WPA Enterprise Auth - confirmed working

Search This thread

vSymm

Member
Nov 26, 2008
7
1
WiFi on campus here uses WPA enterprise auth - good. I was shocked when I saw that the phone seemingly didn't support it. Network didn't even appear in the list, and Add Network only supports WPA Personal / WEP. How Apple of them. But WHY? It's wpa_supplicant behind the scenes.

I've been using campus wifi successfully for a few days now. It seems to integrate well enough - the wifi settings menu doesn't seem to break at all, the enterprise-authed network and status are listed correctly including the 'lock' icon, etc.

These instructions are slightly modified from being specific to the particular university (posted locally too, you see). If you can rub some braincells together, this can be adapted. The parts regarding a certificates file may or may not be needed in your setup, for example.

* Get a root shell
* cd /data/misc/wifi/
* cat wpa_supplicant.conf
* The existing supplicant config is displayed - copy and paste it into a text editor (the beginning bits are important, as are your existing networks)
* Paste in a working wpa_supplicant.conf section for your network at the end
* Fill in username and password in the new section. Replace the path for cacerts.pem with /data/misc/wifi/cacerts.pem
* Save the new config onto the SD card
* Save the cacerts.pem (same site) onto the SD card also
* On the handset: In the settings/storage menu, disable the SD card for USB storage (otherwise, can't access it from the shell)
* rm wpa_supplicant.conf
* cp would be used here normally, but it isn't in the stock image: dd if=/sdcard/wpa_supplicant.conf of=wpa_supplicant.conf
* chmod 666 wpa_supplicant.conf (Warning! Readable/Writable by EVERYONE! Use 664 such that only root can write it if you want, but this will possibly disallow changes by the settings app - if chown was available, ownership would be reverted back to wifi:wifi)
* dd if=/sdcard/cacerts.pem of=cacerts.pem
* chmod 444 cacerts.pem (needs to be readable by wifi user)
* The network should appear in the wifi menu and connect if you enable wifi. Reboot if not maybe?

Problems:
* Permissions are a bit wonky due to lack of chown. The process would be cleaner with busybox installed (possible with root), but this process is written to work on a stock RC29 handset.
* It will almost surely fail following an update. Try not to give up root before the WiFi UI is patched
* Maybe there's a reason that enterprise auth is absent from the settings UI
* WiFi settings page may or may not break. WiFi settings page may or may not undo your changes.

A quick troubleshooting tip: if you've dealt with wpa_supplicant before, note that wpa_cli is available to root. Helpful to diagnose any issues that crop up.

Enjoy.
 

jashsu

Senior Member
Nov 15, 2008
1,860
20
How Apple of them. But WHY? It's wpa_supplicant behind the scenes

I suspect it's because the majority of consumers only access wifi networks secured through psk or mac-address. iirc my university used mac-address too. Not sure if that's changed by now. In any case, I wouldn't hold my breath for official support on the G1. Maybe on some future Android device with enterprise in mind.

Anyway, good tips and good first post. Welcome to the forum :)
 

ipaqkiller

Senior Member
Mar 2, 2006
54
3
45
Montgomery, AL
WPA2

Can I ask a question?

The SSID for your campus wifi is not broadcasted, correct? if this is true, then it won't show up and the only way to get access is to add it manually.

Now when you go to add it manually, did you try to change the type of security before you flipped out the keyboard? Just wondering since WPA2 is clearly seen if you have the keyboard in and if you have it out it looks like WPA2 isn't an option but if you try to move the security box with a swipe up with your finger, WPA2 will be shown. I haven't had a single problem attaching to my home or work network using WPA2 PSK since RC19 and beyond.
 

vSymm

Member
Nov 26, 2008
7
1
Yep, busybox has chown - which makes the whole thing cleaner and safer. My instructions were written originally with no assumptions as to previous modding, incl how to get telnet.
The wifi network here does broadcast, but is filtered out due to "unsupported" security. Add network lists wpa2 personal but not enterprise.
 

bsoft

Member
Jun 17, 2004
18
0
How Apple of them. But WHY? It's wpa_supplicant behind the scenes.

