Full Walkthrough:
Note: below, anything that is in square braces should be replaced by your own values.
Start off by switching your CR-48 to developer mode and root by following these instructions.
Next up, we are going to use wpa_cli to figure out the settings for our
WPA-Enterprise network. Use the instructions by David Burrow and replace some
settings with your own. Your network should have a getting connected guide
which will give you a good idea of these settings. For example, I had to change
my pairwise and group settings to TKIP rather than CCMP. Some notes:
You can run most commands from outside of wpa_cli using the following syntax:
wpa_cli set_network [##] [variable] [value]
- You have to be root to run wpa_cli. Don't panic if you try running it as
chronos and it gives you some crap about being unable to connect. just sudo
it.
- The
statuscommand provides useful info on how close your network is to connecting, if at all.
save_config command in wpa_cli is disabled. To save some trouble, let's write a shell script to do it for us.- Get into the bash shell and change to root (
sudo -s) - cd to your stateful partition
qemacs [yourscriptName].sh- Type in your script, then press Cntrl-x then Cntrl-c to save and quit
chmod +x [yourScriptName].sh
Below is the one that I am using:
wpa_cli add_networkwpa_cli set_network 0 ssid \"[Your Network SSID]\"wpa_cli set_network 0 scan_ssid 1wpa_cli set_network 0 proto WPAwpa_cli set_network 0 priority 1wpa_cli set_network 0 key_mgmt WPA-EAPwpa_cli set_network 0 eap PEAPwpa_cli set_network 0 pairwise TKIPwpa_cli set_network 0 group TKIPwpa_cli identity 0 "[Your id for the network]"wpa_cli password 0 "[Your password]"wpa_cli set_network 0 phase2 \"[your auth style. eg. MSCHAPV2]\"wpa_cli select_network 0
Pretty basic stuff when you get down to it. One very important note here
- This stores your password in plain text on your hdd. This is widely
regarded as a bad call, so use your own discresion as to whether or not you
want to do that.
So that gives you a shell script, but you can't run it because the stateful partition is non executable. We're going to change that and make it so we can edit one of the startup scripts by running
sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
then rebooting. This makes it so you can edit the root partition of your ssd.
Ok, Back in our shell, change to root again, and then
mkdir /mnt/stateful_partition/home/backupScriptscp /etc/init/login.conf /mnt/stateful_partition/home/backupScripts/login.conf.originalcp [path to your script]/[your script name].sh /etc/wpa_supplicant/[your script name].shqemacs /etc/init/login.conf- Add the line
./etc/wpa_supplicant/[your script name].shtouch /var/run/state/logged-in - save and quit as above.
Now your script will run on login, setting everything but the ssid for you. This should get you connected to your wireless network on login.
Hope this helps!
Change to dev mode using the switch
Follow David Burrow's post using wpa_cli to get connected the first time
Write a shell script for all settings except ssid and phase2 using the
following syntax:
wpa_cli
wpa_cli add_network
set_network [##] [Variable]
etc.
Change your root filesystem to writeable using then reboot
sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
Edit /etc/init/login.conf to run your script by adding the following line
anywhere
./[path to your script]
Now every time you reboot you're connected automatically.
Thanks for the step-by-step guide!
ReplyDelete1 question - if I change the stateful partition so I can edit it - does that mean I will no longer get automatic OS updates?
thanks.
I'm on the Dev channel updates, but I was able to get one just fine recently. The update will erase anything that you have in the root partition though, so always keep backups on your stateful partition.
ReplyDeleteNick, I really appreciate your taking the time to write this out! Sadly, for me, I'm basically 100% self-taught on computers, and I'm stuck all they way back at the shell script.
ReplyDeleteI assume the bash shell into root is shell>sudo su -.
From there, I'm feeling lost. "cd to your stateful partition"? So, for 2-5, I'm confused. Could you please give exact commands on those points, and I'll see if I can take it from there?
Thank you, sir!
