IssueTracker

I second this!  
Please consider!

We use WPA2-Enterprise as well.  A method for getting the 802.1x certificate onto
the phone would be very advantageous for bringing Android into the corporate
environment.

Android supports EAP extensions, just the UI is lacking.

Well then, please update the UI so that we can use it?

It seems that you can edit the iptables manually, but I can't find out how and it's
not very user-friendly. Someone said there will be an update the next month...

"We use WPA2-Enterprise as well.  A method for getting the 802.1x certificate onto
the phone would be very advantageous for bringing Android into the corporate
environment."
I second this...

You can get a certificate on the phone easily (just put it on the SD card); the
problem is that Android doesn't support WPA2 Enterprise.

Our company is also going towards WPA2-Enterprise from LEAP. Would desparately need
WPA2-Enterprise since LEAP is not supported either

If you have root on your device, edit /data/misc/wifi/wpa_supplicant.conf and add
whatever network you want; it will even show up in the list in the UI. This example
works for me:

network={
  ssid="MyEmployer"
  key_mgmt=WPA-EAP
  identity="myusername"
  password="mypassword"
}

If your network is more complicated (tunnels, certificates, etc), see the
wpa_supplicant project's default configuration file, which has many examples towards
the bottom.

http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/wpa_supplicant.conf

If this is only a UI problem the priority should probably be upgraded - every German
research institution and university at least supports if not requires WPA2-Enterprise
(see http://www.eduroam.org/), don't know how this is in other countries and in this
state, Android devices they are more or less useless there.

This is the same for many university and corporate networks in Australia. I can't get this device onto our dot1x
authenticated wireless network.

Adding my vote, I work for a small private university, and our staff/faculty wireless
is 802.1x only, and we're working to transition the student network to it as well.

I'm trying to get my wlan working, I have the following config, which should be correct:

network={
    ssid="WLAN"
    scan_ssid=1
    key_mgmt=IEEE8021X
    eap=TTLS
    ca_cert="/data/misc/wifi/GTE_CyberTrust_Global_Root.pem"
    phase2="auth=PAP"
    identity="xxxxxxxxx"
    anonymous_identity="xxxxxxxxxxxx"
    password="xxxxxxxx"
}

However, I keep getting a "authentication time out". Am I missing something, or does
anyone know a way to debug this.

I work for Intuit and our network uses WPA2-Enterprise w/ certificate. Getting this
working would promote Android use and innovation within our company.

@elmuerte.com/comment 14: I'm afraid I haven't seen that myself, but I doubt it's an
Android-specific problem; try
http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/README

Could I just draw people's attention to the star button to the left of the title? To
copy-paste from numerous others:

Just a friendly reminder... if you're about to post a comment that says "me too!" or
"you've got my vote" or "+1"... please just star this issue and leave the
comments-space clean.  When you star the issue, your vote counts.  Issues with a
larger number of people starring the issue are likely going to get more attention.
More comments, however, are just going to clutter the system and annoy those who have
already starred the issue, possibly encouraging them to unstar the issue, lowering
its perceived importance.  Again, comments should be used to update progress on the
issue itself, not for voting... please leave this to the star.  Thanks.

I can't believe this isn't working,

I can't edit documents

now I can't connect to my school's wifi.  

wow will the list continue?

Get on it!

I would definitely want this feature without requiring to root my phone.

I'm charged with building mobile apps across multiple platforms, but without the
ability to connect to our corporate network, this phone is going to lie dormant
without much activity...can't do much with it if I can't connect to our network...

A must please

Editing wpa_supplicant seems to work well enough, although I'd still like wpa2
Enterprise added to the Wifi gui.
The biggest thing on my list atm is the ability to add proxy settings along with a
username and password.

D.McEldowney i've been loooking into this is there any insight you could provide me
with. I feel that I'm at a means to an end when it comes to altering the .confg file

thanks Gordon.

@Gord.Robb

The technique that I used requires you to have a rooted phone (I am using a Dev phone).

More or less just follow the instructions listed above by  chris.boyle.name.
To edit the .conf file, in a root terminal input

# cat /data/misc/wifi/wpa_supplicant.conf > /sdcard/wpa_supplicant.conf

This will make a copy of the conf file on your sdcard.
Next you'll need a text editor.  You can find dozens of them on the market, or just
connect your phone up to your computer.

The next bit requires a bit of reading.  I can't give you exact details as I don't
know the security details for your wireless, and for security's sake, it should stay
that way.
Have a read through the example .conf file found here:
http://hostap.epitest.fi/cgi-bin/viewcvs.cgi/hostap/wpa_supplicant/wpa_supplicant.conf?revision=HEAD

That should help you work out what you need in your .conf file.

