Sunday, April 12, 2009

WPA Enterprise on Android HTC G1 Dream

Unfortunately Android still does not have a GUI interface for connecting to corporate/enterprise networks; however, it does support it. While this isn't a solution for most users, it is fairly easy for those who have already rooted their phone or aren't scared of the command line.

First, you need to root your phone or else you can't get to the files you need to configure. Newer firmwares aren't as easy to root as older ones; either way this tutorial should walk you through what you need to do. It is very user friendly, and if you have any problems then it is probably addressed later in the forum comments. I had two problems when I did it:

1) I skipped the reformatting of the SD card since mine was already FAT. For some reason the phone needs FAT32 in order to recognize boot files... So don't skip this step.

2) The first link, and corresponding MD5 sum, to the modified OS images are to the BuildEnvironments rather than the actual OS image. Just go to the second link and download the actual image (it will be a zip file and 40.5MB rather than a .tar.gz that is 7.5MB). Hopefully Koush will update the post and fix this.

Anyway, after your device is rooted pull up a command prompt on the phone somehow. If you already know how to do this then skip ahead. You have a couple options:

1) All on the phone: I am pretty sure the terminal emulator comes pre-installed on that image. If not then you can just download it from the Market. You can just use this, but I wouldn't recommend it unless you really like typing on your phone.

2) Through telnetd: Use the terminal emulator then type "su" then enter. This will pull up the super user whitelist prompt. Tell it "Yes" that is okay for the Terminal to run as super user. Meanwhile the terminal may timeout, in which case you need to type it again. You can that you are root by running "whoami" which will tell you that you are uid 0 if you are root. Make sure the phone is connected to wifi. You can get the IP from the Wireless gui or running "ip a". Now run "telnetd". From another computer on the network run "telnet #android_IP#" where #android_IP# is the IP of the phone.

3) Using the debugger: This involves doing this then looking at this. If your device is all set up and plugged in to a computer this entails basically running "adb shell".


Now all you have to do is edit the /data/misc/wifi/wpa_supplicant.conf file. You can do this by copying it to your sdcard, editing it on a computer, then copying it back. I prefer just to edit in place. Update: Sorry I forgot to mention you need to run "su" first, or else you will get permission denied errors.

Regardless, you probably first want to backup the existing wpa_supplicant.conf file:

cd /data/misc/wifi/
cp wpa_supplicant.conf wpa_supplicant.conf.orig


To copy to sdcard (make sure you have one in there):

cd /data/mis/wifi/
cp wpa_supplicant.conf /sdcard


To edit in place:

cd /data/mis/wifi/
vi wpa_supplicant.conf


The wpa_supplicant file will contain all of your remembered wifi networks. Something like:

ctrl_interface=tiwlan0
update_config=1

network={
ssid="linksys"
key_mgmt=NONE
priority=11
}


Now add the parameters for your network. Many schools/business will provide this config for you, so you can just copy it over. Mine looks like:

ctrl_interface=tiwlan0
update_config=1

eapol_version=1
fast_reauth=1
network={
ssid="Some SSID"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TTLS
identity="USERID"
password="PASSWORD"
phase2="auth=PAP"
priority=1
}

network={
ssid="linksys"
key_mgmt=NONE
priority=11
}


This will now make "Some SSID" show up as remembered on the WiFi config GUI screen, and when in range, if everything is configured right, it will connect automatically. Note that in this case my password is stored in plain text on a file in my phone. This is bad, but I'm not sure there is a way around it at this point.

More information on how to configure this can be found here.

Notably Android automatically deleted the eapol_version=1 and fast_reauth=1 lines, however it still works fine.

There is a relate Google code issue here.

Update: I am having problems with the phone rapidly associating and disassociating from every AP in range. I filed a bug report here.

Update: This is fixed in Haykuro's latest build.

Update:
Allegedly there is a program in the market that can do all of this from a GUI (although you still need a rooted phone). It is called Wifi Helper by Fan Zhang; I haven't tested it personally yet. I kind of doubt it fixes the AP hopping issue on older versions.

10 comments:

Kirk Beaty said...

On my Android gPhone, the copy (cp) and vi editor commands are "not found". I tried both using the terminal emulator on the phone itself and via the adb shell command. On my version of the phone, the "su" command seems to put me in root mode fine and I can move to the director and cat the wpa_supplicant.conf file fine .. just can not seem to find how to copy or edit this file. Any thoughts ?

Thanks, Kirk Beaty

Clayton Shepard said...

Did you follow the rooting tutorial?

I don't know what image you have, but it definitely should have those commands...

Try reflashing it with R29 if you haven't rooted yet, and if you have rooted try flashing it with on of Haykuro's builds.

Germán Blanco said...

I had the same problem (no cp and no vi). A quick way to work around that is to use "adb push" and "adb pull" to copy files to and from somewhere with writing permissions in the device (e.g. /sdcard). Then use "cat /sdcard/whatever.conf > /data/misc/wifi/wpa_supplicant.conf" to copy the file to its normal location with a root shell.

MMDominator88 said...

"cd /data/mis/wifi/"

I actually have to type in
"cd /data/misc/wifi/

Clayton Shepard said...

Thanks MMDominator88, typo fixed.

MMDominator88 said...

I am currently editing the file while on my phone, and was wondering if you know of any command I have to type after editing the file so it saves the new configuration? maybe something like
save_config
or
save_config=1
any ideas?

Clayton Shepard said...

@MMDominator88

You probably long forgot about this, especially since android 2.0 has built in support for enterprise wireless. Anyway, if you are using vi then the command you are looking for is "w" or "wq" to write then quit. Make sure you are at the vi command prompt, you may need to hit esc.

Johan's blog said...

Android v2.1 (Eclair) has now got 801.XX (WPA Enterprise) support. Or you could use a ROM with HTC Sense, whose GUI supports WPA Enterprise.

Clayton Shepard said...

@Johan

Yes, I mentioned the 2.0 support for enterprise in my last comment. Perhaps I should mention it in this article, although I don't think there is an official release of 2.x for the G1...

I haven't heard anything about HTC Sense supporting enterprise; do you have a link you care to share?

Anonymous said...

Thanks for creating this interesting blog and its the great resource for lots on Internet users. so you can create more blog with useful knowledge.

Android app developer