@cougar:
ReplyDeletecd just means change directory. It's a linux command that lets you navigate the filesystem.
In this case, the stateful partition is in /mnt/stateful_partition so the command would be
cd /mnt/stateful_partition
We're just saving the shell script wherever for those steps, so you can be anywhere in the stateful partition. I would recommend going to /home/chronos to keep everything straight. Then the command would be:
cd /mnt/stateful_partition/home/chronos
to get you into the home directory of chronos.
Okay, thanks for the response.
ReplyDeleteI'll try to figure it out at school, today. I'll let you know how it goes.
So, I gave it a shot, today.
ReplyDeleteI got stuck between
4. qemacs /etc/init/login.conf
and
5. Add the line ./etc/wpa_supplicant/[your script name].sh just below touch /var/run/state/logged-in
I got an error saying that the buffer is read-only. I'm confused because I could swear I did sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification correctly.
What do you think?
the chronos user is restricted from using qemacs to write anything to the stateful partition.
ReplyDeleteDid you run qemacs from root? Either try typing sudo qemacs login.conf or sudo -s before using qemacs.
I did the qemacs command after entering shell>sudo su -. That's the same thing, right?
ReplyDeleteshould be. If you change to root, your username should change from green to red and be "local" or something similar. did you reboot after remounting the root partition as writable?
ReplyDeleteYes, sir.
ReplyDeleteOk, I'm installing the new dev update now, so I'll see if I can't recreate your error on my machine when I set up the wireless again. I'll let you know what happens.
ReplyDeleteThe only time I was able to get "buffer is read only" is when I either hadn't run the sudo /usr/share/vboot/[...] stuff, hadn't rebooted after doing so, or wasn't root when running qemacs. See if you can double check all the steps above. Also, there shouldn't be any space between "--" and "remove_rootfs_verification" that's just wonky formatting on blogger (my html-fu is god awful)
ReplyDeleteAwesome, thanks. I'll give it a shot right now and let you know.
ReplyDeleteOkay, I think the wonky space issue fixed my buffer is read only problem.
ReplyDeleteNow I think I'm putting my script line in the wrong place below touch /var/run/state/logged-in.
Would you please give me the exact location where to put it? (E.g., get to the n and then press enter, press spacebar, etc.
Thanks, and I'll try it again tomorrow, when I'm back on campus (heading home now).
Head to the end of the line with "touch" in it, press enter (you'll be on the next line) then type the ./etc/wpa_supplicant/[your script name].sh line
ReplyDeleteHmm, I made sure about the ./etc/wpa_supplicant . . . just below the "touch" line, and I'm still failing to see any networks listed in wpa_cli when I enter list_networks.
ReplyDeleteCouple questions:
1. What exactly do I put in the script for ssid/phase2? I'm assuming it's something other than . . . \"example\" and \"auth=MSCHAPV2\" because the instructions say we will fill those in at login (on the other hand, I did try both leaving them blank and filling in my variables).
2. When I do 3. cp [path to your script] /etc . . . I get "cp: omitting directory '/mnt/stateful. . .' Does that matter?
I'm struggling to think what else could be holding me up. What do you think?
Thanks.
In your script you need to be using all the settings that you figured out when you followed David Burrow's guide on the U. of Utah wiki linked above. The SSID will be whatever the SSID of the network you're trying to connect to is. This is the name that the network appears as when you connect to it using another computer.
ReplyDeleteI find that the phase2 is unnecessary ( is set it to "" in order to allow any) on my network. Otherwise it will be the phase2 authentication that you found during the David Burrow guide. Possible examples are: MSCHAPV2, MSCHAP, CHAP, etc. There's a list somewhere.
If you need help on your particular settings, you'll have to call your IT department, they change with every network.
Also, if you haven't set the SSID, there will be no name for the network when you sent list_networks. It will just say "0" and then some other junk.