After you have edited your .conf file, simply use 'cat' to "copy" the new
wpa_supplicant.conf file back to its original location.  Before doing that, I'd
suggest backing up your original .conf file:

# cat /data/misc/wifi/wpa_supplicant.conf > /data/misc/wifi/wpa_supplicant.conf.backup

Hope this helps.

-David

thanks dave, i just rooted my the other day.  I just wasn't really getting anywhere
form searching.  Can't wait to try it out.

Again thanks so much.

Ok so how exactly do i copy (or replace the original) the file back.
I changed the .conf file and made a backup up using "# cat
/data/misc/wifi/wpa_supplicant.conf > /data/misc/wifi/wpa_supplicant.conf.backup"

Now I had the altered .conf file with my school's settings
how do replace the original on the phone.

I tried to do this:

# cat /sdcard/wpa_supplicant.conf > data/misc/wifi/wpa_supplicant.conf

I verified that file by creating another duplicate to sd and checking it.  It was the
original and not the altered.

cat = copy?
> = ???

I'm pretty sure i have root in my phone - I type su and getting the #, but then again
who am i kidding i might have done it wrong.  I did the root using telnetd method.

thanks for your help

Gordon.

@Gordon
No, cat is a unix command which stands for concatenate.  Essentially what it does is
output the contents of a file to standard output - in most cases, it will be
outputting to your screen, however in this case, by using the > switch, we're telling
it to output to another location.  
The normal unix copy command (cp) doesn't exist on the android phone, so we use the
next best thing.
You can find the man page here (when in doubt, look up the man page):
http://www.ss64.com/bash/cat.html

You almost had the command to copy back right, all you need to do is put a '/' at the
start of the next line:
# cat /sdcard/wpa_supplicant.conf > /data/misc/wifi/wpa_supplicant.conf
otherwise it will be looking for 'data/misc/wifi/wpa_supplicant.conf' at whatever
level of the directory hierarchy you happen to be at.  The '/' at the start of the
path is simply telling it to start from the root of the directory tree.

TBH, unless you know some unix, you ideally shouldn't be playing around in the
terminal of your phone, especially with root access, as you can very easily
break/brick it if you do the wrong thing.  Altering wpa_supplicant.conf is pretty
harmless, but I'd be careful when following tutorials on the internet that say to use
the terminal - make sure you look up the man pages to find out exactly what you're
doing first.

D.McEldowney,

I owe you big,

Just got connected,

for any body else that is at Durham college Uoit in the wpa_supplicant.conf settings
are as follows:

network = {
ssid="__"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="___"
password="___"
phase2="AUTH=MSCHAPV2"
priority=5                   // I'm pretty sure it will work without this
}

I'm sure I'm missing something here, it seems a bit chunky when its first connecting
but other than that it seems smooth.

I have a root phone Rc33 jesusfreak version (not that this matters)

D.McEldowney what about the security of doing this when altering the file, am I
exposing my phone to harm?

For those of you looking for Colorado State University it's the same as Durham.

Thanks to Gord.Robb

network = {
ssid="csu-net"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="ename"
password="password"
phase2="AUTH=MSCHAPV2"
priority=xx
}

Some notes:
priority should not overlap with any other network

@Gord.Robb I'm not sure if your network is the same as CSU but we have an inner
Authentication MSCHAPV2. I think this might be causing the lag while the
wpa_supplicant and the network sort out the details. I'm guessing wpa_supplicant just
goes with the less secure route without a ca certificate to authenticate the server.
I tried this initially including copying the proper certs to the device too.

network={
       ssid="csu-net"
       key_mgmt=WPA-EAP
       eap=PEAP
       phase2="auth=MSCHAPV2"
       identity="ename"
       password="pass"
       ca_cert="/data/local/cert.pem"
       phase1="peaplabel=1"
       phase2="auth=MSCHAPV2"
       priority=1
}

but couldn't get it to work. I think it might be due to the scan_ssid=1 line being
missing. (Bad copy paste job on my part.) I'll probably try to do some experimenting
with this later this week. Any thoughts are welcome.

I rooted my device just to try to get this to work.  It did not.

According to my University I should use:

eapol_version=1
fast_reauth=1
network={
    ssid="Some SSID"
    scan_ssid=1
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="USERID"
    password="PASSWORD"
    phase2="auth=PAP"
}

It is a Cisco network.  Under W-Fi Settings the network shows up, but it says "Not in
range, remembered", even though all other devices work just fine.  The SSID did not
show up before I put this in the wpa_supplicant.conf file.  I tried removing the
scan_ssid=1 line, but it did not change anything.

Notably, when I looked again at wpa_supplicant.conf, it had removed the
eapol_version=1
fast_reauth=1
lines.

Any ideas?

We use WPA2-Corporate at work as well. It really sucks that I can't use wifi on my
phone yet.

I don't know if anyone watching this discussion is actively working on development of
this but I have began work on it. Right now I'm in the middle of studying for finals
but will resume development after that around May 18th. Ad-hoc is not on the top of
my list and this seems to be more difficult (in my mind at least).

