This mod take a couple of minutes to complete and allows for PEAP wifi connections. Requires root access and ADB knowledge.
I AM NOT RESPONSIBLE FOR ANY ISSUES YOU CREATE WITH THIS. IT IS A ROUGH GUIDE AND WORKS FOR ME. DO AT OWN RISK.
Tutorial For Adding LEAP/PEAP Wifi
1. Open Command prompt window in Windows.
2. Go to your directory that you have Android SDK in.
3. Change directory to Tools. So for eg. C:\Android\Tools
4. Type in adb devices. You should see your device. If not install ADB driver. Google it.
5. Type in adb pull /data/misc/wifi/wpa_supplicant .conf c:\wpa_supplicant.conf
6. This stores wpa_supplicant.conf on your C: drive.
7. Open file with wordpad.
8. Add the following to the files:
for PEAP add this code:
network={
ssid="Your SSID"
key_mgmt=WPA-EAP
identity="Your Username"
password="Your Password"
}
for LEAP use this:
network={
ssid="Your SSID"
scan_ssid=1
key_mgmt=IEEE8021X
auth_alg=OPEN SHARED LEAP
eap=LEAP
identity="Your Identity"
password="Your Password"
}
9. Save the file.
10. Type push c:\wpa_supplicant.conf /data/misc/wifi/wpa_supplicant .conf
11. Now the important part. If you miss this your wifi will not work after reboot.
12. Type adb shell
13. Should get # prompt.
14. Type su.
15. Type cd /data/misc/wifi
16. Type chown 1010 wpa*
17. Type chgrp 1010 wpa*
18. Close command prompt window and enjoy LEAP/PEAP wifi.
What is the difference between the two?
A question that might help the unacknowledged
EAP and LANs
EAP originated with the dial-up PPP protocol in order to support protocols beyond PAP and CHAP. For use on packet networks, EAP Over LAN (EAPOL) was created. EAPOL added new message types and allowed an Ethernet header to be prefixed onto EAP messages so they could be transmitted via Ethernet. Following are various EAP methods used mostly in wireless networks, but also in wired networks. See 802.1X, WPA and 802.11i.
EAP-TLS (EAP-Transport Layer Security)
Uses the handshake protocol in TLS, not its encryption method. Client and server authenticate each other using digital certificates. Client generates a pre-master secret key by encrypting a random number with the server's public key and sends it to the server. Both client and server use the pre-master to generate the same secret key.
EAP-TTLS (EAP-Tunneled TLS)
Like EAP-TLS above except only the server has a certificate to authenticate itself to the client first. As in EAP-TLS, a secure connection (the "tunnel") is established with secret keys, but that connection is used to continue the authentication process by authenticating the client and possibly the server again using any EAP method or legacy method such as PAP and CHAP.
PEAP (Protected EAP)
Similar to EAP-TTLS above except it does not support legacy methods. It only moves EAP frames. Windows XP natively supports PEAP.
LEAP (Light EAP, Cisco LEAP)
From Cisco, first implementation of EAP and 802.1X for wireless networks. Uses preshared keys and MS-CHAP protocol to authenticate client and server to each other. Server generates and sends session key to access point. Client computes session key independently based on data received in the CHAP challenge.
EAP-FAST
(EAP-Flexible Authentication via Secure Tunneling)
Enhancement to LEAP from Cisco that provides an encrypted tunnel to distribute preshared keys known as "Protected Access Credential" (PAC) keys. PAC keys may be continuously refreshed to prevent dictionary attacks. EAP-FAST is defined in Cisco's Cisco Compatible Extensions (see CCX).
EAP-SIM (GSM Cellphones)
For GSM phones that switch between cellular and Wi-Fi networks, depending on which is in range. The Subscriber Identity Module (SIM) smart card in the GSM phone (see GSM) contains the secret key used for challenge/response authentication and deriving session keys for encryption.
Click to expand...
