UPDATE: If you want to breeze through this walk-through by copying and pasting the relevant entries, simply highlight the text you want to copy, switch over to your command line shell and press down with four fingers on the touch pad -- it seems like this is a special kind of copy/paste functionality for the Cr-48. Be sure to manually edit your info where necessary.
Okay, after setting up my school wireless connection on my Cr-48 every day, for a month, from scratch(!), I'm delighted to announce I've finally come up with a one-time solution, thanks to Nick Naro.
So you're aware, this post builds off a previous post I wrote on 1/29/11, input from Jay Lee's blog, and is originally founded on David Burrow's instruction set.
Next, I'M WRITING THIS FOR PEOPLE WHO SIMPLY WANT A LIST OF WHAT TO DO. To that end, this how-to can be followed character for character. KEEP IN MIND THAT YOUR NETWORK SETTINGS MAY BE DIFFERENT (e.g., yours may use TKIP instead of CCMP, as in mine, below), SO PLEASE CHECK THEM AND MAKE CHANGES WHERE NECESSARY. Also, if your network requires a security certificate, I believe you will be out of luck (period) until the Chrome team fixes an issue with security certificates.
Please note that this method will save your password to your hard drive.
Also, please note the usual disclaimer that if you accidentally type something in wrong and blow up your computer, it's your bad, and I will be hesitant to cry for you. On the other hand, I typed loads of stuff wrong, myself, and failed to have anything blow up (or make trouble).
With that said, let's dive in.
Type in exactly what I have shown and hit enter, except for #1. (Be sure to exclude the explanatory remarks and numbering).
1. ctrl+alt+t
This takes us into crosh, the "command line" center for Chrome OS, based on Linux (this area's like MS-DOS).
2. shell
This takes us into the bash shell (the title's unimportant, other than having the label handy, if necessary).
3. sudo -s
This takes us into what's often referred to as "root," which is where we can make substantial system changes (I imagine it's distantly similar to the Windows registry, in terms of how much it can change).
4. cd /mnt/stateful_partition/home/chronos
This means we're navigating to our home folder, home/chronos. I believe cd simply tells the system to navigate to the directory I list.
5. qemacs AUTOWIRELESS.sh
Qemacs opens up a simple text editor for us, where we'll be creating a script (like an Excel macro). Autowireless is what I named my file; I suggest naming yours the same, unless you want to remember throughout that yours is different. The .sh, I assume, stands for a script file extension.
6. Enter the following (including the \ marks) in the blank page that's opened up, recalling that you may have some variation (I assume at least your ssid (network name), identity, and password will be different than mine):
wpa_cli add_network
wpa_cli set_network 0 ssid \"Securewireless\"
wpa_cli set_network 0 scan_ssid 1
wpa_cli set_network 0 proto WPA2
wpa_cli set_network 0 priority 1
wpa_cli set_network 0 key_mgmt WPA-EAP
wpa_cli set_network 0 eap PEAP
wpa_cli set_network 0 pairwise CCMP
wpa_cli set_network 0 group CCMP
wpa_cli identity 0 "username"
wpa_cli password 0 "password"
wpa_cli set_network 0 phase2 \"auth=MSCHAPV2\"
wpa_cli select_network 0
7. ctrl+x and then ctrl+c
As in the keyboard keys. In other words, press the ctrl key with x and then the control key with c. This saves your file and exits the script editor.
8. chmod +x AUTOWIRELESS.sh
I'm unsure exactly what this does. I presume it gives the file special permissions or something.
9. sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
I believe you will be able to take this step immediately after #8. If you fail to see a 3-6 line list describing how things have been changed (look for the word kernel in there), then type exit then sudo -s and try again. The "remove_rootfs_verification" command makes it so we can edit some system files that are normally "read only" (unchangeable).
10. Reboot (you may want to type exit and exit and exit first, to be completely out of crosh -- although, I doubt it really matters).
11. Login to your account and repeat steps #1-3.
12. mkdir /mnt/stateful_partition/home/backupScripts
I assume that here we're simply making a backup folder to store a file in a moment. I believe mkdir means make directory.
