WPA2-Enterprise with username/password?

  • Hi.
    I just found this product, and it seems promising.
    But I need to be able to connect Libreelec to an Enterprise WIFI network that uses username/password.
    But I get an error when trying to connect to such networks: Network Error: Invalid arguments.


    Is there a way to achieve this?


    Thanks.

  • WPA2-Enterprise should be supported but the GUI for configuration was never implemented in our settings add-on as the developers in the team who created the add-on never had access to such a network to test with (not very common in domestic scenarios). If you do things under the hood it should be possible to use; but this will require you to experiment. Start with "connmanctl" .. something like:


    connmanctl
    agent on
    scan wifi
    services
    connect <name of service> <= tab autocomplete works here


    When you connect to a normal network it asks for username/pass when connecting. I've never had an Enterprise network to test against, but maybe it asks you for all the required information. If yes, please report back :)

    If not, have a look at Talk:Wireless network configuration - ArchWiki and Google for other examples of configuration and do some experiments. We store connman service configuration in /storage/.cache/connman/


    NB: You will of course need an SSH connection via Ethernet to set this up. It's no issue to have two active connections; Ethernet takes precedence.

  • Hi.
    I just tried this, but get exactly the same error: Invalid Arguments.


    WPA2-Enterprise seems to require /etc/wpa_supplicant/wpa_supplicant.conf, and that does not exist in your builds.
    Can it still be created, though?


    Edit: I see now that I actually CAN run wpa_supplicant, but I'm not able to create a wpa_supplicant.conf file: Read-only file system.


    Thanks.

    Edited once, last by Dal ().

  • Hello again.
    I looked into this some more, and I got it working!


    Here's how:
    I created a file called connman-service.config under /storage/.cache/connman
    In that file I put this information (for PEAP logon onto a WPA2 Enterprise network):


    [service_name] - Must be unique for each SSID you have on your network
    Type = wifi
    Name = name_of_SSID
    EAP = peap
    Phase2 = MSCHAPV2
    Identity = username
    Passphrase = password


    I rebooted, and voila! It works!


    One question, though: Is it possible to encrypt the password with MD5 or something? For security reasons..


    Thanks again.


  • One question, though: Is it possible to encrypt the password with MD5 or something? For security reasons..


    The client needs the password as-is, hashing it isn't possible.


    Btw. MD5 is far from being secure, so better forget about it.

  • The client needs the password as-is, hashing it isn't possible.


    Btw. MD5 is far from being secure, so better forget about it.


    Ok, thanks for the information.
    Maybe there is a way to reduce what subnet blocks that can SSH into LibreELEC then?


    Thanks again.


  • Maybe there is a way to reduce what subnet blocks that can SSH into LibreELEC then?


    Well, then autostart.sh and iptables are the things you need to check and learn next.


  • Hi,


    I tried this and did not have any success. I currently use the latest Libreelec build. Now that version 8 is out I am wondering if there were any changes I have to take in account to get this working. Does someone know how to use WPA2 Enterprise PEAP with Libreelec in Version 8?

  • Hi,


    I tried this and did not have any success. I currently use the latest Libreelec build. Now that version 8 is out I am wondering if there were any changes I have to take in account to get this working. Does someone know how to use WPA2 Enterprise PEAP with Libreelec in Version 8?

    Maybe you already managed but if not. Here you are.

    Using version 8 what i did:

    In a file oceano.config under /storage/.cache/connman/
    the service name seems to be important, read:

    after that:
    connmanctl scan wifi
    connmanctl services

    once you see the * along the SSID you are done:

    connmanctl connect SERVICE_NAME_CONNMANCTL_SERVICES_GIVES2U

  • Hi,
    I am also trying to connect my raspberry Pi 3 model B, with kodi with LibreELEC 9.2.0.

    I wrote the config files like (name of the file oceano.config) :


    [service_wifi_5550432057692d46726565]

    Type = wifi

    Security = [WPA,WPA2]

    EAP = peap

    Phase2=MSCHAPV2

    SSID = 5550432057692d46726565

    Identity = username

    Passphrase = password

    MAC = macAdress


    i use the hex SSID code because the name of the network contains a space.


    The network finds the configs nad tries to connect but the status is always failure. I also tried to make the wait time higher, but with no success.


    I was not able to find some log file that could help me.


    Any ideas??

  • You can either add "debugging" to kernel boot params in config.txt and then reboot and connman will be running in debug mode which means the systemd journal (and the entire system) will be very verbose .. or you can stop connmand from running (systemctl stop connmand) and manually restart it with -d to run in debug mode.