Click to collapse
Source:www.pcmag.com/encyclopedia_term
thanks
Thanks for the help clarifying that for peoples.... its finally great to be able to use the WiFi at school... would be nice to implement it automatically, I can't write the code.... but if anyone would like too it would really add to the community....
Maybe I'm misunderstanding this but i know when i try to use LEAP at school, it already has options and what not for it on my phone, none of this is necessary for me
I know with my school which is (PEAP) you couldn't input a username just a password! so if you are having troubles connecting to a LEAP or PEAP connection this is a way to workaround and get it working. If you can already connect don't worry about it! this is for those who cant connect and get crappy data in class! haha
Does this work with MS-CHAP ? How do I define it?
Thanks!
MS-CHAP already works out of the box. At least I can connect at work with PEAP, MS-CHAPv2. Could be a CM 5 thing though.
Thanks for posting this! while it did not directly solve my problem, it made me redouble my efforts to get on my company's wlan with my N1. I have tried this many times over the years with various phones including UIQ3, WM6 and never got anywhere. I always assumed that there was some sort of certificate or windows domain stuff going on.
So this morning I did a wireshark trace and put my laptops drivers into debug logging to find out how my laptop connects.
A bit of googling for the stuff I found enabled me to get a working supplicant.conf on the third attempt and I am amazed!
Appear to be using WPA2 Enterprise with EAPOL LEAP with CCMP encryption on Cisco access points.
Here is the network part of my wpa_supplicant.conf in case it helps anyone:
network={
ssid="SSID"
scan_ssid=1
key_mgmt=WPA-EAP IEEE8021X
auth_alg=SHARED LEAP
group=CCMP
eap=LEAP
identity="DOMAIN\User"
password="Password"
}
maedox said:
MS-CHAP already works out of the box. At least I can connect at work with PEAP, MS-CHAPv2. Could be a CM 5 thing though.
Click to expand...
Click to collapse
Doesn't work for me on stock rom.
What works for PEAP with MSCHAPv2 in my school is:
network={
ssid="<ssid>"
scan_ssid=1
key_mgmt=IEEE8021X
eap=PEAP
identity="<userid>"
password="<password>"
phase2="auth=MSCHAPV2"
priority=2
}
(Previously posted on my blog at http://zitseng.com/archives/2729)
It works, Thanks!
There's a way of doing that without root access:
code.google.com/p/android/issues/detail?id=1871
Step 16 17
when i type
16. Type chown 1010 wpa*
17. Type chgrp 1010 wpa*
i get the error:
"no such user '1010'"
"chgrp: not found"
what is it mean?
Is there anything I may have done wrong?
tanks
Doesn't work for me for some reason. Do you think having CM6 RC3 would make a difference? Not that I could see it doing so.
I've tried a few of the above suggestions but none work for me
The worst thing is it worked fine before I updated my Nexus One to FroYo!
my current settings for the uni are:
network={
ssid="UoN-secure"
key_mgmt=WPA-EAP IEEE8021X
eap=PEAP
identity="username"
password="password"
phase2="auth=MSCHAPV2"
}
Any help would be appreciated
The problem I am having is that it will not keep the Phase 2 auth - MSCHAPV2 setting when I set it up. Every time I go back into the ssid settings (modify network) it has reverted back to "none". However the information above was pulled from the phone so it obviously is storing the MSCHAPV2 setting, just doesn't seem to be using it!
actually cm6 rc3 should have support for Leap/PEAP i have been using it for a while without this hack.... what type of connection are you trying to connect too?
Related
Hi,
Last week I received my Archos 101. In general it is great. Even better is this forum
I installed urukdroid (thanks to the project-team!). I tried to use openvpn but it failed and I am not sure about the reason.
The server-configuration is
...
ifconfig-pool 10.10.10.120 10.10.10.130
push "route 10.10.10.1"
route 10.10.10.0 255.255.255.0
ifconfig 10.10.10.1 255.255.255.0
push "route-gateway 10.10.10.1"
push "route 10.10.10.0 255.255.255.0"
...