13. cp /etc/init/login.conf /mnt/stateful_partition/home/backupScripts/login.conf.original
I believe we're simply copying the login.conf file into its new backup location. I assume cp means copy path. Make sure you have a space in between /login.conf and /mnt/.
14. cp /mnt/stateful_partition/home/chronos/AUTOWIRELESS.sh /etc/wpa_supplicant/AUTOWIRELESS.sh
Here, like in #13, we're copying a file from one place into another. In this case, we're copying our network script into the folder that runs wireless commands at account login. Note the space between .sh and /etc/.
15. qemacs /etc/init/login.conf
We're editing the file that tells the system what to do at login.
16. Add ./etc/wpa_supplicant/AUTOWIRELESS.sh just below touch /var/run/state/logged-in
So, go, with your cursor, to the end of the /logged-in line, press enter and add the ./etc/ entry. We're telling the system to run our network connection script at login.
17. ctrl+x and ctrl+c
This is the same save/quit command as we did in #7.
YOU'RE DONE! Wahoo!!! (I suppose your rejoicing will depend on whether it works.) I believe you may need to enter your ssid each time you login and perhaps your phase2 info (see #6).
TROUBLESHOOTING:
If you have any issues, I strongly suggest you first check your script: Do steps #1-3 and then type cd /mnt/stateful_partition/home/chronos. Next type qemacs AUTOWIRELESS.sh. Do the entries in your file match up with what I have in #6, exactly, except for where your network varies?
Next, you can test if your script is working, by doing steps #1-3 and then typing bash /etc/wpa_supplicant/AUTOWIRELESS.sh. The system will run every instruction from your script and present OK or FAIL, after every entry. If you get FAIL, that means a line in the script needs to be fixed (so go back to the paragraph immediately above and follow those steps).
Finally, please ask me for help, if you're having issues, or contact your IT department or friendly Linux person.
I hope this helps you with the few days or weeks we have left with the manual network connection workaround!
52 comments:
Thanks for this detailed write up. I've gathered from your posts that you are from the University of Cincinnati, as am I, so this should make my life easier. I spent several hours last week trying to get on, with no luck. I'm going to try this out when on campus tomorrow.
You're very welcome! I hope it works for you.
Please see the previous post's bssid section, if you run into troubles, as I think UC's network requires a specific frequency or something (at least my Cr-48 seems to have a preference):
http://cougarabogado.blogspot.com/2011/01/how-to-fix-your-wpa2-enterprise.html
I'm assuming you have to be in developer mode for this to work? I tried typing in "shell" in normal mode and it didn't work. The list of commands was pretty tiny.
Also I'm assuming that we have to stay in developer mode to make use of this hack. If not do you have any info on what I can do to have this in normal mode?
Thanks for the writeup!! I can't wait to try this.
Yes, I presume the user has to be in dev mode and I imagine the fix would break if the user reverted to beta.
Glad to help, and I hope it works out for you.
Thanks for the reply. That makes sense.
Also I am sort of able to get it to work. So I completed everything exactly as you have it with the exception of having my password stored in clear text on the local drive. I cannot do this is anyway shape or form without worrying about losing my job, not to mention it is against company policy, and highly unethical from a company/employee standpoint.
I would need to find a way to have it prompt me for a password. If you know of anything that might help me in that search it would be greatly appreciated.
I'm unsure how to make it a blank variable. On the other hand, I suggest simply removing the password line from the script and manually setting it with this command in wpa_cli (so type in wpa_cli from #3 in my instructions):
set_network [#] password "yourpassword"
With # being the number for the network. If you're unsure which it is, type list_networks from the wpa_cli program.
Let me know if that solves the problem.
So I checked my script using the bash argument you supplied. Everything gets "ok". I then went into "wpa_cli" and typed in the command with my password. It accepted the command but it did not connect.
I'm going to verify one other thing, but it should allow me to connect on the networking side.
Well I think I just figured out the problem. I did some troubleshooting with "wpa_cli" (which is an increbily useful tool) and the cr-48 supports WPA, but doesn't appear sto support WPA2. And the wireless network is WPA.
Unless I'm missing something I think I'm sunk without the wireless network supporting WPA or the cr-48 supporting WPA2.
