Can't connect to Wi-Fi network that uses EAP / TTLS + PAP [36915220]

Obsolete

Bug

[AOSP] Version-2.1

Status Update

No update yet.

Description

sm...@gmail.com

created issue #1

Mar 5, 2010 04:12PM

Android code version you are running: 2.1 on the Google Nexus One but this
issue applies to other phones/OS versions as well.

Your development environment: Utilizing the latest SDK for 2.1

Describe the problem:

Steps to reproduce:
1.Add Wi-Fi network
2.Enter network SSID
3.Select 802.1x Enterprise under Security
4.Select TTLS under EAP method
5.Select PAP under Phase 2 authentication
6.Leave CA certificate set to N/A
7.Leave Client certificate set to N/A
8.Enter your username under Identity
9.Leave Anonymous identity blank
10.Enter your password under Wireless password
11.Click Save

Expected results:

I connect to the wireless network.

Observed results:

I never connect to the wireless network. The network shows up in the list
of available networks. However, it shows as "Secured with WEP". When I
click on the network to connect to it, I get prompted to enter the WEP key
for the network. This should not be the case.

Additional information:

When a wireless network connection is created utilizing the supplied
Android GUI, extra/unnecessary information that breaks the ability to
connect to the network is added to the wpa_supplicant.conf file.

Here is an example of the contents of the wpa_supplicant.conf file that
gets created by default by Android utilizing the GUI.

ctrl_interface=eth0
update_config=1

network={
ssid="ssidname"
scan_ssid=1
key_mgmt=WPA-EAP IEEE8021X
eap=TTLS
identity="wfiusername"
password="wifipassword"
phase2="auth=PAP"
priority=1
}

Here is an example of a file that works.

ctrl_interface=eth0
update_config=1

network={
ssid="ssidname"
scan_ssid=1
key_mgmt=IEEE8021X
eap=TTLS
identity="wfiusername"
password="wifipassword"
phase2="auth=PAP"
priority=1
}

Notice that simply removing "WPA-EAP" from "key_mgmt" resolves the issue
and allows for proper Wi-Fi network access.

Please fix as this is preventing Android from being adopted by major
corporations and universities.

Comments

sm...@gmail.com <sm...@gmail.com> #2Apr 9, 2010 02:28PM

Information redacted by Android Beta Feedback.

al...@gmail.com <al...@gmail.com> #3May 5, 2010 03:22PM

Thank you for reporting this issue. For us to further investigate this issue, please provide the following additional information:

Please upgrade to the latest release from the link V-QPR.If the issue still persists, please capture the new bug report along with the screen record or screen shot and share it here.

ma...@gmail.com <ma...@gmail.com> #4May 19, 2010 12:38AM

Upgrade was never offered. I was offered directly Android 16. I can't
install Android 16 as I want to leave beta.

<buganizer-system@google.com> schrieb am Do., 27. Feb. 2025, 08:55:

- Show quoted text -

or...@gmail.com <or...@gmail.com> #5May 24, 2010 03:57PM

Thank you for reporting this issue. We have shared this with our product and engineering team and will update this issue with more information as it becomes available.

nj...@gmail.com <nj...@gmail.com> #6Jun 2, 2010 05:26AM

Thanks for reporting this issue.

We are handling "No more paying via Wallet because the system is not up to date" wallet issue here.
Please file a separate ticket for "Upgrade was never offered to install android 16" with details.

mi...@gmail.com <mi...@gmail.com> #7Jul 9, 2010 09:59PM

Just want to add, same situation as yours, only it's been happening since December.
After upgrading to stable the issue persists.

ma...@gmail.com <ma...@gmail.com> #8Jul 9, 2010 10:05PM

The arrival of FroYo (Android 2.2 and now up to FRF91) and removal of the
need for a proxy at the host side fixed my problem in this regard without
the need to root the N1.

Stewart Adam on Android
***Google Nexus One***

to

sm...@gmail.com <sm...@gmail.com> #9Jul 9, 2010 10:28PM

Interesting. 2.2 doesn't fix it for me.

ju...@gmail.com <ju...@gmail.com> #10Jul 26, 2010 01:48PM

The problem seems to be the underlying WEP encryption layer. WPA/TTLS/PAP should work, and is even supported by the GUI in 2.1, but WEP/TTLS/PAP doesn't. Editing wpa_supplicant.conf with the settings from OP doesn't help much either. The GUI still regards this as a different network, which, ofcourse, is out of range. Exactly the same result as trying to create the connection with the GUI. These settings should work in Ubuntu though. I'm lost.

