Hi All,
I have problem to connect my school wifi network.
School wifi use 802.1x for authentication. The School use self signed PEAP
certificate. I could not connect my HD2 android phone to my school wifi.
But When I add a record to my winmobile registry I could use the schoo wifi on WinMo.
Here is the necessary correction for WinMo.
-------------
add a DWORD Registry Entry under
HKEY_LOCAL_MACHINE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off
-------------
Is they any way to similar solution for android?
Thanks for your helps,
Best Regards,
DM
An interesting one, since PEAP is kind of part of the WPA-Enterprise networking area which Android doesn't officially support, however there appears to be workarounds if you do a bit of digging in the google docs.
If you have root on your device, edit /data/misc/wifi/wpa_supplicant.conf and add
whatever network you want; it will even show up in the list in the UI. This example
works for me:
network={
ssid="MyEmployer"
key_mgmt=WPA-EAP
identity="myusername"
password="mypassword"
}
If your network is more complicated (tunnels, certificates, etc), see the
wpa_supplicant project's default configuration file, which has many examples towards
the bottom.
http://hostap.epitest.fi/gitweb/git...ob_plain;f=wpa_supplicant/wpa_supplicant.conf
Click to expand...
Click to collapse
is once such reference (from here: http://code.google.com/p/android/issues/detail?id=1386).
It definitely seems like something to do with wpa_supplicant.conf but my phone is currently in another house so I can't have a look at mine for more info, sorry!
Reno_79 said:
.....
It definitely seems like something to do with wpa_supplicant.conf but my phone is currently in another house so I can't have a look at mine for more info, sorry!
Click to expand...
Click to collapse
Thanks for your kindly reply. I will try that.
Best Regards,
DM
Related
Hi,
I want to connect my qtek 9100 on the 802.1x WLAN of my school (ETHZ). It has not been possible yet, although i spent an hour with a person from the tech support of the school.
The problem comes from the very specific configuration that I cannot set on the Qtek 9100!
I need to uncheck the "validate server certificate" option, which is by default for PEAP authentication, something easy to do on a normal windows machine. But the problem is, there is no way to disable this on the qtek 9100 in any "properties" tab, and it therefore complains that the server certificate is not valid, and then refuses to connect!
HOW could I disable "validate server certificate"?? using the registry??
With the person from the tech support we managed to find somehow the registry keys linked to this option in Windows. But of course these keys dont exist on the qtek 9100 in Windows Mobile 5...
Please, is there some expert with some better idea?
Thanks
Fabrice
I havent found a way to do it so far. No various configurations nor random 3rd party software worked on WM5 properly.
This issue is more interesting when consider that htc universal offers LEAP ( which would do work as well ) and wizard dont!
http://forum.xda-developers.com/viewtopic.php?t=42664
From what I can gather you will need a root certificiate. Still trying to get to the bottom of this though.
it seems that AKU2 allows us to use LEAP which already would do the thing! I'll test in on friday and let you know!
i found some useful info on the net, but have not yet tested them on my MDA Vario:
there seem to be 3 possibilities:
1: you retrieve the root certificate from your techie friend at your university and place it in the designated folder on your ppc.
Click to expand...
Click to collapse
2: you add a DWORD 0 at HKLM\Comm\EAP\Extension\25\ValidateServerCert (http://www.modaco.com/How_to_set_a_wifi_network_to_use_a_certificatel-t237261.html)
Click to expand...
Click to collapse
3: Hkey_Current_User\Software\Microsoft\ActiveSync\Partners
Here you should notice 2 sub-keys, both with a unique UID. One is set up for the ActiveSync Partnership with your PC, the other is set up for the partnership with your Exchange server. Fortunately, it is fairly easy to distinguish between the two. Simply highlight one of them, and look at the different values. You'll see pretty quickly which one is for your Exchange server. While the partner key for your Exchange server is highlighted, create a new value with the following parameters
Type: DWORD
Name: secure
Value: 0 (http://winzenz.blogspot.com/2006/03/hacking-your-windows-mobile-50.html)
Click to expand...
Click to collapse
authors of points 2 and 3 differ from opinion, but I cannot say which is best, perhaps someone else has an opinion?
predo said:
it seems that AKU2 allows us to use LEAP which already would do the thing! I'll test in on friday and let you know!
Click to expand...
Click to collapse
Hi Predo,
Have you been able to get LEAP to work using AKU2??
Lot of inquiries present on the net, but no clear answers.....
Thx,
Mak
This is what I would do.