As the Archos is the only device it would get IP 10.10.10.120.
BUT: ifconfig shows:
inet addr.: 10.10.10.255 Bcast: 10.255.255.255 Mask 255.0.0.0
That did (and cannot) work. No ping to home network possible.
When I called route it looked fine (I used redirect-gateway).
When I send the command
ifconfig tap0 10.10.10.120 broadcast 10.10.10.1 netmask 255.255.255.0
from Archos Terminal I had at least access to my home network. But all route entries are gone.
Who has an idea what I am doing wrong? I checked it in the last day again and again... If there is no solution: is it possible to 'save' the entries from route and restore it after my manual change of ifconfig? I would like to do it via script, as my home network I only reachable via dyndns.
Thanks and best regards!
I used the OpenVPN Howto Quickstart and had no problems.
macemoneta said:
I used the OpenVPN Howto Quickstart and had no problems.
Click to expand...
Click to collapse
Yes, I know the guide. I did the same with my ubuntu-netbook and it works directly.
And I think, it would work also on the Archos, if the openvpn/ifconfig on Archos accept the 10.10.10.120. But the IP is changed to 10.10.10.255 and that did not fit.
Where the h*** did the 255 instead of 120 come from?
I noticed the same problem...
No idea where it comes from, but as a workaround, you can put a script somewhere containing a suitable "ip addr add x.x.x.x/y dev z" statement, and reference that in the .conf file as "up scriptname".
Note that you need to add "--script-security 2" to the openvpn commandline to make that work. I added that to the OPENVPN_CFG variable in /etc/uruk.conf/openvpn.
regards
Patrick
This is the openvpn configuration I use for my Archos 101 (on the server). I'm not having any problems, using openvpn 2.1.1:
Code:
port 1194
dev tun
tls-server
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/[COLOR="Blue"]<my host>[/COLOR].crt
key /etc/openvpn/keys/[COLOR="blue"]<my host>[/COLOR].key
dh /etc/openvpn/keys/dh1024.pem
mode server
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool 10.8.0.4 10.8.0.255
push "route 10.8.0.1 255.255.255.255"
client-config-dir ccd
push "redirect-gateway def1"
push "dhcp-option DOMAIN [COLOR="Blue"]<my domain>[/COLOR]"
push "dhcp-option DNS [COLOR="blue"]<my dns server>[/COLOR]"
keepalive 10 60
inactive 3600
route 10.8.0.0 255.255.255.0
user openvpn
group openvpn
persist-tun
persist-key
verb 4
I examined the situation a bit further.
The problem comes from the ifconfig command that openvpn calls itself:
Code:
/system/bin/ifconfig myvpn \
192.168.x.41 \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255
This is only used when tap interfaces are involved, which is the case in my setup, but not in the setup macemoneta is showing. caesar68: do you also use tap interfaces?
I can reproduce the problem by just using that ifconfig command again.
When I list the IP-address-to-set as the last argument, instead, it works, i.e.
Code:
/system/bin/ifconfig myvpn \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255 \
192.168.x.41
A quick scanning of the openvpn manpage, does not suggest a way to override the ifconfig command that is used, but it does give an option --ifconfig-noexec which suppresses its calling.
Unfortuntely, when I just pack the is-working-after-the-interface-is-up ifconfig command into an up script with this option, it just gives me an error SIOCSIFNETMASK (Cannot assign requested address) - even if the same commandline works when I run it over an already upped interface... Probably because the interface then already had an IP address...
No problem, though, ifconfig is obsolete anyway, let us just use ip link and ip addr, which are fortunately available under Uruk.
