Samsung Vibrant and 802.1x WEP…

If there is an easier or non-root required method to what I’ve outlined here, please I’m ALL EARS.

Summary:

I pretty much hate Samsung or Android, not sure where to direct my h8, but whatever.  I wasn’t going to let it beat me.  Essentially I needed to connect to an AP that uses 802.1x WEP, PEAP, and MSCHAPv2 radius authentication to get access.  Not that difficult on my iPhone w/ the use of profiles, but Android/Samsung wasn’t as easy.  Here it is in a nutshell:

Nitty Gritty:

  1. Follow the instructions on how to root your Vibrant.
  2. Once your vibrant has been rooted, you need to download and install the SDK.
  3. Turn off your phone’s Wifi, and turn USB debugging on (Settings –> Applications –> Development).
  4. This is where it gets interesting (Windows method):
    1. Open a command prompt, go to where you installed the SDK, tools folder. (My case was where I downloaded it which was the desktop)
    2. Type adb shell
    3. This brings you to the Android shell prompt, which starts w/ a $ symbol, now type su
      1. Your phone, if rooted properly, should pop-up w/ a permission request, touch accept or ok, can’t remember how it pops up.
    4. Once in your root the prompt should now show the # symbol.  Now type busybox cp /data/wifi/bcm_supp.conf /sdcard
      1. This copies your current WiFi config file to an area that you can pull from the phone w/o root creds.
    5. Now hit Ctrl-C to get out of the shell prompt.
    6. Type adb pull /sdcard/bcm_supp.conf C:\
      1. This places the bcm_supp.conf file on the root of your C drive.  Feel free to place it elsewhere.
    7. Open the file w/ your text editor of choice (notepad is built in, but I prefer notepad++) 
    8. If you’ve attempted configuring an 802.1x connection, you should see an entry like something below:
        9. network={
            ssid="SomethingRidiculousUsually"
            scan_ssid=1
            key_mgmt=WPA-EAP IEEE8021X
            eap=PEAP
            identity="YourUserName"
            password="YourPassword"
            phase2="auth=MSCHAPV2"
            priority=4
        }



    9. The above entry is configured for 802.1x WPA, some lines need to change as highlighted below:

        10. network={
        ssid="SomethingRidiculousUsually"
        group=WEP104 WEP40
        auth_alg=OPEN SHARED
        scan_ssid=1
        key_mgmt=IEEE8021X
        eap=PEAP
        phase1="peapver=0"
        identity="YourUsername"
        password="YourPassword"
        phase2="auth=MSCHAPV2"    
        priority=1
        }

    10. Once you’ve made your changes, save the file.  Now we need to place this modified file back in the mix.

    11. In the command prompt, type adb push C:\bcm_supp.conf /sdcard


      1. The path will be different if you place the bcm_supp.conf file elsewhere.  We can’t directly copy because adb can’t run as root yet.

    12. Now type: adb shell.  Then type: su (to get into root mode).

    13. Now to apply the conf file type: busybox mv /sdcard/bcm_supp.conf /data/wifi/bcm_supp.conf

    14. Now simply hit CTRL-C to exit the console.  If everything was done correctly, you should be able to turn on your Wifi on the phone and get a successful connection to your 802.1x WEP secured AP.

Caveats


Usually domain networks require you to change your password, so you may have to do this exercise every time you change your password.  Hopefully Android fixes this.

Comments

Mikey said…
Thanks, this worked for my Samsung Behold 2. Now I'll hang on to it a little longer.
September 15, 2010 at 1:16 PM
Anonymous said…
Thanks! I'm able to connect my Nexus One to WLAN 802.1x WEP network!
December 28, 2010 at 3:46 AM
Post a Comment

Popular posts from this blog

NSX-T: Release associated invalid node ID from certificate

Image
Summary: Basically had an expiring certificate registered in NSX-T that was associated to a node_id that is no longer valid.  Long story short, there wasn't anything obvious in API to delete or disassociate a certificate from a node_id for 3.2.2.  Not sure how things got in this state, but annotating for future reference.  This may change in future revisions, so always check API for latest. Details: Effectively had a stale node associated w/ a certificate that was expiring.  Could not delete certificate until that node was disassociated from the certificate. To get certificate details and associated node_id's, you can use the following curl call (UI works too): curl -k -X GET -H "Content-Type: application/json" -u admin https://<manager ip>/api/v1/trust-management/certificates/<cert UUID> Above will return something like this: Below must be run from one of the manager nodes via elevation to root: ONLY RUN THIS IF YOU ARE ABSOLUTELY SURE OF WHAT YOU ARE DO...
Read more

NSX-T: vCenter and NSX-T Inventory out of Sync (Hosts in vSphere not showing up in NSX-T)

Image
Summary: NSX-T loses synch w/ vCenter inventory, but statuses don't appear to show an issue.  Basically, you add a host to a vCenter cluster, NSX-T bits should start to automatically installing on new host.  Assuming you've created a Transport Node Profile and associated w/ the cluster.  The problem is that NSX-T doesn't see the new host and its link to the compute manager (vCenter) looks fine. Looks fine, Y U NO WORK!? So what's going on here?  This appears to affect NSX-T 2.5 and 2.5.1.  Cause is unknown. Workaround: Restart the cm-inventory service on each NSX-T mgmt/controller node using API or CLI. Details: If you were to query the status of the cm-inventory via API or CLI, you could query all 3 manager/controller nodes and get a status of running.  Even if the primary node associated w/ the VIP, if configured, is not necessarily in charge of inventory.  So you could restart the cm-inventory service till you are blue in the face ...
Read more

MacOS: AnyConnect VPN client was unable to successfully verify the IP forwarding table modifications.

Image
The VPN client was unable to successfully verify the IP forwarding table modification.  A VPN connection will not be established. Summary: I started running into issue utilizing Cisco AnyConnect on my Mac basically complaining about not able to overwrite IP forwarding tables.  This was on 4.6.x.  Since my VPN endpoints were not providing me w/ an updated client and w/ no access to Cisco Anyconnect downloads, my only option was to try openconnect.  It was totally worth it, here is why and how to set it up. PreReqs: Homebrew Installing OpenConnect: Launch MacOS Terminal brew install openconnect Getting VPN IP's/DNS Endpoints from AnyConnect: The information is typically located in your profile xml files located here: /opt/cisco/anyconnect/profile/somethingsomething.xml In the xml file, you are looking for "<HostAddress>typicallyaDNSName.com</HostAddress>" entry.  These are your VPN endpoints that you would need to pass to openconnec...
Read more