WPA2-Enterprise with username/password?

  • Hi.
    I just found this product, and it seems promising.
    But I need to be able to connect Libreelec to an Enterprise WIFI network that uses username/password.
    But I get an error when trying to connect to such networks: Network Error: Invalid arguments.

    Is there a way to achieve this?

    Thanks.

  • WPA2-Enterprise should be supported but the GUI for configuration was never implemented in our settings add-on as the developers in the team who created the add-on never had access to such a network to test with (not very common in domestic scenarios). If you do things under the hood it should be possible to use; but this will require you to experiment. Start with "connmanctl" .. something like:

    connmanctl
    agent on
    scan wifi
    services
    connect <name of service> <= tab autocomplete works here

    When you connect to a normal network it asks for username/pass when connecting. I've never had an Enterprise network to test against, but maybe it asks you for all the required information. If yes, please report back :)

    If not, have a look at Talk:Wireless network configuration - ArchWiki and Google for other examples of configuration and do some experiments. We store connman service configuration in /storage/.cache/connman/

    NB: You will of course need an SSH connection via Ethernet to set this up. It's no issue to have two active connections; Ethernet takes precedence.

  • Hi.
    I just tried this, but get exactly the same error: Invalid Arguments.

    WPA2-Enterprise seems to require /etc/wpa_supplicant/wpa_supplicant.conf, and that does not exist in your builds.
    Can it still be created, though?

    Edit: I see now that I actually CAN run wpa_supplicant, but I'm not able to create a wpa_supplicant.conf file: Read-only file system.

    Thanks.

    Edited once, last by Dal (October 31, 2016 at 10:30 AM).

  • Hello again.
    I looked into this some more, and I got it working!

    Here's how:
    I created a file called connman-service.config under /storage/.cache/connman
    In that file I put this information (for PEAP logon onto a WPA2 Enterprise network):

    [service_name] - Must be unique for each SSID you have on your network
    Type = wifi
    Name = name_of_SSID
    EAP = peap
    Phase2 = MSCHAPV2
    Identity = username
    Passphrase = password

    I rebooted, and voila! It works!

    One question, though: Is it possible to encrypt the password with MD5 or something? For security reasons..

    Thanks again.


  • One question, though: Is it possible to encrypt the password with MD5 or something? For security reasons..

    The client needs the password as-is, hashing it isn't possible.

    Btw. MD5 is far from being secure, so better forget about it.

  • The client needs the password as-is, hashing it isn't possible.

    Btw. MD5 is far from being secure, so better forget about it.

    Ok, thanks for the information.
    Maybe there is a way to reduce what subnet blocks that can SSH into LibreELEC then?

    Thanks again.

  • Hi,

    I tried this and did not have any success. I currently use the latest Libreelec build. Now that version 8 is out I am wondering if there were any changes I have to take in account to get this working. Does someone know how to use WPA2 Enterprise PEAP with Libreelec in Version 8?

  • Hi,

    I tried this and did not have any success. I currently use the latest Libreelec build. Now that version 8 is out I am wondering if there were any changes I have to take in account to get this working. Does someone know how to use WPA2 Enterprise PEAP with Libreelec in Version 8?

    Maybe you already managed but if not. Here you are.

    Using version 8 what i did:

    In a file oceano.config under /storage/.cache/connman/
    the service name seems to be important, read:

    External Content gist.github.com
    Content embedded from external sources will not be displayed without your consent.
    Through the activation of external content, you agree that personal data may be transferred to third party platforms. We have provided more information on this in our privacy policy.

    after that:
    connmanctl scan wifi
    connmanctl services

    once you see the * along the SSID you are done:

    connmanctl connect SERVICE_NAME_CONNMANCTL_SERVICES_GIVES2U

  • Hi,
    I am also trying to connect my raspberry Pi 3 model B, with kodi with LibreELEC 9.2.0.

    I wrote the config files like (name of the file oceano.config) :

    [service_wifi_5550432057692d46726565]

    Type = wifi

    Security = [WPA,WPA2]

    EAP = peap

    Phase2=MSCHAPV2

    SSID = 5550432057692d46726565

    Identity = username

    Passphrase = password

    MAC = macAdress

    i use the hex SSID code because the name of the network contains a space.

    The network finds the configs nad tries to connect but the status is always failure. I also tried to make the wait time higher, but with no success.

    I was not able to find some log file that could help me.

    Any ideas??

    • Official Post

    You can either add "debugging" to kernel boot params in config.txt and then reboot and connman will be running in debug mode which means the systemd journal (and the entire system) will be very verbose .. or you can stop connmand from running (systemctl stop connmand) and manually restart it with -d to run in debug mode.