Because there's a substantial amount of UI work that needs to be done for WPA2-Enterprise compared with the relatively common WPA2-PSK.

My advice? If official support is something you'd like, go write it and submit a patch to the Android devs.
 

happyface_0

Senior Member
Jan 4, 2009
93
0
Not working

I can't get this to work. It says "failed to start wifi".
My non-enterprise wifi won't even work now. It connects but apps say network error.
I am trying to connect to my university's wifi that is "Secure 802.1X authentication and EAP-TTLS with PAP inner-authentication (anonymous)"
Can anyone give me an example config for this? It doesn't use a certificate.
 

vSymm

Member
Nov 26, 2008
7
1
Confirm that the permissions were set correctly on wpa_supplicant.conf

I'm sure you can find an example for that particular setup online somewhere.
 

dwang

Senior Member
Nov 23, 2008
2,454
318
I can't get this to work. It says "failed to start wifi".
My non-enterprise wifi won't even work now. It connects but apps say network error.
I am trying to connect to my university's wifi that is "Secure 802.1X authentication and EAP-TTLS with PAP inner-authentication (anonymous)"
Can anyone give me an example config for this? It doesn't use a certificate.

try this:

adb shell
cd /data/misc/wifi
chown 1010:1010 wpa_supplicant.conf
 

zemane2

New member
Dec 30, 2008
2
0
Worked for me too, but the connection was really unstable. I've added the option bssid to wpa_supplicant.conf to prevent roaming. Now it works really well on my desk, but I haven´t tried the rest of the company.
 

ido

Senior Member
May 7, 2006
148
107
need help connecting

I'm trying to connect to a campus network, I see the SSID detected (as following), and It tries to connect and aborts by itself.

my wpa_supplicant.conf shows this:

network={
ssid="Techwifi"
scan_ssid=1
key_mgmt=NONE
priority=2
}
 

happyface_0

Senior Member
Jan 4, 2009
93
0
hey guys,

will this also work with WPA2 and EAP/TTLS with PAP?

or do you know when this feature will be integrated?

thaks a lot

Yes, I have it working.
Code:
network={
	ssid="ssidname"
	scan_ssid=1
	key_mgmt=WPA-EAP
	eap=TTLS
	identity="user"
	password="pass"
	phase2="auth=PAP"
}

Note: It seems to drain my G1's battery pretty nicely and it starts to get hot after being connected for a bit. Also, my G1 added disabled=1 to the end of this network after the ADP1 v1.1 update, strange.
 
Last edited:

Gedomania

Member
Feb 5, 2009
20
0
Is there a way to alter your wpa_supplicant settings on an unrooted German G1 , or how can i downgrade and then alter the settings, does anyone know?
 

Gedomania

Member
Feb 5, 2009
20
0
Maybe someone with a US RC33 can look if the WPA 2 Enterprise support finally made it into the gui of the G1 , then our problem would be solved ,
can´t find something on the net which says that WPA 2 Enterprise was part of the Internet .
So please can somebody look up his or her connection settings for wlan and tell us if WPA 2 Enterprise is available now?
 
Jan 3, 2009
5
0
Maybe someone with a US RC33 can look if the WPA 2 Enterprise support finally made it into the gui of the G1 , then our problem would be solved ,
can´t find something on the net which says that WPA 2 Enterprise was part of the Internet .
So please can somebody look up his or her connection settings for wlan and tell us if WPA 2 Enterprise is available now?




Neither WPA-Enterprise nor WPA-2 Enterprise are available yet without actually editing the wpa_supplicant configuration manually, even on RC33.
 

Gedomania

Member
Feb 5, 2009
20
0
Hmm thats pretty sad, is it actually possible to write a program which can edit the Wpa_supplicant file so that we can manually insert the settings we need to get WPA 2 Enterprise working , even on phones without root?