Hmm, I'm confused about the conclusion that the Cr-48 lacks WPA2 support.
I'm about 100% confident that the network I'm connected to, right now, is WPA2-enterprise (especially since one line of my network settings is "proto WPA2").
When I type "get_capability proto" it states "RSN WPA"
Can you verifiy only WPA2 is being broadcast with "scan_results". When I do so I see "only WPA2-EAP-CCMP" next to my SSID. I do not see a "WPA" version.
Yeah, I think I also remember seeing the RSN when I did the same command.
So I get the impression that your network is WPA2 and yet it seems like the Cr-48 is WPA, correct?
Does your script have proto WPA2 in it?
Cougar, thanks for helping me with this and being patient. I really appreciate it!!
I Double checked the script and everything looks good. I have "WPA2" in place of WPA. I do not have the password line in however. I used wpa_cli to enter a password for network 0 and it accepts the command. I exit out to the OS and nothing. It sees the SSID, but it is grayed out and I cannot connect. Nor does anything else appear to take place.
If you think the cr-48 supports WPA2 then I would say I need to double check my steps. But it would help if you could verify you are connected to your wireless network with WPA2 by running "scan_results". If you only see WPA2 next to your wireless network then I would say we have confirmation the cr-48 works on WPA2.
You're very welcome, sir. I'm glad to help.
How confident are you that your script's settings match up with the network's requirements? E.g., Nick Naro's script has TKIP instead of CCMP. I wonder if there could be an issue there.
Regarding my connection, I ran scan_results and part of it reads, "[WPA2-EAP-CCMP][ESS]."
Interesting point. I run scan_results and get the same exact thing. So I'm assuming I should probably be using the setup you have. I checked my script again and everything looks fine. I ran back through your guide to make sure I didn't miss anything and checked closely for spelling erros or mistakes. Everything as best I can tell looks fine.
Just for the heck of it I tried connecting to another WiFi network and to Verizon. Neither worked. I'm wondering if I should go back to normal mode recover and try again. If I'm having connection issues to networks that are wide open and to Verizon I might have something else going on that is screwing things up...
So, you're unable to connect anywhere?
Okay, now things seem to be okay again. I shut down and went to a different location. On boot up I was able to connect to Verizon via celluar. But I still cannot connect to my Enterprise wireless.
Just out of curiosity I tried hardcoding the password. No go...
Can you connect to your enterprise just using wpa_cli, rather than using a script?
What do you mean by hardcode?
OK! All problems resolved now. I found a typo in the script which seemed to be causing most of my issues. I fixed that and was able to connect with my password in the script.
But with password not in the script I had to go into wpa_cli and wait for it to prompt with something stating it needs a password. Then I can run the password command and everything works fine.
My problem was, besides the typo, I was not waiting for the prompt before attempting to send the password.
Thanks Cougar and sorry for dragging this out.
Hurray! I'm glad to hear it's working, and I'm very comfortable with the amount of questions.
Please follow up with any additional questions/observations you like.
Well, I finally got around to trying to get connected to Securewireless today and your instructions worked like a charm. At first it connected by I couldn't pull up any pages, but
I followed bssid instructions you mentioned and now it connects every time I log in. (At least from my office, I'll have to see what happens at another AP.)
You get +1 for taking the time to not only figure this out, but to share what you have learned with the rest of the world. You sir, are what is good about the internet. I will make sure to link to your blog when I write up my review. Thank you once again.
I'm glad it worked out for you, and thanks for your compliments, I really appreciate it.
I look forward to seeing your blog review.
Please come back with any questions/comments.
I'm getting an error for my network SSID
"
Invalid SET_NETWORK command: needs three arguments
(network id, variable name, and value)
"
in my script its
"
wpa_cli set_network 0 ssid \"UCC Students\"
Thanks a lot for writing this. This post sure helped a lot.
I have successfully connected to our school WPA2 enterprise wireless twice, but somehow it does not work every time.
So this is what confuses me the most. I have some success but it does not work every time.
I tried using wpa_cli to manually connect using the network setting, and I got:
<3> WPA: failed to get master session key from EAPOL state machines
<3> WPA: Key handshake abort
Do you have any possible explanation for this?