So, caesar68, the clean solution would be to have
--script-security 2 on the openvpn commandline, e.g. via OPENVPN_CFG in /etc/uruk.conf/openvpn
in your myvpn.conf file:
Code:
ifconfig-noexec
up-delay
up-restart
up /etc/openvpn/myvpn-on-up
a corresponding script /etc/openvpn/myvpn-on-up, executable, with content
Code:
#! /system/bin/sh
ip link set $dev mtu $tun_mtu up
ip addr add $ifconfig_local/$ifconfig_netmask \
broadcast $ifconfig_broadcast \
dev $dev
Works For Me
Thanks for the explanation and the workaround, brian_o'fish. Why are you using tap though? Tap provides an Ethernet bridge, so you'll be transporting packets that really don't need to be sent to your Archos (reducing available bandwidth). Tun is layer 3 routed, so only traffic destined for either endpoint goes over the VPN connection.
macemoneta said:
Why are you using tap though?
Click to expand...
Click to collapse
That's what the server I'm using, is configured to do, as it provides transparant bridged LAN access via VPN, and that is what I want, as I am the admin of said LAN and VPN.
If the low level of broadcasts we have, ever increases or appears to be a problem to me, I'll set up an additional tun server, but for now it is simply not an issue.
Anyway, good hint in general!
Hi all!
Thanks a lot for your comments. Yes I am using tap. I would like to have access to my home network (storage etc.). Therefore I want to use the brigde functionality. And that works only when I changed the ifconfig manually afterwards. But the route is distroyed then and packages to the internet are not routed secure thru my home-network.
@ brian_o'fish: Thanks for the advise. I will try that the next days. In the moment I am happy to read, that I am not the only one with the problem (and maybe to stupid to use openvpn - but on the netbook it works).
I have never worked with tun. Maybe I could check, if that is also a workaround.
I will keep you informed, but I am on a trip the next days.
Thanks again!
*** Update ***:
I didn't work neither with tap nor with tun. Meanwhile I tried to run VPNC. I had some trouble, but it works now.
caesar68 said:
I didn't work neither with tap nor with tun.
Click to expand...
Click to collapse
Did you try the approach I described with tap, and can tell where / how it failed?
Mark here.
Thanks in advance for any help offered.
Searched around here and elsewhere since last year & can't find a solution. (please don't copy whole message in reply)
Ideal solution either: 1. Able to store/save settings and password so it does not need to be entered every day (many times) or 2. Load certificate correctly.
I have a TMous HD2 running Energy ROM (Feb 2011 version)
Connects fine to home WiFi's without prompts. Also to about 10 others when traveling - no probs.
It does not connect easily to my work WiFi. I have worked out a method, but I need to re-enter settings and password many times a day. With high security p/w with various characters etc it's a real pain.
To do so, I have setup link to WLANSettings.exe on home screen. I use these settings: 1. Work (not internet), 2. WPA2/AES, 3. PEAP (not Smart card or cert). OK. Then asks for login, password (no domain needed). First time enter login etc it doesn't connect. Second time I've learned to hit OK again and after a few seconds it connects.
If I go though the 'normal' WiFi setup it asks for a Certificate. I enter the server for the cert, password as above and it will not find it. They gave me a cert file ('home grown' PEAP Authority certificate Thawte Premium Server CA) but it loads into Intermediate, not Personal and does not work. Apparently iPhone & iPad link to cert server and install it fine.
Tried:
1. I tried Odyssey (Odyssey Access Client for Windows MobileCE - Juniper Networks ). Helps, but not perfect, but it messes up my home connection. so uninstalled (updated ROM since then)
2. Tried programs to load cert. No go. (p12imprt, pfximprt; smartphoneaddcert). Various error messages - can't remember them - along the lines of not signed, not .pfx cert etc.
3. Exported cert. from PC's (WinXP) Firefox. Can't convert it to a .pfx to use the above.
Work does not support Win Mobile. So no support offered - though they've tried to help.