This is one of points where iPhone wins over Android when deemed as enterprise un--
fit :( On iPhone all you need to do is to get config file (by email or download form
website), click on it and you are done ...

It appears as though someone developed an app that makes creating the correct config
file entry easy.  It's called wifi helper or something along those lines.  

To: cwshep

This is what my school's looks like.  Chances are anything outside of the brackets is unnecessary for the G1's supplicant file.

network={
        ssid="tamulink-wpa"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="USERNAME"
        password="PASS"
        pairwise=CCMP
}

There is now an application in the market named 'wifi helper' by 'fan zhang' which allows you to
access these networks from a friendly gui. It still requires a rooted phone, but may elleviate the
situation for some, like me, who aren't prepared to edit files on their phone.

I tried the app and it works just fine!

Hello,

the same thing in our company. I had an Ipod Touch before, and it could handle all
wireless network types, so this is quite disturbing for me.

I don't think making the UI would take so much time, please please someone.

I can root the phone, but that does not solve the problem, it's just a workaround

Can't seem to find 'wifi helper' on the market. Even following the link from
http://www.cyrket.com/package/fan.Wifi doesn't give results.

seems to be common problem - something with in what country you are in?
see comments in http://fredzhung.blogspot.com/ and
http://forum.xda-developers.com/showthread.php?p=3765595

somebody mirrored .apk or source code is somewhere ?

Can't you download it from here: http://www.cyrket.com/package/fan.Wifi
using the QR code?

sure, but this function should be available without rooting the phone...

When I do this I get "There are no matches in Android Market for the search
pname:fan.Wifi"

So if you can see it then it may be available in your country (lucky you) but not for
US :(

I've got a final exam in an hour.  But I'll see if I can attach it or something later
today.

Guys use "wifi helper", if not go find someone in your school who uses and knows
about linux.

I got this from the market.  It should still be there.

You need root access to use the program though.  
http://forum.xda-developers.com/showthread.php?p=3765595   (program is located in the
1st post's blog link)


By the way does anyone know of a good site that provides apps for android.  

I've been using demonoid, its good, a lot of full version apps.  but it would be nice
to find another one.  

Gordon.

Here it is
http://web.ics.purdue.edu/%7Ezhang42/wifiHelper.apk

it would be easier to add PEAP EAP support to Android wifi gui for those users who
have no knoledge about linux, rooting their phone, etc...

I also want to connect to my University wifi (eduroam) and I can't.

i thing this issue should have more priority.

[Comment deleted]

I agree totally!!

Does anybody know if the 1.5 update Cupcake will allow the G1 to connect to WPA2-
Enterprise

@LeoK.13
No, cupcake does not implement the GUI necessary to connect to networks secured by
WPA2-Enterprise.

I am running 1.5 on my ADP1 and there is no WPA2-Enterprise support that I can see.

[Comment deleted]

How come this does not work? I wanted to buy a G1 when I realised, that my school
network (eduroam) isn`t supported. I spend really a lot of time at school and the
actual reason why to buy an android phone have been not to pull out laptop so often
at school. Who cares about all other bugs. This makes the phone useless in most
company and school environments, because theese simply do not have simple networks.

Rooting the phone really isn`t an option I want to take. For the warranty reasons, of
course.

'wifi helper' doesn't solve my issue, as it's just a frontend to for the
wpa_supplicant.conf. I still get timeouts during authentication.

Anyone know if there is a way to properly debug/monitor wpa_supplicant on ADP1?
wpa_cli simply doesn't give much information.

Wifi Helper got me onto the WPA2 Enterprise with AES Encrypted Netowrk.  It is
Authenticated using my windows Domain (EAP-MCCHAPv2)

Now if only I could set the Browser proxy settings to get out of the network when
connected to this.  I am really confused by this.

After lot of R&D it worked for me....

need to change data/misc/wifi/wpa_supplicant.conf file it should be like:

ctrl_interface=tiwlan0
update_config=1

network={
        ssid="your ssid"
        scan_ssid=1
        proto=RSN
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="user name"
        password="password"
}

this is specific to EAP-MCCHAPv2. Now i am able to connect via wifi but since i have
proxy on network need to know how to configure proxy on it.

The G1 is not competitive in any way to Nokia and iPhone as they can atleast
authenticate by Username and Password. Client Certificate would be very good too, but
most of WPA Enterprise enabled networks work with Username/Password.

So when will this be implemented to work without rooting the phone?
Maybe T-Mobile just not has an interest in this Feature and thus there is not much
pressure on it...

For OHA, what T-mobile wants shall not be the most important thing. It should be, what
custommers want. Android phones are made for internet and while there can`t get
connected in many Wi-fi networks, it makes them kind of useless. That`s why I don`t
understand, why nobody is working on this yet.

