This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
hotspot [2019/07/08 20:31] James Prestwood |
hotspot [2019/07/08 20:59] (current) James Prestwood |
||
---|---|---|---|
Line 8: | Line 8: | ||
First, find the page which allows you to download the profile. This is going to be different for each network provider, but for example this is XFinity's: | First, find the page which allows you to download the profile. This is going to be different for each network provider, but for example this is XFinity's: | ||
+ | |||
+ | (Turns out that this profile does not actually configure a hotspot network, but rather a standard WPA2-Enterprise network. The procedure will still be the same as far as the iOS profile is concerned) | ||
http://wifi.xfinity.com//connect-devices.php | http://wifi.xfinity.com//connect-devices.php | ||
Line 31: | Line 33: | ||
==== Writing the IWD provisioning file ==== | ==== Writing the IWD provisioning file ==== | ||
- | Inside the original iOS security profile there is some XML mixed throughout the binary data. There is probably a clean way of extracting this, but there are very few XML nodes we actually care about so manual inspection is easy enough. The node we care about is "EAPClientConfiguration". The "AcceptEAPTypes" provide the EAP method number used for this network. This will likely be "21", which corresponds to TTLS. You can map the integer values to names inside src/eap-private.h | + | Inside the original iOS security profile there is some XML mixed throughout the binary data. There is probably a clean way of extracting this, but there are very few XML nodes we actually care about so manual inspection is easy enough. The node we care about is "EAPClientConfiguration". The "AcceptEAPTypes" provide the EAP method number used for this network. This will likely be "21", which corresponds to TTLS. You can map the integer values to names inside src/eap-private.h. For now we will assume TTLS as the EAP method. |
+ | |||
+ | There may or may not be a key for "OuterIdentity". Take note of this. | ||
+ | |||
+ | There also should be a key for "NAIRealmNames". Take note of these. | ||
+ | |||
+ | Last, there should be a key for "TTLSInnerAuthentication". Take note of this. | ||
+ | |||
+ | This should be all you need. You can now start writing the IWD provisioning file. It should look something like this, where <> values are used from above: | ||
+ | |||
+ | [Security] | ||
+ | EAP-Method=TTLS | ||
+ | EAP-Identity=<OuterIdentity> | ||
+ | EAP-TTLS-Phase2-Method=Tunneled-<TTLSInnerAuthentication> | ||
+ | |||
+ | [Hotspot] | ||
+ | NAIRealmNames=<NAIRealmNames> | ||
+ | |||
+ | After filling in the values, your provisioning file will look something like this: | ||
+ | |||
+ | [Security] | ||
+ | EAP-Method=TTLS | ||
+ | EAP-Identity=anonymous@rr.com | ||
+ | EAP-TTLS-Phase2-Method=Tunneled-MSCHAPV2 | ||
+ | |||
+ | [Hotspot] | ||
+ | NAIRealmNames=spectrum.com,rr.com | ||
+ | |||
+ | Save this file (naming or extension does not currently matter) into /var/lib/iwd/.hotspot and IWD will now allow connections to this network. |