The settings for my mates Nokia which does work are:
PEAP and the fields are:
Personal certificate: not defined
Authority certificate: Thawte Premium Server CA User name in use: user defined User name: 'must leave blank'
Realm in use: user defined
Realm: 'must leave blank'
Allow PEAPv0: Yes
Allow PEAPv1: Yes
Allow PEAPv2: No
Under MSCHAPv2 within PEAP settings are
User name : your 'username'
Prompt password: no
Password: your 'password'
Have tried following also (rough notes):
HKEY_LOCAL_MACHINE\Comm\EAP\Extension\25.
"InvokePasswordDialog" and "InvokeUserNameDialog" value 1, switch to 0. Works till restart.
go to commMan/ menu/ settings set work & proxy or commMan/Conns/conns
changed to HKLM, gone to directory comm\EAP\extension\25. added a folder called validateservercert and added a key to this folder - DWORD. it asks me to edit the DWORD value - in value data i have added 00000000 and selected hexadecimal.
add the key [HKEY_LOCAL_MACHINE\Comm\EAP\Extension\25] and [HKEY_LOCAL_MACHINE\Comm\EAP\Extension\26]
Mmm... 'tis a difficult one.
>"Ideal solution either: 1. Able to store/save settings and password so it does not
>need to be entered every day (many times) or 2. Load certificate correctly."
Another alternative would be software to manage WiFi login - that saves passwords.
I tried Odyssey, but it messed up home connections. WiFi Monster does not do it.
Anything out there?
Mark
Hello. I have a question related to WAP enterprise on Android. Basically, my employer has detailed instructions on how to connect to the building wifi via BlackBerry or iphone but sadly not Android. I was wondering if there is a workaround or hack for this that would enable me to connect using either BB or iphone settings. I downloaded WiFi Advanced from the Market but I haven’t been able to figure out what to fill in what field ( I do see checkboxes for LEAP and WPA Enterprise mentioned below but no proxy field). Any tips using this app or another solution is appreciated! These are the settings I need to enter:
BlackBerry:
Setup Wifi Network: Office network name (appears as WPA Enterprise)
Select LEAP as security type
Enter username and password (which I have)
Connect to network
Manage connections , choose Enterprise Subtype as LEAP
Enter username and password (which I have)
Iphone:
Enter Wifi settings, tap Other
Enter network name, tap Security
Choose WPA Enterprise for security
Enter username and password (which I have)
Connect to network
Tap blue arrow next to network name and tap Auto under proxy
Enter proxy URL
So one uses LEAP and the other one asks me for a Proxy so I am not sure which one might work for my Samsung Galaxy S2 using Wifi Advanced app from the Market.
NOTE: I am able to create the network and it shows as connected but no internet access, its says WPA_EAP IEEE8021X below the name, but dont know how to take it from there in Wifi Advanced to complete the setup as per above .
Any help is appreciated!!!!!!
I have exactly the same problem. Any ideas?
erkan79 said:
I have exactly the same problem. Any ideas?
Click to expand...
Click to collapse
This thread is pretty old, but I don't see any reply to this problem so I thought to share solution that worked for me.
As per your description "Garoto1973" your network connection didn't establish. It failed while authenticating. You may find below steps useful.
I was able to connect to my companies PEAP network by using following configurations. Please note that I am using adb to modify wifi settings so your phone should be rooted.
1- Connect your phone to your PC.
2- Pull wpa_supplicant.conf file to your machine for editing:
adb pull /data/misc/wifi/wpa_supplicant.conf
3- Edit wpa_supplicant.conf file adding this configuration for your network:
network={
ssid="<YOUR_NETWORK_NAME>"
scan_ssid=1
proto=WPA
key_mgmt=IEEE8021X
pairwise=TKIP
group=TKIP
auth_alg=OPEN
eap=PEAP
identity="<DOMAIN\IDENTITY>"
password="<YOUR_PASSWORD>"
phase2="auth=MSCHAPV2"
eapol_flags=2
}
Note that "eapol_flags=2" is very important or connection fails for me with error "W/wpa_supplicant(27862): EAPOL: Failed to set WEP key to the driver."
4- Replace wpa_supplicant.conf on your mobile with the modified file:
adb push wpa_supplicant.conf /data/misc/wifi
5- Reassign user and group for wpa_supplicant file:
adb shell chown 1010 /data/misc/wifi/wpa_supplicant.conf
adb shell chgrp 1010 /data/misc/wifi/wpa_supplicant.conf
6- Restart wifi and it should connect
hello, not sure if it will help.
try to use aplication LEAP WIFI free from the market. With this app I am able to connect to my corporate network
Hello all,
I figured this tutorial may come in handy to a few people out there since the documentation for getting this to work is quite atrocious.
What this tutorial is:
A step-by-step walkthrough of setting up wpa_supplicant.conf to access advanced networking protocols that we otherwise don't have access to (note, this will ONLY work with root at the moment).
What this tutorial is not:
A wireless troubleshooting thread for any wireless issues not related to wpa_supplicant, EAP-TLS, EAP-TTLS, etc.
Thanks ahead of time.
NOTE: This tutorial will be giving instructions for a Windows 7 machine, but 90% of the code I provide can easily be copied over to Linux/BSD/OSX, just replace with the Bash equivalents.
To begin, you will need a few things:
--ADB, with working drivers, though you don't NEED root access through it it is nice to have, since it cuts the typing in half, and the setup for that can be found here: [App]: ADB Root Hijack [ADB Runs as Root now]
--openSSL, for converting certificates to the proper formats.
Windows instructions: Requires Cygwin, see this link here. This will install several other useful tools, and you'll love Cygwin if you're a power user
Linux/BSD/OSX instructions: install using your favorite repositories or from binaries (in the case of OSX). For Ubuntu/Debian: sudo apt-get install openssl
--You will need access to the Development menu (use an app or the Any Cut app to make a shortcut), as well as Root Browser lite (or Root Explorer).
--Alot of patience, and a bit of time. This should be straightforward, but don't expect a perfect solution for everyone.
1) The most important step, since this will cause you no end of headaches for possibly an hour or two as you trace it down: Go into the Development menu, UNCHECK USB Debugging and RECHECK it, then UNCHECK Auto Mount. So, even if debugging is checked, uncheck and check it anyway. And make SURE Auto Mount is unchecked, otherwise this will automatically install the "normal" NT drivers and screw up the entire process.
2) Plug in the Nook, and bring up the command line (cmd.exe). Run:
Code:
adb devices
If this returns an alphanumeric string (or anything), your device is in and you're good to go. Otherwise, check the other forum topics for troubleshooting (link to come).
3) To begin, we need to convert our tickets to the correct format. For this we will use OpenSSL. To make this easy, I piled all of my working space into a folder in the root of the C: drive, called "certs". For this example, I will assume that you were given a root certificate named rootCA.crt and a private certificate names [email protected].p12 (because I was, for the eduroam worldwide network).
This example also assumes EAP-TLS authentication. To convert the files:
Code:
openssl x509 -in rootCA.crt -out rootCA.der -outform DER
openssl x509 -in rootCA.der -inform DER -out rootCA.pem -outform PEM
then
openssl pkcs12 -in [email protected] -out cert.pem -clcerts -nokeys
openssl pkcs12 -in [email protected] -out key.pem -nocerts
Note: even if your business/Uni doesn't use a separate hashed key normally (For example, the University of Alaska system), you will need it here. Normally a certificate app handles all of this (on AOSP and custom builds).
4) Thanks to good ol' FSTAB, we will have to remount /system so we can read/write to it:
Code:
adb shell
su
mount -o remount,rw /system /system
5) Now, we have three new files: rootCA.pem, cert.pem and key.pem in the C:\certs folder. We push them to their proper directory on the NT:
Code:
adb push rootCA.pem /system/etc/wifi/
adb push cert.pem /system/etc/wifi/
adb push key.pem /system/etc/wifi/
Note: This is where it gets tricky without root ADB access...the option is to push them to "/media/My Files/My Downloads/" (including quotes) and then use a terminal or root browser to move them to /system/etc/wifi/
6) Next, we get to pull wpa_supplicant finally!