This should be considered a high priority if Android is to be taken seriously.  I
work at Indiana University, which will offer WPA2 Enterprise only as of June 22,
2009.  Without any official support I will be forced to root my phone to use wifi on
campus.  Cupcake brought with it many nice updates, but many of them were trivial.
Why WPA2 Enterprise support was not included in the Cupcake upgrade is just baffling
to me.

My school uses WPA-Enterprise, since support seems to already be present in
wpa_supplicant this seem to be mostly a matter of UI. I think this is one of the main
features Android would really benefit from.

I am employed at a university that also utilizes Google Apps for E-mail. I am the
first of many who wish to see WPA2-Enterprise support on the android platform.

Hey there, I am also at Indiana University and trying to figure this out. When I try
the method D.McEldowney suggests, I get the problem that I cannot create
/sdcard/wpa_supplicant.conf as its a read-only file system? Help?

Could someone create a UI for non-rooted phones to set up a connection to
eduroam? That would be nice.

WPA Enterprise is a must. Please add the UI to configure it.

I know we all want this, now can we _please_ stop posting comments stating that? Just
star the issue, please, your +1 comment will not magically make the android devs decide
that yes they really need to add this now.

I'm able to connect to my wireless access point but authentication fails.  I know I'm using the right user name
and password but each time I try to connect I get an "invalid network password".  Anyone solve this?

I'm using a rooted G1 and have added a network profile to wpa_supplicant.

Anybody know if it will be included in Donut? There is talks of donut coming out in
Aug or Sept

Finally managed to get it working with the secure WLAN at the university. Apperently
the defaults as reported in the config file are not that default. The following
config worked for me:

network={
    ssid="WLAN"
    key_mgmt=IEEE8021X
    eap=TTLS
    group=WEP104 WEP40
    auth_alg=OPEN SHARED
    ca_cert="/data/misc/wifi/GTE_CyberTrust_Global_Root.pem"
    phase2="auth=PAP"
    identity="xxx"
    anonymous_identity="xxx"
    password="xxx"
}

note: I needed to specify the group and auth_alg entries.

I was able to get some logged information about the connection...

2>CTRL-EVENT-EAP-STARTED EAP authentication started
<2>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
<2>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
<1>Setting scan request: 0 sec 100000 usec
<2>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
<2>CTRL-EVENT-STATE-CHANGE id=0 state=0
<2>CTRL-EVENT-STATE-CHANGE id=0 state=2

It seems to cycle through association to authorization over and over again.  Can any one tell me what might
be causing "Disconnect event - remove keys' to be generated?

I would dearly love this *without* rooting my phone.
By not including this, Google are ignoring College users across Europe and beyond -
somebody had better tell them what eduroam is - http://www.eduroam.org/
What do you have to do to make this happen - don't make me bin my Magic for an i-phone.

I would like to do this without rooting my phone.

I am also targetting a network on http://www.eduroam.org

I just want to let you know that the HTC Hero have WPA-Entreprise.

7-8 months on, nothing, I'd hate to think what low priority meant

WPA2 enterprise support really ought to be offered out of the box. College students
are a big market for this phone, and the nation's biggest schools use WPA2
enterprise. As others have pointed out, the OS supports it. Why do users have to root
their phones to connect to their networks?

I think we just need to wait until the next Android release because it's the only way
for Google to add this feature to the phone.
If HTC can do that, Google can.

Yeah, I should probably kust have hit the star, and not left a comment. Still:

-You shouldn't be able to claim wifi support for a device if it doesn't support
established wifi encryption standards. If you wanna make a wifi enabled device - make
sure it can use any standard wifi connection. At least the widespread ones!
- This is a SMARTPHONE for christs sake! How could ANYONE wiht even half a brain
think that WPA(2) Enterprise was not needed? Come on! And it should have been fixed
in weeks. Not months on end wothout even _a single comment_ from a dev/project
member. This is outright embarrasing.

This is not just happening here - it seems to be standard for most of the issues
reported here. The average homemade project run by to fourteen year olf boys have
way, _way_ better issue handling than this. I thought Android was a serious effort -
without the will to fix bugs (This is a BUG, not an enhancement request), any project
is shit. Now get your head out of your asses, make this a priority, and give us an
ETA. Seriously, a enterprise level system that can't connect to most universities and
companies wifi? P-L-E-A-S-E, get a grip. Fast.
/rant
But seriously, a VERY well desverved rant for the dev who probably doesn't even read
this.

Just a quick note to the Android developers working on this:

Please make sure that PEAP-EAP-MSCHAPv2 (username and password to identify the
client) is working.

Many companies/universities use a Cisco 4400 Series WLC and have it configured that way.

Thanks.

I would like to reconfirm this feature request.