As for step 3, again, wonky formatting, it there should just be a single space between the first directory and the second. eg cp /[path] /[path] to check to see if it took, cd to the target directory (/mnt/[stuff]/backupScripts) and see if the login.conf.original file is there.
I configured my settings to what my university requires, from the outset (thanks for checking!).
ReplyDeleteI tried "Securewireless" "auth=MSCHAPV2" one time and simply "" another, for the ssid and phase2. I see \\s in the instructions. Could you please give me an example of what to input? E.g., \"Securewireless\" or \Securewireless\ or "Securewireless" etc.
My list_networks response (from wpa_cli) is completely blank, each time (absent any junk at all).
I checked for and found the login.conf.original file in the /mnt/.../backupScripts folder.
Argh!!!
Hmmm. Try just running wpa_cli add_network. That should print a number (0 if you don't have anything in your list_networks) and then add just 0 under the headers when you run list_networks. As for the ssid and phase2, you need to add a \ before each ". So for your ssid the command would be set_network 0 ssid \"Securewireless\".
ReplyDeleteGood on the cp thing then. that means that it worked fine with no worries.
Just out of curiosity, have you ever been able to connect to your network just using the David Burrow guide?
I assume the first instruction was to modify my script to contain just wpa_cli add_network. I tried that and failed to see any networks listed in root>wpa_cli.
ReplyDeleteI also made sure I had the \"exampe\" syntax, in a different test, absent any success.
Yeah, I've successfully been using the David Burrow guide at school, every day, since about 1/20/11. On the other hand, I'm ready to lose the 5-15 minutes of daily network setup time. :)
Man, I feel like I'm in Hades, here! How much do you think it would help to "reset" (as in the reset button on the bottom of the Cr-48) everything?
Please let me know what other potential solutions you can think of.
That or just run wpa_cli add_network from the command line to see if it does anything.
ReplyDeleteOk, so all your trouble is in the script itself rather than in your settings. So that's a good thing at least. Ok, so rather than doing anything with the login.conf file for right now, just play with the script and see if you can't get that working. To run the script from the command line (make sure you're root), send the command bash [path to your script].sh so, if you put yours in /etc/wpa_supplicant, it would be bash /etc/wpa_supplicant/[your script name].sh and see what that does. It should produce output like if you ran each of the commands separately from the command line. So for add_network it should return a number, for set_network [...] it'll return either OK or FAIL. And it should do that for all the commands.
Eh, I don't think hitting the reset button would do any good. anything that you do here can be rapidly undone by copying your original login.conf back into /etc/init and rebooting.
HURRAY!! I found where I was making the mistake: 3. cp [path to your script] /etc/wpa_supplicant/[your script name].sh
ReplyDeleteI interpreted "path to your script" as strictly the folders only and so was excluding the script file name . . .
Anyway, I'm glad to have it finally fixed. I'm going to post a similar walk through on my blog (with a shout out to you, of course).
One last thing: How can I write my script so the bssid must be above a certain frequency, e.g., bssid frequency>5000? My Cr-48 seems to fail at lower frequencies on my school network (for whatever reason), so I'd like to account for that variable.
Thanks again!!
Glad you got it fixed! I'll make that more explicit now.
ReplyDeleteI'm not sure about the bssid thing. You can try hunting around the man files for wpa_cli to see if it can do anything for that (google wpa_cli man file)
Good luck!
Hmm. Thanks for your suggestion and thanks again so much for your help.
ReplyDeleteWatch, the Chrome team will have the issue fixed by Monday afternoon . . .
Does anyone know how to make the password a variable in the script so that it prompts the user each time before it connects? Or something along these lines. I cannot store my password in clear text on my netbook and would just like a prompting of some kind that along whatever is typed in.
ReplyDeleteAny help would be greatly appeciated!!
You should be able to do that rather simply with a quick echo prompt. I'm not sure about how since I'm really new to shell scripting, but a quick google search should pull up a good tutorial.
ReplyDelete