Code:
adb pull /system/etc/wifi/wpa_supplicant.conf .
Note: Make sure to include the . at the end, this means 'copy it to the current directory'
7) Open wpa_supplicant.conf in Wordpad (NOT notepad, wrapping issues), and build a profile based on the examples located here.
Here is an edited version of mine, if you use EAP-TLS this will work for you:
Code:
network={
ssid="YourAPNameHere"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TLS
identity="[email protected]"
ca_cert="/system/etc/wifi/rootCA.pem"
client_cert="/system/etc/wifi/cert.pem"
private_key="/system/etc/wifi/key.pem"
private_key_passwd="yourPassHere"
priority=20
}
Change ssid, identity, and private_key_passwd to your respective information.
NOTE: priority, near the bottom, determines when it will connect to the network when others are around. Compare it to the values of the priority's set in /data/misc/wifi/wpa_supplicant.conf, the higher the value the higher the priority when they're all within range.
Now save and close the file.
8) Now, we push and reboot:
Code:
adb push wpa_supplicant.conf /system/etc/wifi/
then reboot the nook.
Now, after reboot, it should be good to go!
Notice, one bit of trouble I ran into, if you just get "error" when turning on the wireless after reboot, double-check that your certificates are correct and in the correct places, and wpa_supplicant.conf points at them. If thats fine, try erasing /data/misc/wifi/wpa_supplicant.conf, then reboot, and the list will be rebuilt and your AP will automatically connect.
Please let me know if there are any issues with the instructions, it's 6am and I haven't slept more than 8 hours in the last 3 days troubleshooting this, building kernels and playing Skyrim
reserved for future things
Also of note: I'm working on making this into scripts, don't worry everyone. And, if you bork your wifi, I will have a wireless fix in the works too.
Hi
First of all, thanks for this tutorial
I'm pretty sure this should be very straightforward but not to mess this thing up what do I need to change for a network with the following definitions:
Network SSID: eduroam
Security: 802.1x Enterprise
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
Cheers
LacerdaPT said:
Hi
First of all, thanks for this tutorial
I'm pretty sure this should be very straightforward but not to mess this thing up what do I need to change for a network with the following definitions:
Network SSID: eduroam
Security: 802.1x Enterprise
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
Cheers
Click to expand...
Click to collapse
Hey, it's not a problem at all. Pulled from the source here: NookDevs.com wpa_supplicant.conf I built this skeleton here:
Code:
network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=PEAP
identity="[email protected]"
password="YOUR-PASSWORD"
ca_cert="/system/etc/wifi/cacert.pem"
phase1="peapver=0"
phase2="MSCHAPV2" }
As you can see, you'll need to enter your University email in the identity field and your password in the password field, and if you don't have the needed certificates/password/etc you can get that from your local IT office (I would ask to speak with your network technicians though, helpdesk may not have it). Make SURE to read the instructions in that link, the openssl bit is different than the guide above!
Thanks!
On monday I will try that and will report the outcome.
Cheers
Hi.
It worked like a charm! No problem at all.
Thanks!
Cheers
Awesome! Glad to hear it.
My rooted Samsung Galaxy SCL couldn't connect to a WEP wifi network.
After analyzing traffic I found it was using SKA authentication instead of Open Authentication.
The line it uses in wpa_supplicant.conf is:
auth_alg=OPEN SHARED
If I change it to this it works:
auth_alg=OPEN
- 1. Is this normal? According to some manual "OPEN SHARED" should try both methods, but it looks it was only trying the later.
- 2. Shouldn't the interface ask me whether i want Open or Shared?
- 3. I know I shouldn't be using wep.