I attend NYU and they use wpa2 with PEAP-EAP-MSCHAPv2 to authenticate their wireless
network

i also need this feature for my university, they use wpa2 with PEAP-EAP-MSCHAPv2 as well

maybe it's already mentioned here but checking the api I notived leap at http://developer.android.com/reference/android/net/wifi/WifiConfiguration.AuthAlgorithm
.html. Does this mean a developer could create an interface using this and provide an
app we can download. I assume not becuase some one would have already done this but the
question's got to be asked.

Great question colchambers.

Can anyone test if it's possible (using the recent SDK) to create a new WiFi profile
using WPA2 ?

I'd certainly be willing to give it a try.

I think the apps already available still require being root.

Wifi Helper can do it, but requires root. with root you can already config
wpa_supplicant to work with wpa enterprise, but galaxy has no root atm.

The main reason for big companies are not adopting Android is because of lack of
WPA2-Enterprise. 100s of folks have migrated to iphone just because of this. My
company size is 66000, and even if 1% people adopt it, it's a sale of about 6600
gphones. think about it ...

Latest code drop to the Donut branch included WPA2-Enterprise support.

@83 (cvaidya): 1% of 66000 is 660, not 6600 (66000 * 0.01 = 660)

@84: Does WPA2-Enterprise cover LEAP?

@86: I don't think so, no. It seems to me that LEAP [0] is some niche protocol by
Cisco?

[0] http://en.wikipedia.org/wiki/Lightweight_Extensible_Authentication_Protocol

I've added a new defect, http://code.google.com/p/android/issues/detail?id=3494, specifically for LEAP.

Intuit's San Diego campus needs this to help facilitate app development as we do not
get any TMobile service here. Our team just made our first app for the Android, but
it really hinders development and we can't easily share & demo the app with anyone on
the campus without wifi service.

@johnrissone: wifi helper from the market will allow you to configure this.

@gsgleason: I tried using that, buts its kind of not there yet. Like in my case it
tries to configure but since it takes long time in my office network(sometime upto 90
seconds) to get an IP address probably it times out much before that. Since mine is a
dev phone I tried playing arnd with WPA Supplicant config file too but no help.

I am hoping official support on this feature will be really helpful.

I've rooted my G1 and installed the Pro version of WiFi Helper, but I still can't get
this working.  It keeps prompting me for a network password to connect, but there
isn't one.  Just WPA2 authentication.

Now I have this network showing up, but I can't connect, I can't edit it, and I can't
forget/delete it.  Any suggestions?

Thanks,
pd

this is the only reason I rooted my phone, please add wpa2-enterprise support

Can anyone recommend any resources to help debug my wpa_supplicant.conf settings?

I've looked at my logcat output and found no useful hints, and I've also tried to run
wpa_supplication from the command line (so I could run with the -d or -dd options
...), but it's not been able to bind to the tiwlan0 interface.

Thanks,
-- Pat

need this feature too

Can you stop posting "me too" please and star the issue. I gather this is in donut
when it is released so if you're not going to root your phone, have a bit of patience.

According to the public donut code released donut has wpa2 enterprise 802.1x

Most schools use this kind of authentication... Please donut... I can't wait any longer.

WPA-enterprise is decently critical as I spend half of my time under a WPA-enterprise infrastructure.

I had the same problem as above befor. My school uses eduroam (wpa2-enterprise
security). I solved this for my HTC magic using the Wifi Helper app (thanks Fan
Zhang). The phone has wpa2-enterprise support (except in GUI). Add the network info
in the Wifi Helper, reboot the phone and it should work. (I do not know why the wifi
settings in the phone cannot update the network list with these kind of user infos
without reboot).

With the Samsung Galaxy and hand-edited /data/misc/wifi/bcm_supp.conf (it ignores the
/data/misc/wpa_supplicant.conf, so WifiHelper doesn't work) we (me and other people
in german android forum) get a system freeze and the following logcat output while
connecting to a wpa2-enterprise network:
22:00:05.679: DEBUG/WifiHW(1074): 'DRIVER LINKSPEED' command timed out.

forum link (german):
http://www.android-hilfe.de/root-hacking-modding-fuer-samsung-galaxy/5037-wpa_supplicant-conf-bzw-bcm_supp-conf.html

[Comment deleted]

I need this too. I cannot connect to the our corporate, huge corporate, intranet which
uses LEAP with dynamic WEP keys.

P.S. I bought a G1 to unlock and try it out before my contract is up. I may be going
with an iPhone if this isn't fixed soon. I tried using wifi helper to no avail.

Main reason why I'm not getting an Android phone..... lack of LEAP.

To comment, this still isn't fixed, I upgraded firmware in the last few days on my
HTC Hero, to 2.73.405.5, which like th 1.7.x rev in the shipped version, I'm able to
connect to WEP but _still_ cannot connect to a EAP-Enterprise secured network,
patience.exhausted(); argh!  connectivity like this should really be a priority!

I loaded Donut ROm on my G2 but the pb is still there (like Cupcake with Wfi helper).
I can connect the network with WPA2 but am not authorised through the proxy.

The 1.6 Android update includes a GUI for configuring 802.1x (certificate-based) wifi
authentication.  However I can't figure out how to get my client certificate onto the
phone where can be selected from the drop-down list of certificates.  I copied them to
the SD card, in a random directory.  Any other ideas?

I've got the 1.6 Android update and was successful in setting up wifi to use my
company's WPA-EAP (PEAP-MSCHAPV2) wireless setup. I got a valid IP address and could
ping various internal hosts. However, I cannot browse to any of the internal web
sites. I can telnet to port 80 and retrieve the raw html output, but browsing to them
just times out. I even tried Opera Mini and got the same result. Not sure why
browsing won't work when I can telnet and ping these sites.

[Comment deleted]

Same issue at my university as Tessa's.
 
The network SSID shows up as WPA-EAP secured network.
I set up the connection specifying EAP mode (in my case, TTLS), Phase Authentication
(which is PAP), identity (my username) and wireless password (my account's pwd), but
I do not see any way to import the network's security certificate.

Result: Nothing happens when I press 'Connect'. The network shows as 'Remembered'.

To be noted, a laptop I set up this morning with Ubuntu Jaunty 9.0.4 connects without
problems to my WPA-EAP network exactly using the same parameters above and without
any certificate!

I've received the Donut upgrade in my G1.  It appears that WPA2 Enterprise is
supported, but when you go to select a certificate is just says NA.  It seems that
the certificate needs to be placed on the phone somewhere so that it appears in this
dialog box.

I cannot find any documentation on this.  Anybody know how this works?

Android Dount has wpa_enterprise feature, use browser to import certificate,
but i do not know how to use, anybody know about this?

When is WPA2-enterprise support coming?

http://www.eduroam.org/
this is eduroam - a lot of university campus use it. how can it be possible that
android doesn't support it?!

At McGill University, the issue is solved for me

xxter,
would you mind illuminaing the rest of us who still cannot figure this out?
thanks!

[Comment deleted]

Please add WPA2 Enterprise.

I am on a 802.1X/dynamic WEP university campus network using with PEAP/MSCHAPv2 for
authentication and cannot for the life of me connect to my network. I have tried
hand-editing my wpa_supplicant.conf file with the following code block (certain
fields hav3e been altered for privacy):

network={
    ssid="myNetwork"
    key_mgmt = IEEE8021X
    group = WEP104 WEP40
    eap = PEAP
    phase2 = "auth=MSCHAPV2"
    ca_cert="data/misc/wifi/myCert.pem"
    identity="xxx"
    password="xxx"
}

Am I missing something? I am running CyanogenMod 4.2.1 on top of Android 1.6 with the
latest radio image. The phone will see my network, but identify it as WEP, without
the option to modify it. If I manually create a profile, the phone will never tie the
profile to the network, in other words, my phone will see the profile I created as a
separate network that is always "currently out of range". Any help would be appreciated.

I got this to work. Note that you have to turn WiFi off and on again in the settings.
Here's what worked for me at Imperial College if anyone happens to be here.

network={
        ssid="Imperial-WPA"
        key_mgmt=WPA-EAP
        eap=TTLS PEAP TLS
        identity="IC\me"
        anonymous_identity="IC\me"
        password="mypassword"
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"
}


Note that if you don't have access to a computer and are patient you can add this in
one step by running a command like:

echo "
network={
ssid=\"Imperial-WPA\"
key_mgmt=WPA-EAP
eap=TTLS PEAP TLS
identity=\"IC\\me\"
anonymous_identity=\"IC\\me\"
password=\"mypassword\"
phase1=\"peaplabel=0\"
phase2=\"auth=MSCHAPV2\"
}" >> /data/misc/wifi/wpa_supplicant.conf

Or something like that. I might have got the escaping wrong. Also note the two >'s.

WPA2-Enterprise support with TTLS/PAP and PEAP/MSChapV2 should be part of any basic
WiFi implementation, otherwise Android isn't suitable for use on anything resembling
a secure enterprise wireless network.  I'm on Sprint and have been tempted to switch
to an Android phone, but key features are missing (e.g. saving apps to SD) and I
won't switch to Android at this time.  With props to Cyanogen and others, rooting a
phone -- when possible -- shouldn't be necessary.

I can't believe this still isn't fixed after more than a year.  I've tried rooting my
phone, and using WiFi Helper, and I *still* can't get it to connect to my WPA2
Enterprise network.  On the iPod touch, it took less than 5 minutes, and it was
totally obvious.

This is inexcusable.

T Mobile G1, unrooted, running 1.6.
Cannot correctly detect dynamic-WEP, insists it is WEP and asks for WEP key.
Will not allow modification of detected settings.
Will not use manually set settings.