Again thanks a lot for this post.
@Shane. Have you tried UCC_Students, rather than UCC Students? Looking at a list of available networks, where I'm at, I think any ssid with two words has an _ symbol in between them.
Please let me know.
@Anon. Were the problems arising from a script you wrote or from a manual setup?
If from a script, have you tried the bash suggestion in the TROUBLESHOOTING section? If you see a line that says "FAIL," that will indicate an error in the script.
Other possible explanations could be an incorrect password (I do that a lot! -- I have something like a 24 character password) or a bssid frequency mix up. When I'm at school, my Cr-48 seems to play nice only with bssid frequencies above 5000. If you think that could be the case, try to identify a bssid frequency above 5000, select it by entering bssid "[bssid address, like 00:1a:13:26:etc.]" Then enter reconnect.
Sometimes I seem to have to log out and then log back in.
You may also try the command, reassociate.
For more possibilities, try the command help.
Please let me know how it goes for you.
When I run a scan I see [WPA-EAP-TKIP+CCMP][WPA2-EAP-TKIP+CCMP][ESS]. So it appears as though I need to set the pairwise to TKIP CCMP. When I try to do this:
set_network XX pairwise TKIP CCMP
I get the following error:
FAIL
I have tried quoting them, entering them as TKIP+CCMP, and other options but to no avail, so I am clearly missing something obvious.
Any suggestions or assistance would be appreciated.
Regards,
Todd
Todd, try entering either just CCMP or TKIP (I believe CCMP is the correct entry). I'm very confident the entry will need only one or the other.
Please let me know how it goes.
I'm still working on writing out the script to make this run at boot. However, just as an update, my school uses and cerfificate, and after entering all the network settings in, it pull the cert info off the server, I didn't even manually enter it. I'm running a Developer build...
Help!
I get this when running bash
Selected interface 'wlan0'
0
/etc/wpa_supplicant/AUTOWIRELESS.sh: line 11: unexpected EOF while looking for matching `"'
/etc/wpa_supplicant/AUTOWIRELESS.sh: line 14: syntax error: unexpected end of file
dsmitty, having looked at this link, http://linuxcommand.org/wss0100.php, I believe the issue is a missing quotation mark.
At the linked site, ctrl+f search for the section "Missing quotes," and I think you'll see what I mean.
Does adding the ending quotation mark fix the error?
When I originally configured the wireless connection I set the pairwise to CCMP as well a TKIP as you suggested; both fail.
I followed your instructions as follows:
Lunch wpa_cli
add_network
>1
set_network 1 ssid "WirelessB"
set_network 1 scan_ssid 1
set_network 1 proto WPA2
set_network 1 key_mgmt WPA-EAP
set_network 1 eap PEAP
set_network 1 pairwise CCMP
set_network 1 group CCMP
set_network 1 identity "usernamehere"
set_network 1 password "passwd_here"
set_network 1 phase2 "auth=MSCHAPV2"
Before selecting the network I do a scan_results, which results in the following; there are more entries, but I am only interested in WirelessB:
00:17:df:2c:1b.f1 2462 -84 [WPA-EAP-TKIP+CCMP][WPA2-EAP-TKIP+CCMP][ESS] WirelessB
00:17:df:2c:1d.80 2412 -78 [WPA-EAP-TKIP+CCMP][WPA2-EAP-TKIP+CCMP][ESS] WirelessB
There are several other bssid / frequency, signal level entries for WirelessB as well.
When I issue the select_network 1, I get see the following:
OK
<2>CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=3
<2>CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=3
I guess I could set the bbsid, but that would mean I would have issues when I move around, so I would prefer not following that approach.
Is there anything obvious above that I have done incorrectly or that I am missing?
TIA for the assistance.
Regards,
Todd
Todd, I'm unsure what to tell you about the TKIP/CCMP issue. Have you checked your info against your school's setup instructions? You may want to talk to someone in IT, if when you bash your shell it still returns a FAIL for the TKIP/CCMP line(s).
Regarding your manual network connect info, the only thing I can see missing is the priority 1 line, although I doubt that does more than simply assigning the network top priority.