sm...@gmail.com <sm...@gmail.com> #11Jul 26, 2010 02:22PM

hmmm.... When I edit mine, I pull it to my PC, edit it, put it back and change permissions on it. The process goes something like this:

adb pull /data/misc/wifi/wpa_supplicant.conf C:/AndroidSDK/tools
<edit the file> (maybe take out the priority line will help?)
adb push C:/AndroidSDK/tools/wpa_supplicant.conf /data/misc/wifi/wpa_supplicant.conf
adb root
adb -d shell
cd /data/misc/wifi
chown system.wifi wpa_supplicant.conf
reboot

sm...@gmail.com <sm...@gmail.com> #12Jul 26, 2010 02:22PM

[Comment deleted]

ju...@gmail.com <ju...@gmail.com> #13Jul 26, 2010 02:44PM

I have a rooted G1 running Cyanogenmod 5.0.8 so i go

su
nano /data/misc/wifi/wpa_supplicant.conf

and edit the file, this shouldn't change permissions AFAIK

I just tried removing the priority line altogether, it doesn't change anything

sm...@gmail.com <sm...@gmail.com> #14Jul 26, 2010 03:14PM

jo...@gmail.com <jo...@gmail.com> #15Jul 26, 2010 09:45PM

Same issue as O.P. (on Droid X 2.1) is there any indication that anyone at Google has stepped out of the relaxation pod and taken a look at this?

sm...@gmail.com <sm...@gmail.com> #16Jul 26, 2010 09:54PM

Is this THE Jon Wolf (the one that I know from the place that we work)? I had the opportunity to exchange emails with dimitrysh@google.com who sort of looked into the issue and said that he would turn it into a feature request to have the ability to pick the kind of key management we want/need. I haven't heard jack since.

jo...@gmail.com <jo...@gmail.com> #17Jul 26, 2010 10:27PM

Nope it's a different Jon Wolf.

sm...@gmail.com <sm...@gmail.com> #18Jul 27, 2010 12:11AM

That's cool. Because the one I work with is a grade A jerk. ;)

to

sm...@gmail.com <sm...@gmail.com> #19Aug 20, 2010 08:27PM

Please see

http://code.google.com/p/cyanogenmod/issues/detail?id=1159#c21 for a workaround to the issue.

[Deleted User] <[Deleted User]> #20Aug 30, 2010 04:14PM

did not work on my nexus one running froyo 2.2

still looking for a fix. I see "secured with wep" (that android scanned and found) and my manually entered profile below it listed as "not in range"

ma...@gmail.com <ma...@gmail.com> #21Aug 30, 2010 04:28PM

Are you sure the wireless network is configured correctly in the APs?

This is very strange... Could you post the results of an iwlist scan made on a Linux PC?

sm...@gmail.com <sm...@gmail.com> #22Aug 30, 2010 04:58PM

The guy that setup the network is a Cisco CCIE. So, I can only assume that everything is correct. I see this issue in other manifestations all over the Internet. Any other device, be it laptop, netbook, or iPhone seems to be able to take advantage of our network. I have shown exactly what bit of the wpasupplicant.conf is the issue. We just need the ability to toggle the second bit of keymanagement off/on. Also, the link to the utility that was written to address this issue works like a charm. If I had a ton a free time on my hands, I would do what is asked of me. However, unless you are the guy that can implement the change and fix the issue for the next rev of the Android OS, I am going to have to hold off. However, if you ARE that guy, I would be more than happy to, one way or another, get you the information you desire so that you may fix the issue at hand.

ma...@gmail.com <ma...@gmail.com> #23Aug 30, 2010 05:04PM

I am the guy who wrote the utility

sm...@gmail.com <sm...@gmail.com> #24Aug 30, 2010 05:47PM

Oh...your utility is working fine.

dc...@hotmail.com <dc...@hotmail.com> #25Aug 31, 2010 10:15PM

What information would you want from an iwlist? Corporate security prevents me from providing specific outputs, etc., however general / anonymous information can be provided.

ma...@gmail.com <ma...@gmail.com> #26Sep 1, 2010 01:03AM

I'd need everything, except for the SSID, the BSSID and any IE fields present.
That way I can see why it reports "Secured with WEP".
(The question was for Ibrahim Husain, however, but replay if you have the same problem. Actually I've seen the same thing once myself.)

dc...@hotmail.com <dc...@hotmail.com> #27Sep 2, 2010 02:50PM

There are several "IE: Unknown" entries in the output from an iwlist that dump the dat in hex. I can see some of them contain information I cannot provide here (i.e. ESSID is one of them). Can you point me to a resource which shows how I can interpret the IE's and provide you just the specific information you require? Here's the info not including the IE's:
wlan0 Scan completed :
Cell 01 - Address: <data removed>
Channel:1
Frequency:2.412 GHz (Channel 1)
Quality=68/70 Signal level=-42 dBm
Encryption key:on
ESSID:"<data removed>"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
11 Mb/s; 12 Mb/s; 18 Mb/s
Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=<data removed>
Extra: Last beacon: 60ms ago

ma...@gmail.com <ma...@gmail.com> #28Sep 9, 2010 05:14PM

We have this problem with Android 2.2 only after build FRG22D was applied.
George Washington University

ji...@gmail.com <ji...@gmail.com> #29Sep 16, 2010 06:24PM

I'm a little confused about the 'phase2=" line. On my droid with bb v0.4, the phase2 authentication checkbox doesn't stay checked in the gui. Everytime I set it and check again, it goes back to None.