(and why am I not allowed root on MY machine - that is why I choose linux!!!)

This is really wierd........I dont get why Google would leave a key feature such as
this out till now. Even with Donut 1.6 I still cant connect to my Company's network.
WE use WPA2 EAP with verisign certifcates. As mentioned before nothing shows up
under certificates and it keeps asking for a password when we dont use one.

I have to praise the iphone for the full WPA2 EAP Support, it takes a min. to get
connected to our network on an iPhone.

Really disappointed from Google in this area.

[Comment deleted]

please add WPA-Enterprise functionality. All major enterprise locations use it. i'm
lucky and have access to an alternative while at work but it's open and less than
ideal.

Android 2.0 is marginally better in that there is a way to install .p12 certificates
(mostly for exchange support I take it).  Adding support for other certificates such
as cer should not be too difficult

The Ohio State University has a step-by-step for Droid phones running Android 2.x that may be helpful to those
here.

http://8help.osu.edu/4254.html

I got this to work for LEAP with dynamic WEP keys, but I had to root.

network={
ssid="XXX"
scan_ssid=1
key_mgmt=IEEE8021X
auth_alg=OPEN SHARED
eap=LEAP
identity="XXX"
password="XXX"
priority=1
}

I know several people at my company who just got Droid's and they're going to be
pissed off this doesn't work without rooting. Google, get your ass in gear.

I work at Purdue University which uses WPA-Enterprise, and winningham.2's solution
worked for me using Android 1.6(Donut) on my G1.

I have a Droid and need to access my company's wireless (see maximmold above).  The
rooted method seems very easy, but 1. I don't how to to root my Droid 2. The GUI
should allow for this.  Google, please update.

Just like some others, my university where I work, also uses EduRoam, but not WPA2.
It uses Dynamic WEP. Right now there is no way for me to either add the relevant
certificates or have the Wi-Fi manager distinguish this Dynamic WEP from normal WEP.
As far as I know, all universities in the Netherlands use Dynamic WEP for EduRoam at
this moment, so it's a major let down.

@winningham.2

Have you tested the instructions in your link (http://8help.osu.edu/4254.html) on a
Droid phone running Android 2.0? My Droid does not have any "pull down menu of 'EAP
Method'" etc.. When I select a network with 802.1x Enterprise it immediately prompts
for "the credential storage password," but doesn't ask for a username. Same results
when manually adding a network. Can you explain where this pull down menu is, or if
these instructions were written for an older version of Android? Thanks.

will the interim solution work for EAP-FAST authentication? I also need to specify a
specific port (10000)

Please release the wpa2 enterprise functionality.
As root users can specify the user/pwd manually, I think there is just a lack of
Input form. The fact we have to wait that long for such an import feature is just poor.

[Comment deleted]

I manually edited the wpa_supplicant.conf and added the entry below that works at the University of
Minnesota (WPA2 Enterprise, PEAP, MSCHAP V2). It was much simpler than I expected. Simply copy the file on
your phone at /data/misc/wifi/wpa_supplicant.conf, edit it and delete any existing entries for your access
point that are not working, and then save and overwrite the existing file on your phone. I don't think you need
root to do this. Again, these settings are for the University of Minnesota; you might need to tweak it for your
location.

network={
        ssid="your_access_point_name_goes_here"
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="username_goes_here"
        password="password_goes_here"
        phase2="auth=MSCHAPV2"
}

Ack! I found out after a reboot that I had also changed ownership of the file to
root, and the wifi stopped working (as described in issue 36905819). The fix that worked
for me was to chown the owner back to system.wifi as Xykivo recommends:

# chown system.wifi wpa_supplicant.conf

But this also means you DO need have root, which means this issue is still a problem
for some. :(

i need to install a Thawte Premium Server CA to use the wireless, but when i
downloaded the .cer file i am not sure what to do, or why it says "n/a" be default.

I am running android 2.0

This is HUGE!

[Comment deleted]

Can we get an estimate of when we can expect this to work? I have an HTC Magic, which
runs Android 1.5, and cannot connect to my company's network because I cannot get it to
prompt for user and password. Is this supposed to work in Android 2.0?

It seems like the issue is over an year old, and we received no official answer from
Google. More transparency on the issue, please.

This feature would be nice to have without needing to root the phone.  I get crap for
3g reception in my building but wifi is everywhere. it would be most beneficial.

[Comment deleted]

Exactly, and especially when htc tattoo can't be rooted. And this thread have been
going on for a year already - and the top few most stared thread here.

My wpa_supplicant.conf is like this.

network={
        ssid="WLAN"
        scan_ssid=1
        identity="myid"
        ca_cert="/sdcard/ca.der"
        password="mypwd"
        proto=RSN
        key_mgmt=WPA-EAP
        eap=PEAP
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"
}

But it doesn't work. My phone simply ignore my setting and shows the wifi, which has
exactly the same SSID, as WPA-EAP. The one I set up appears as "remembered, not in
range". That is to say, WPA2-Enterprise is not supported! Only WPA-Enterprise is!