This can be easily done from a PC, because you can get a temporary trust from the authentication server which gives you the option to install the root on your PC. Export the root cert from your laptop/PC and copy it over to your mobile device. Once the root.cer is on the wizard just open up file explorer and double tap it the cert will auto install.
Problem solved
I wouldn't use LEAP or even PEAP without validating the server cert. Especially in a hostel environment like a university, which is full of hacks. Associating to an AP without validating certs sets you up for man in the middle.
The only advantage LEAP or Fast EAP (if it were supported) is for roaming. The wizard would also have to support CCX v3. You can get this CCX v3 support by purchasing Funk (now Juniper) Odyssey client, which is $50. When using LEAP or Fast EAP it allows the use of CCKM (fast roaming).
Oh yeah, the odyssey client supports PEAP with the option to not validate the server cert.
hi, i dont know why is that but after upgrading software to new aku2.0 rom ( imate afair ) i started to be able to connect to my university wlan with no problems. Only thing is there i have nothing added in leap tab in network properties.
Anyway, it works so i'm not playing with settings anymore ;-)
Hey everyone,
I'm new here to this fantastic community, so i'm not sure if this is in the right place but here goes....
I've recently bought and HTC Touch, and upgraded it with software that i found here.
Now, On campus we've got a couple of networks available, but we're required to log onto one (wifi) for internet called 'UA-aes'.
It's the standard network on campus.
With my laptop, the guy responsible for the netword set it up easily
It needs the following : WPA2AES , PEAP and my user name and password. No domain required.
He didn't install anything else.
I tried hooking up my touch and was able to select wpa2aes, enter my user info and password but then it required a certificate which apparently WM6 doesn't have.
I tried explaining it to the guy, but he said no certificate was needed, and i checked on my laptop, no certificate was indeed needed to connect to the network.
And this is the part where i'm stuck, i'd really like to connect to the wifi, but it doesn't.
Has anyone an idea how to fix this? Where to find the certificate?
This would REALLY help me a great deal.
Anyway, thx guys!
nobody has a solution?
I'm running into the same problem with my school's network - I haven't yet tested this, but here is the solution I'm hoping will do the trick.
"The only thing you have to do is to add a DWORD Regestry Entry under HKEY_LOCAL_MAICHNE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off"
Best of luck
Just to update, I had the chance to test out that registry edit on my network. Again, the network does not require a certificate to access it. But the new reg settings solved my problem - I am now able to log in without being told that I lack a certificate I didn't even need.
At work we have a WPA network, And ever time i try to connect to it with my x1 it asks me for my username and password a few times then shows a error message saying i don't have a personal cert. Are network does not require a personal cert. We do have a signed cert from thawte. Are ssid is hidden and the network settings are "WPA, TKIP, PEAP"
same problem here too.
WPA (not WPA2), TKIP with PEAP. I do have the university certificate, but no personal one.
It just keeps asking the password and username, but never connects.
Pretty damn frustrating, as the network works perfectly on Mac, Windows, Linux and even iPhone. But not on Windows Mobile...??
.............................bump.............................
My company apparently had some odd version of WPA enterprise, so I had to use the following hack on my X1 (as well as any other WinMo phone) to get it to work:
1. Get PHMRegEdit: http://www.phm.lu/Products/PocketPC/RegEdit/
2. Add a key to the registry: \HKLM\Comm\EAP\Extension\25\ValidateServerCert= dword:00000000
3. Connect to your network. For mine, I used the settings: WPA, TKIP, hidden network checked, PEAP.
4. After connecting, enter user/pass. I left domain blank on mine.
After following these steps, it seems to work just fine for me, but YMMV.
Type PEAP into the search engine at the top of the forum and try one of the many answers.
The top one gives you an option to connect without checking for any certificates..
does that sound like the solution you need?
I keep repeating this, as do the moderators and the other more experienced members but the search is an incredibly useful feature on this site !
PLEASE SEARCH BEFORE POSTING
blackax in the 24hours since you first posted you could have tried millions of different searches, PEAP was the first one I tried.
EDIT : bah you gave them the answer from the first post!
@brikis98
Thank you for the post. But i have already tryed that with not it working :-(
@fards
I posted because i couldnt find the answer that worked for me. I should of made that more clear in my first post.
It seems that im not even getting to the Radius server. There is no error in the Log around the time i tryed to access WPA. grrrrr This is driveing me nuts
First, you got to figure out what kind of authentication method yr company used.