My file had
phase2="auth=GTC"

Why isn't it
phase2_auth="GTC"
or
phase2="GTC"

Well, turns out that changing it to 'phase2="GTC"' will result in the GUI showing the correct value. However, doing so and restarting wifi did not get me any closer to connecting to my corp wireless. There's definitely a bug there.

ci...@gmail.com <ci...@gmail.com> #30Sep 22, 2010 06:09PM

Having same problem. Will not save phase 2 settings. Droid FRG22D.

ja...@gmail.com <ja...@gmail.com> #31Oct 7, 2010 03:33PM

Same here Droid Frg22D

ja...@gmail.com <ja...@gmail.com> #32Oct 7, 2010 03:33PM

Same here Droid Frg22D

sh...@avivweb.com <sh...@avivweb.com> #33Oct 9, 2010 04:35PM

Can this be done without the root access etc?

cj...@gmail.com <cj...@gmail.com> #34Oct 13, 2010 07:33AM

Same problem for me with eduroam. I cannot connect with this network. A big trouble for people like me that use eduroam every day.

r....@gmail.com <r....@gmail.com> #35Oct 15, 2010 01:11PM

Same here with a nexus @ 2.2

ir...@gmail.com <ir...@gmail.com> #36Dec 31, 2010 05:09AM

I used Marcus905's WiFi Advanced Configuration Editor to uncheck the WPA_WEP flag, but the problem still persists. I'm still getting 2 SSIDs.

Some other things I've noticed through the app is that Hidden SSID is checked and none of the Auth Protocols are checked (doesn't 1EEE8021X require LEAP?). Also, all group ciphers have been checked and TKIP and CMIP is also checked for Pairwise ciphers.

Here's my entry, still getting 2 SSIDs.

network={
ssid="<mynetworkssid>"
key_mgmt=IEEE8021X
eap=PEAP
phase2="auth=MSCHAPV2"
identity="<mylogin>"
password="<mypassword>"
priority=2
}

Apparently unchecking the WPA_WEP bit is the only solution I've so far found, doesn't work for me though. Anybody have any other ideas? Will really appreciate it.

se...@gmail.com <se...@gmail.com> #37Jun 14, 2011 09:22AM

WiFi Ace doesn't work for me either :(
Still cannot connect to hidden SSID. :( Other friends can connect to hidden SSID without any problem!

se...@gmail.com <se...@gmail.com> #38Jun 14, 2011 10:50AM

So how can i achieve the following? What i have to install on my PC and on Mobile device?

adb pull /data/misc/wifi/wpa_supplicant.conf C:/AndroidSDK/tools
<edit the file> (maybe take out the priority line will help?)
adb push C:/AndroidSDK/tools/wpa_supplicant.conf /data/misc/wifi/wpa_supplicant.conf
adb root
adb -d shell
cd /data/misc/wifi
chown system.wifi wpa_supplicant.conf
reboot

se...@gmail.com <se...@gmail.com> #39Jun 14, 2011 12:34PM

doesn't work for me neither :( i have removed the WPA_WEP line before IEEE8021X. But i guess that is not the problem.

tb...@gmail.com <tb...@gmail.com> #40Jun 14, 2011 04:21PM

When I originally attempted using the WiFi Advanced Configuration Editor app to remove the WPA_WEP setting under Key Management, this didn't work for me either. I decided to give it another try a few weeks ago, and it finally worked -- with one other adjustment. In addition to removing the WPA_WEP setting (leaving only 'IEEE8021X' under 'Key Management'), I also had to ensure the following items were checked under 'Auth Protocols':

*OPEN
*LEAP

I hope this works for some of you as well!

ci...@gmail.com <ci...@gmail.com> #41Dec 6, 2011 09:54PM

When do you guys will add CKIP encryption to android because Windows have it and Symbian have it. My network is OPEN/LEAP/CKIP.

en...@google.com <en...@google.com> Mar 15, 2015 10:18PM

Status: Won't Fix (Obsolete)

mr...@gmail.com <mr...@gmail.com> #42Mar 16, 2015 05:35AM

I know this issue has only just been listed as obsolete - but I've been having this problem still for weeks. I'm not sure what further information you require but:

Samsung GS4 (GT-I9506)
Android 4.4.2 - OTA release
Non-rooted device

I've tried obtaining the wpa_supplicant.conf file to see if there is additional information but ADB suggests that I do not have permission. (I imagine this is because I do not have root)...

I've tried forgetting networks and re-adding. I've tried wifi fixer tools, I've tried advanced config editors.

I think I'm able to obtain a debug log if that helps, I'm just not sure I know how to limit it to only relevant information.