On an Motorola Droid, so running Android 2.0

I have used the GUI to attempt to connect to my institution's wireless using: EAP-TTLS with PAP
The network SSID is broadcast so it's visible to clients to see it's there (on Android it says "Secured via WEP"). However,
the clients do need to have their 802.1x settings configured properly.

If I start from scratch (not having any networks "remembered"), I see my wireless SSID  in the list of networks. in
order to set the EAP-TTLS / PAP configurations, however, I have to "add wi-fi network". I set all configuration settings
as such:
SSID: "my-institution-ssid"
Security: 802.1x Enterprise
EAP Method: TTLS
Phase 2 Auhenication: PAP
CA Certificate: n/a
Client Certificate: n/a
Identitiy: my_wireless_uname
Wireless Password: my_wireless_password

After setting all this, it attempts to connect, showing "obtaining ip address" then all of a sudden stops and shows two
networks of the same name (the original "SSID" that's broadcast, and the new setting with the 802.1x settings).
Unfortunately, the original one still says "Secured via WEP" and the new one simply says "Remembered: not in range".
If I try to "change the password" on the 802.1x setting I made, it shows the admin interface, but I need to it all over
again for 802.1x configurations.

Eventually, I end up with a plethora of wireless networks, all with the same SSID, all (but one) saying "Remembered:
out of range" and one saying "Secured via WEP".

I'm just wondering if anybody has any thoughts on how to get this to work. I've communicated with my networking
department, but they I'm the only person on android on the network (most everyone else are on iPhones or
something). Any / all help appreciated!

Need support for WPA/TKIP/PEAP using domain credentials as authentication.  The
options offered are great - but also happen to be rarely implemented in most small
to mid-size businesses.  

Ernie (comment 151), I get the same exact behavior you are seeing with our
PEAP/MSChapv2 setup.  There is no way to remove (Forget) the automatically discovered
SSID that matches the one I configured.  This is really stupid to not allow editing
properties of auto-discovered SSID's!

Assuming that full support for encryption and EAS got implemented, we would probably
buy 200 of these phones.

seems either Google or Tmobile care about this topic. Nobody? I hate Google since it
produced G1, but G1 is just like its son without parents!

This is not a enhancement issue! It's Type-Defect!
It is Priority-Critical! Not medium!

I would love to have this feature ! My college have WPA2-Enterprise with strong
authentification and I can't have wifi in college with my handset, wifi would be
really useful for all data consuming apps :(

I think that adding WPA2-Enterprise to the OS GUI Wireless selections would really
open new doors for the Android OS. Having to hack the OS to enable it is not
something that the majority of users are able to handle, so that should not even be
considered a solution. If you really want to compete with Apple, you would seriously
consider adding this in an upcoming update.

I would love to have this Wifi 802.1x feature on Android.
this feature along with RSA secure ID support for IPSec/PPTP VPN are stopping me from
going for a Andriod Phone.

Work around to update file with root access is frustrating

Im Also for this, the lack of the certificates which can be used is horrible....

By the way for finding an easier solution i've enclosed our certificate at our school
(and the admin doesn't have a clule there -.-)

My office is using WPA2-enterprise, and my milestone is setting to
SSID: "xxx-sid"
Security: 802.1x Enterprise
EAP Method: PEAP
Phase 2 Auhenication: none
CA Certificate: n/a
Client Certificate: n/a
Identitiy: my_id
Wireless Password: my_password

The result is, I can obtain the ip address from DHCP, from app "static WIFI", both
gateway and dns are correct received. But I can't ping any of server, and can't
access any of website in my office, even I use IP address only.

ACK!

[Comment deleted]

Anyone have the default wpa_suppliment.conf file by any chance? I think I messed up
horribly.

Re: Comment 124  by tdhutt, Oct 29, 2009 (For the t-mobile pulse)
The top of /data/misc/wifi/wpa_supplicant.conf appears to be different (Re: Comment
54  by prakashr82, Jun 02, 2009)

ctrl_interface=DIR=/data/system/wpa_supplicant GROUP=system
update_config=1

network={
        ssid="Imperial-WPA"
        key_mgmt=WPA-EAP
        eap=TTLS PEAP TLS
        identity="IC\usrname"
        anonymous_identity="IC\usrname"
        password="paswrd"
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"

}

The file is much easier to change on your computer with the development tools.
adb -s devicename pull /data/misc/wifi/wpa_supplicant.conf wpa_supplicant.conf
adb -s devicename push wpa_supplicant.conf /data/misc/wifi/wpa_supplicant.conf
(devicenames can be seen from "adb devices" command)