For me, my company use Cisco EAP-Fast and my only option is install Juniper's Odyssey Client for WM. It's not free but you can try it for 30 days and it works for me.
download "securew2" and follow the directions here: http://askageek.blogspot.com/2008/09/concordia-wireless-using-windows-mobile.html and you should be able to get WPA enterprise to work. I'm a med school student so we have a pretty encrypted system and the tech there didnt' know if anything would work, but I got this to work. Did a bunch of searches before I found something that worked. I've had no problem connecting since this. Hope this helps!
hollyyih said:
download "securew2" and follow the directions here: http://askageek.blogspot.com/2008/09/concordia-wireless-using-windows-mobile.html and you should be able to get WPA enterprise to work. I'm a med school student so we have a pretty encrypted system and the tech there didnt' know if anything would work, but I got this to work. Did a bunch of searches before I found something that worked. I've had no problem connecting since this. Hope this helps!
Click to expand...
Click to collapse
Well, it's really depends as I said before. This one only support the following:
EAP-TTLS
EAP-GTC
EAP-PEAP
EAP-SIM
My company only support EAP-FAST and only Odyssey can handle so many different protocols (all of the above and a lot more).
Hi all,
I have bought HD2 yesterday and today when I try to connect to wifi of my office it asks me to "the network requires a personal certificate to identify you", while I have done some research and followed below threads, but there seems to be no clear solution. Please can somebody help with a patch to disable network certificate check.
Thanks
followed threads
http://forum.xda-developers.com/showthread.php?t=344087
http://forum.xda-developers.com/showthread.php?t=264781:confused:
I have been struggeling with this also for quite a while.
The suggestion you mention is probably not worth while investigating.
The certificate is required by the access point so you should change it there is you do not want to cahnge the phone.
My solution was the following.
The HD2 comes with a base set of certificates and our corporate network requires one that is not in there.
I managed to find out which certificate I needed and was able to Google it.
Then just copy it to the phone, run the cert file and you're done!
watnuweer said:
I have been struggeling with this also for quite a while.
The suggestion you mention is probably not worth while investigating.
The certificate is required by the access point so you should change it there is you do not want to cahnge the phone.
My solution was the following.
The HD2 comes with a base set of certificates and our corporate network requires one that is not in there.
I managed to find out which certificate I needed and was able to Google it.
Then just copy it to the phone, run the cert file and you're done!
Click to expand...
Click to collapse
I could not get one for my corporate network is there any patch to disable it, i had tattoo and iphone which never required such certificate
neitin said:
I could not get one for my corporate network is there any patch to disable it, i had tattoo and iphone which never required such certificate
Click to expand...
Click to collapse
You cannot patch your device to disable this.
It is a requirement of YOUR network.
You need to find out which base certificate it is you need and then install to your phone.
Hi. Sorry to bring up an oldie, but I'm having this issue as well with the exception that my network doesn't require a certificate. I've confirmed this with my IT department. Any ideas as to how this can be disabled? It only seems to happen when I connect my phone to my PC (which is only done to install software, not sync with exchange; that's done wirelessly).
GrandAdmiral said:
Hi. Sorry to bring up an oldie, but I'm having this issue as well with the exception that my network doesn't require a certificate. I've confirmed this with my IT department. Any ideas as to how this can be disabled? It only seems to happen when I connect my phone to my PC (which is only done to install software, not sync with exchange; that's done wirelessly).
Click to expand...
Click to collapse
The only thing you have to do is to add a DWORD Regestry Entry under HKEY_LOCAL_MAICHNE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off"
I have personally tried this and works like a charm, please let me know if doesn't
Greetings from India
PS: remember to reboot your device once you have added the registry
neitin said:
The only thing you have to do is to add a DWORD Regestry Entry under HKEY_LOCAL_MAICHNE-->Comm-->EAP-->Extension-->25
Name:"ValidateServerCert"
Value: 1 to activate Validation, 0 to turn it off"
I have personally tried this and works like a charm, please let me know if doesn't
Greetings from India
PS: remember to reboot your device once you have added the registry
Click to expand...
Click to collapse
Nice!!!! Thanks for the information . I will give this a try as my work wireless network presents the same problem.
It may be tied into the following info I found out there on the web, problem as described by someone else with the same or similar issue:
"the wireless controller was sending out EAP-Identity-Request packet very quickly (1 per second), so the time I typed my pass on the PDA, it has already received 5+ EAP-Requests and when I pressed OK, it was sending my Identity with Request-ID=1 and was rejected because the controller was already expecting a greater Request-Id.
I adjusted the timeout and voilĂ !!! Here is the command line for Cisco Wireless Controller 4402 (the value was set to 1s !) :
"
This info relates to WM EAP and Cisco's implementation of EAP.