As far as the bssid goes, I seem to be unable (almost always) to login to any frequency at school below 5000. I'm unsure what that is. On the other hand, I simply seem to have an easier time connecting to bssids with a frequency above 5000. Try it out. It might be a pain to reconfigure each time I move, on the other hand, I prefer it to being unable to connect at all (on the Cr-48, anyway).
The ending quotations are in place. I used " am I supposed to use 2 of ' instead?
Use one " at the end. Did it still return an error?
Yep. I'm still getting an error.
This is my script
this is the script
wpa_cli add_network
wpa_cli set_network 0 ssid \"nwc\"
wpa_cli set_network 0 scan_ssid 1
wpa_cli set_network 0 proto WPA2
wpa_cli set_network 0 priority 1
wpa_cli set_network 0 key_mgmt IEEE8021X
wpa_cli set_network 0 eap PEAP
wpa_cli set_network 0 pairwise TKIL
wpa_cli set_network 0 group TKIL
wpa_cli identity 0 \"postoffice\\dsmit\"
wpa_cli password 0 \"password\"
wpa_cli set_network 0 phase2 \"auth=MSCHAPV2\"
wpa_cli select_network 0
Do I not need " around the password field? I'm real confused right now!
I'm unfamiliar with the key_mgmt, group, and pairwise entries you have. Are you sure those match with your network's settings?
You can completely remove the \ marks from the password and identity fields (keep the " marks).
I'm sorry you're feeling confused! I confess I often feel pretty thrown for a loop, myself. This morning I probably spent an hour+ trying to get my script to load at login, and yet it's still failing to work. Cest la view on beta-tester products, no?
IF I enter in the following, manually in wpa_cli everytime, it works. Thoughts?
add_network
set_network XX ssid "nwc"
set_network XX scan_ssid 1
set_network XX proto WPA2
set_network XX priority 1
set_network XX key_mgmt IEEE8021X
set_network XX eap PEAP
set_network XX pairwise TIKP
set_network XX group TKIP
set_network XX identity "postoffice\dsmit" (use your own uNID)
set_network XX password "abcdEfg1?"
set_network XX phase2 "auth=MSCHAPV2"
Also, upon adding
./etc/wpa_supplicant/AUTOWIRELESS.sh
to the
qemacs /etc/init/login.conf
it disables sleep. Whenever I close my chrome book, it shutsdown. to prove this was the problem, I just deleted the
./etc/wpa_supplicant/AUTOWIRELESS.sh
from the file, and now my computer sleeps file...thoughts?
Got it working, woo hoo :)
I ran a iwlist wlan0 scan on my Fedora box where I have the wireless configured. It showed the problem.
Group Cipher : TKIP
Pairwise Ciphers (2): TKIP CCCMP
Seting the Group cipher to TKIP and the pairwise to CCMP alowed it to authenticate and connect.
Thanks for the great post here on how to do this and for you assistance.
Regards,
TOdd
It seems like the ONLY way I can get this to work is to enter this info into wpa_cli MANUALLY to connect. Once done, it works great tho!
add_network
set_network XX ssid "nwc"
set_network XX scan_ssid 1
set_network XX proto WPA2
set_network XX priority 1
set_network XX key_mgmt IEEE8021X
set_network XX eap PEAP
set_network XX pairwise TIKP
set_network XX group TKIP
set_network XX identity "postoffice\dsmit"
set_network XX password "abcdEfg1?"
set_network XX phase2 "auth=MSCHAPV2"
select_network 0
Do you know how I could write a script or a bat file that I can manually run when I need to connect this info?
Also, it seems to not work if I don't enter into wpa_cli and I just use
wpa_cli set_network ssid "nwc" through shell. Any ideas why going into wpa_cli authenticates it, but not entering the actual program won't?
Todd, glad to help.
dsmitty, I'm unsure about the sleep issue. Regarding the script, are you running the bash argument, as I suggest in the TROUBLESHOOTING section, or straight up out of shell?
Other than that, I'm unsure why it would work manually, and fail as a script.
I've done them both. When running bash, it gives the 2 errors I stated above.
