz appsus...@googlegroups.com
Others have seen this as well.  See post below.

https://plus.google.com/u/1/+RobinHosemann/posts/VReHiHQzDeW?cfem=1

On Wed, Sep 16, 2015 at 9:03 PM, Joe Brownfield <jbrow...@walnuttsd.org> wrote:
As I was enrolling a few new devices last week they auto-updated to 45 before I could stop them from going past 44.  Now they drop their Internet connection, give me a DHCP Lookup failed error, or won't connect at all.  Any one else dealing with this?  I've been in contact with both Google and Samsung.


Email Disclaimer: Pursuant to School Board policy and administrative guidelines, this e-mail system is the property of the Walnut Township Local School District. All users are cautioned that messages sent through this system are subject to the Public Records Law of the State of Ohio and subject to review by the school district. There should be no expectation of privacy.

--
You received this message because you are subscribed to the Google Groups "Apps User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to appsusergrou...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

JP Connolly

nelasīta,
2015. gada 17. sept. 18:21:0517.09.15
uz appsus...@googlegroups.com,Blair Carswell
What type of SSID/auth is this using? What wireless vendor/brand? 
--
JP Connolly
Director of Technology
Saint Ann's School
129 Pierrepont St.
Brooklyn, NY 11201

Joe Brownfield

nelasīta,
2015. gada 18. sept. 09:06:1918.09.15
uz Apps User Group
We have started rolling back the managed Chromebooks to 44 with a USB flash drive and that seems to be doing the trick on the Samsung XE500C12-K012US.  All staff have Lenovo N21 that are unmanaged.  Once they update to 45 they lose their connection to the Wifi.  I can block the update site here in our firewall but as soon as they take it home it will update.   Our WiFi vendor/brand is Ruckus.  

Deborah DeLecce

nelasīta,
2015. gada 24. sept. 15:47:2324.09.15
uz Apps User Group
We have the same problem. We are connecting via PEAP and Do Not Check for Server CA Certificate to authenticate to our network. The error I get is "Authentication certificate rejected locally."  I have a case opened with Google. They say they are working on it. Here is what google sent me:

"I mean the engineers are working to get this resolved or find out a workaround, they opened a bug which doesn't really solves this problem, but it grants that they are working on this issue, for more detail about it, please visit https://code.google.com/p/chromium/issues/detail?id=510522.

 

1. What's happening?

- The main problem here is the Diffie Hellman weakness, this is a mathematical algorithm that is used to exchange a shared secret between two parties (i.e.: client and server). This shared secret can then be used to encrypt messages between the two parties and/or authenticate networks.

- With the recent wave of further SSL attacks on the tech community, Chrome OS and other systems are making moves to stop SSL clients from negotiating connections where the parameters have weak Diffie-Hellman (DH) keys.

 

2. Behavior:

- Customers affected by this issue are reporting that they are not able to connect to their PEAP/EAP-xxx networks.  This is most likely due to the fact that an appliance in their environment is using a DH key with sub-1024 bit encryption (i.e.: radius server, vpn concentrator, etc.)

 

3. The workarounds given are:

- Upgrading the DH parameter file to 2048 bit       -or-

- Use PPSK instead of EAP-xxx                            -or-

- Update firmware on appliance

 

4. What I would recommend:

- Contact your network administrator and certificate issuer to upgrade the DH parameter file to 2048 bit, this will increase your certificate quality and security and it will allow the connection to succeed.

 

5. For more details about the Diffie Hellman attacks, please visit https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html.

 

In the meantime, I'll keep this case open as I want to see the resolution, but please keep in mind that it all resides on the fact of the Diffie Hellman weakness and the recent SSL attacks. "


We also contacted our wireless vendor, Aerohive, and they also said they are working on it. This is what they said:

"The newer releases of the Chromebook OS version 45 have increased the key size required for the Diffie Hellman Key exchange.
This change has not yet been reflected in our APs library, and we do not yet support the larger key size.
We are aware of this change, and are should have a solution soon.

At this time, the only workaround available would be to change the authentication type to PPSK. "


My network administrators don't want to use PPSK--not sure why. We are able to connect everyone to the guest network and that is what we have done. Does anyone else have any work arounds?





On Wednesday, September 16, 2015 at 9:03:47 PM UTC-4, Joe Brownfield wrote:

Larry Dougher

nelasīta,
2015. gada 25. sept. 09:28:1525.09.15
uz appsus...@googlegroups.com
We use Aerohive with PPSK....after reading this thread, glad we do.

Thanks,

Larry Dougher
Chief Information Officer
Information Technology Services
Windsor Southeast Supervisory Union
127 State Street, Windsor, VT 05089
Email | Google+Twitter | LinkedIn | 802.674.8336


Atbildēt visiem
Atbildēt autoram
Pārsūtīt
0 jauni ziņojumi