I will try the regedit and see if this fixes things for me.
i tried doing this by entering a dword via regedit but i am still facing the same issue...please help
Does anyone know how to change the device name on the gtablet? I now have the ablilty to hook me gtablet up to my corporate network, so I went into the DHCP server to make a reservation for the device the name that it displays is andoid_XXXXXXXXXXXXXXXXX.mydomain.com replace the X with Hex numbers and letters. I would like to change the name on the device so that other admins know what the device is and don't delete if from the reservation pool.
i was thinking
IpadCrusher.mydomin.com
I too would like to know how to change the hostname (device name).
Viper Tablet
greyspacealien said:
Does anyone know how to change the device name on the gtablet? I now have the ablilty to hook me gtablet up to my corporate network, so I went into the DHCP server to make a reservation for the device the name that it displays is andoid_XXXXXXXXXXXXXXXXX.mydomain.com replace the X with Hex numbers and letters. I would like to change the name on the device so that other admins know what the device is and don't delete if from the reservation pool.
i was thinking
IpadCrusher.mydomin.com
Click to expand...
Click to collapse
I still like Viper Tablet for the Viewsonic VEGAn build when ever it goes final!
I would also like to know. I keep getting hassled by my Network Admins because every time I load a new ROM, the "xxxxx" changes and it looks like a new device. Same thing happens with my HTC Incredible Phone.
I'm jealous because I can't even logon to my works corporate network. Device keeps failing to assign an i.p address.
I get connected via wifi if I assign a static address, but android doesn't support http proxy or something, so the username/logon screen never comes up
greyspacealien said:
Does anyone know how to change the device name on the gtablet? I now have the ablilty to hook me gtablet up to my corporate network, so I went into the DHCP server to make a reservation for the device the name that it displays is andoid_XXXXXXXXXXXXXXXXX.mydomain.com replace the X with Hex numbers and letters. I would like to change the name on the device so that other admins know what the device is and don't delete if from the reservation pool.
i was thinking
IpadCrusher.mydomin.com
Click to expand...
Click to collapse
If you are rooted and have a robust busybox installed, after reboot you could execute the following command:
busybox hostname YourDevice
You could setup a gscript script and run it before you turn on your wifi or download autostart and have your script run automatically after a reboot.
Your network admins actually allow this thing on your corporate network?? Oh my.
In Linux, the computer name is stored in the /etc/hosts file. You might try editing your hosts file and put in:
127.0.0.2 name.site name
NMCBR600 said:
In Linux, the computer name is stored in the /etc/hosts file. You might try editing your hosts file and put in:
127.0.0.2 name.site name
Click to expand...
Click to collapse
If you get a fixed IP address or one with reservation each time you connect to your wifi router, this may work.
I have a home built dd-wrt wireless distribution system at home and was playing with the hosts file to see how my wds interpreted hosts file and it didn't work but that is just my homegrown system. my 2wire router didn't interpret it either (gave the random android_xxxxxxxxxxx device name.
Of course, you could just give them the MAC address of your wireless card which you can get by doing #busybox ifconfig in a terminal session and tell them the name you want and they can create an Arec in the dns names.
roebeet said:
Your network admins actually allow this thing on your corporate network?? Oh my.
Click to expand...
Click to collapse
Actually, no. However, connecting to MS Exchange with Sync logs the Device ID into Exchange. So, each time I load a different ROM, I log a new ID. Drives them nuts.
I did some research today though and found an app called Android ID Changerthat will allow me to see my DeviceID and modify it. I reinstalled my orginal ROM, recorded the ID, reloaded Vegan and changed the ID to the original device information. Works very well.
I found this post in another forum that may work for you:
http://forum.xda-developers.com/showpost.php?p=9560696&postcount=1
Please note that if you do use setprop you would have to reset it after each reboot. I think adding a correlating line in build.prop (if one exists) would be a better alternative. Otherwise, they discuss unpacking/repacking the boot.img to make it permanent.
roebeet said:
Your network admins actually allow this thing on your corporate network?? Oh my.
Click to expand...
Click to collapse
I am one of the net admins
I wouldn't say its on the corprate network, its on the corprate wireless network, I can get to the web and the intranet but that is about it we have it pretty locked down. I have it teathered to my phone most of the day. Its fun to take it to a meeting and have all of the iPad users say is that the new iPad I just laugh and think YOU WISH.
Roebeet I know I have talked about this before with you, I like you would like to get my usb air card working on this bad boy that would solve all fo my connections issues. Im not the smartest guy with linux but I could spend some time if I could find some info about it.
I had found this site a while ago but could not get the drivers to install I'm sure its because we don't have source code.
http://sierrawireless.custhelp.com/...ting-system-?-(-v.1.7.34)#Driver_Installation