If I simply enter in each command into shell ONE line at a time, each line says ok. BUT when it tries to actually connect to the network, it can't authenticate it. I'm stuck. I've done it 4 times to make sure that I'm not typing something wrong.
Like I said, entering each line into the wpa_cli works PERFECT, it even pulls the certificate off the server.
Hmm, in thinking about this, when entering each line into the shell, I had wpa_cli open in a separate window. I watched, and it never actually pulled the cert off the server like it does when entering into the wpa_cli.
Ideas?
I'm ok with starting up shell and telling it to run a command to get my wireless on, not a big deal.
Do you know how to write a script that would start wpa_cli and then enter the variables within it?
Does that make sense?
I'm confused why the connection would work when entered manually and fail to work using bash /etc/wpa_supplicant/AUTOWIRELESS.sh.
Which were the two errors you saw?
Did you make any changes to the script using qemacs /etc/wpa_supplicant/AUTOWIRELESS.sh?
I use the bash /etc/wpa_supplicant . . . command as a form of avoiding the complete manual entry, although it is still less automatic than the ./etc/wpa_supplicant/AUTOWIRELESS.sh entry in the login.conf script.
I hope this helps. Let me know.
Ok some thoughts. I have offically gotten the script to work. For some reason it will only let me set the network pairwise to TKIP under ROOT access. So this is what the script looks like:
../../../../
wpa_cli add_network
wpa_cli set_network 0 ssid \"nwc\"
wpa_cli set_network 0 scan_ssid 1
wpa_cli set_network 0 proto WPA2
wpa_cli set_network 0 priority 1
wpa_cli set_network 0 key_mgmt IEEE8021X
wpa_cli set_network 0 eap PEAP
wpa_cli set_network 0 pairwise TKIP
wpa_cli set_network 0 group TKIP
wpa_cli identity 0 \"domain\\username\"
wpa_cli password 0 \"password\"
wpa_cli set_network 0 phase2 \"auth=MSCHAPV2\"
wpa_cli select_network 0
So the script works in that sense. Now when adding it to the login.conf I ran into a few more issues. It will not run by simply having ./ or even bash in front. I had to put:
exec bash /etc/wpa_supplicant/AUTOWIRELESS.sh
Upon adding that line, it succesfully runs upon boot.
However, I have ran into another problem. Having this command or even just ./etc/wpa_supplicant/AUTOWIRELESS.sh in the login.conf file breaks sleep. When I close the chromebook to go to sleep it automatically shuts down instead of sleeping. Thoughts?
I'm glad you got your script to work. Upon doing some tinkering, myself, I started to have the same shut down issues as you did. After messing around, I failed to find something that would allow me to both automatically execute the script and avoid the shut down issue.
I did find a restore-to-normal solution:
cp /mnt/stateful_partition/home/backupScripts/login.conf.original /etc/init/login.conf
(Those are spaces, rather than paragraph breaks.)
Assuming you created the backupScripts location and file before, I assume this will work for you, as well (I just told the system to replace my messed up login.conf file with the copy in the backupScripts location).
I suppose until we get an answer from someone on how we can get this thing to load automatically, we're stuck using bash /etc/wpa_supplicant/autowireless.sh.
Let me know if you hear how to fix it, or if you figure it out, yourself.
P.S. Does 0.11.257.14 feel snappier to you? I feel like it is, substantially, and I'm loving it.
WHOOPS!
That second line is supposed to be /mnt/stateful_partition/home/backupScripts/login.conf.original
Sorry about that!
Okay, weird. Looking at my two last comments from the full-page view, the extension .original is actually there.
When I look at it in the truncated-comments view, it's missing.
Cue the Twilight-Zone music . . .
Wow, I'm sure we have talked about this already, so I'm going to thumbs up the blog post.
Does anyone know how to connect to a hidden WPA2-Personal AES network? I am having some problems
jallison, what happens when you go to Network settings>Other Wi-Fi network and type in the name of the hidden ssid there?
If that fails to work, you might try searching for "hidden enterprise" or "hidden ssid" in http://code.google.com/p/chromium-os/issues/list, searching either in "Open issues" or "All issues."
I'm sorry I failed to have a specific, verified workaround for you.
Post a Comment