Connecting to EAP WiFi network

Technical Support
, , , ,
1

Hi all,

Does anybody have an example code (Native WiFI) or xml profile for connecting to EAP networks?

Our product uses Native WiFi for connecting to Wireless Networks and so far have been limited to supporting WPAPSK, WPA2PSK and Open networks. With these network types, we have been successfully connecting to the Access Points, but now we wish to add support for EAP-Authentication methods.

For testing I have set up a freeRadius (freeRadius.net v1.1.7-r0.0.2) and to keep things simple, I am running it almost “as-is”. The only modification I did was to set the “shared-secret” in the clients.conf file. For authentication, we have been using the example credentials of freeRadius.net:

username: testuser
password: testpw

I followed the steps in

to manually create a Wireless profile on my PC, then used WlanGetProfile to extract the XML-Profile. This XML-Profile works when I use it on the Win32 port of our application but not on the “Toradex_CE7-target” build.

On the iMX6-build, the return value of WlanSetProfile is ERROR_BAD_PROFILE(0x4b6) while the pdwReasonCode=0x057. Unfortunately, WlanReasonCodeToString could not provide the text-equivalent for this reason code but in general 0x057 means ERROR_INVALID_PARAMETER.

I have tried modifying the XML-Profile, removing elements one-by-one but I keep getting the same result from WlanSetProfile everytime.

Below is the original XML profile I used.

<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
    <name>FireFox</name>
    <SSIDConfig>
        <SSID>
            <hex>46697265466F78</hex>
            <name>FireFox</name>
        </SSID>
        <nonBroadcast>true</nonBroadcast>
    </SSIDConfig>
    <connectionType>ESS</connectionType>
    <connectionMode>manual</connectionMode>
    <autoSwitch>false</autoSwitch>
    <MSM>
        <security>
            <authEncryption>
                <authentication>WPA2</authentication>
                <encryption>AES</encryption>
                <useOneX>true</useOneX>
            </authEncryption>
            <OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
                <cacheUserData>true</cacheUserData>
                <authMode>user</authMode>
                <EAPConfig>
                    <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
                        <EapMethod>
                            <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type>
                            <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
                            <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
                            <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
                        </EapMethod>
                        <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
                            <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
                                <Type>25</Type>
                                <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1">
                                    <ServerValidation>
                                        <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
                                        <ServerNames></ServerNames>
                                    </ServerValidation>
                                    <FastReconnect>true</FastReconnect>
                                    <InnerEapOptional>false</InnerEapOptional>
                                    <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
                                        <Type>26</Type>
                                        <EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1">
                                            <UseWinLogonCredentials>false</UseWinLogonCredentials>
                                        </EapType>
                                    </Eap>
                                    <EnableQuarantineChecks>false</EnableQuarantineChecks>
                                    <RequireCryptoBinding>false</RequireCryptoBinding>
                                    <PeapExtensions>
                                        <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation>
                                        <AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName>
                                    </PeapExtensions>
                                </EapType>
                            </Eap>
                        </Config>
                    </EapHostConfig>
                </EAPConfig>
            </OneX>
        </security>
    </MSM>
</WLANProfile>

Regards

2

Hi,
Let me try it. Allow me some time

3

Hi,
I tried it out and was able to authenticate Colibri iMX6 in WPA2 -Enterprise. Here is what I tried and might be useful to you

  1. Installed freeRadius.net on PC (Window 10 host)
  2. Added few users in user.conf file

eg.

   user1111 User-Password == "pass1111"                            
   user2222 User-Password =="pass2222" 
   user3333 User-Password =="pass3333"      
   user4444 User-Password =="pass4444"
  1. Configured the client.conf for the client (Access Point ).
      client 192.168.0.1{                // this is the IP address of the AP
   secret		= pass0000
   shortname	= EnterpriseWiFi
       }
  1. Configured my AP wireless security to WPA2. It looked something like below
     SSID : EnterpriseSecurityTest
  Radius Server IP : 192.168.0.100  // IP address of my PC where I have configured freeRadius.net server
  Radius password: pass0000         // this must be same as entered in the client.conf

  1. Start freeRadius server

  2. Power on your colibri iMX6 and open your WiFi settings

  3. Try to find out EnterpriseSecurityTest

  4. It asked me for

   Username : user4444 
password : pass4444
domain    :    //leave it empty
  1. Press ok and try pinging.
4

Hello Sahil,

Thank you for taking the time to try it out. In our product, we had to disable Connection Manager so that we could get full control of the WiFi from our application. In order to reproduce your steps, I did a reset of our registry settings (to get CM back) and then I was also able to authenticate to the AP successfully.

However, we need a Native-WiFi-API-based solution for our product and one of the steps to connect to an AP is to set the profile parameters in xml format (WlanSetProfile). With the xml-listing I embedded in my original post, I am already getting a failure when I call WlanSetProfile but I could not figure out which part is causing the error.

I had the idea that with if I managed to connect to the AP with Connection Manager active, I could then somehow export the connection profile and then use that as input in our application’s WlanSetProfile call. Unfortunately, I could not find a way to export it. I tried WlanGetProfile but then it may be failing because Connection Manager is enabled.

Is that possible at all?

5

Hi DennisL,

Here is the XML profile for the WPA2-Enterprise security-based network that I have connected to. I found this XML profile located at \WIndows\Wlan.…\xml after I connected to the network mentioned. Do the same setup that you did earlier with the help of the connection manager and then after successful authentication, get this file at the location mentioned above.

<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
	<name>CC402671-850F-2F5B-BEC1-90F5C5EE892D</name>
	<SSIDConfig>
		<SSID>
			<hex>456E7465727072697365536563757269747954657374</hex>
			<name>EnterpriseSecurityTest</name>
		</SSID>
		<nonBroadcast>false</nonBroadcast>
	</SSIDConfig>
	<connectionType>ESS</connectionType>
	<connectionMode>manual</connectionMode>
	<MSM>
		<security>
			<authEncryption>
				<authentication>WPA2</authentication>
				<encryption>AES</encryption>
				<useOneX>true</useOneX>
			</authEncryption>
			<keyIndex>0</keyIndex>
			<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
				<authMode>user</authMode>
				<EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><eapCommon:Type xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon">25</eapCommon:Type><eapCommon:VendorId xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon">0</eapCommon:VendorId><eapCommon:VendorType xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon">0</eapCommon:VendorType><eapCommon:AuthorId xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon">0</eapCommon:AuthorId></EapMethod><ConfigBlob>010000004800000001000000010000002C0000000E000000000000000000000000000000000000000000000000000000000000000000000001000000100000001A00000000000000</ConfigBlob></EapHostConfig></EAPConfig>
			</OneX>
		</security>
	</MSM>
</WLANProfile>
6

Hello Sahil,

Thank you again for the input. I was able to get the profile’s xml in the location you described. As I sort of feared, the configuration part is a ConfigBlob so that would still take some time to decode. In the meantime, I could use the profile xml “as-is” to initiate a connection to the AP and I am now studying the notifications being received from the Native Wifi service to figure out how EAP authentication works.

7

Discussion continued here: