Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,708 questions
WlanSetProfileEapXmlUserData for EAP-TTLS with inner method EAP-MSCHAPv2(not MSCHAPv2)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 25%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBJ%3C/text%3E%3C/svg%3E)
Braghadees Jun
1
Reputation point
I have been developing a CLI console app which will interface to the MS WLAN-API to perform the following connections:
EAP-TTLS(with PAP,CHAP,MSCHAP and MSCHAPv2)
EAP-TTLS(with EAP-MSCHAPv2 and EAP-TLS)
I could perform most of the above leaving problem with the following method:
EAP-TTLS with inner-method EAP-MSCHAPv2.
When we search, the most useful links we come across are the following:
Access violation in wlanapi WlanSetProfileEapXmlUserData for EAP-TTLS
Configure EAP-TTLS-PAP user credentials using WlanSetProfileEapXmlUserData
I have followed similar approach.
As cited "The lack of documentation in this area is a known issue that we will work on addressing as resources allow.".
I'm looking for a sample WLAN-EAP-User-Data schema for the method:
EAP-TTLS with inner-method EAP-MSCHAPv2.
It will be passed to WlanSetProfileEapXmlUserData().
I have used the following connection-property XML obtained via a working EAP-TTLS with EAP-MSCHAPv2 over UI.
(e.g: netsh wlan export profile name=****).
This XML will be passed to WlanSetProfile().
<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
<name>eap_ttls_eap_mschapv2</name>
<SSIDConfig>
<SSID>
<name>eap_ttls_eap_mschapv2</name>
</SSID>
<nonBroadcast>true</nonBroadcast>
</SSIDConfig>
<connectionType>ESS</connectionType>
<connectionMode>manual</connectionMode>
<autoSwitch>false</autoSwitch>
<MSM>
<security>
<authEncryption>
<authentication>WPA2</authentication>
<encryption>AES</encryption>
<useOneX>true</useOneX>
</authEncryption>
<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
<cacheUserData>true</cacheUserData>
<authMode>user</authMode>
<EAPConfig>
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
<EapMethod>
<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type>
<VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
<VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId>
</EapMethod>
<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
<EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1">
<ServerValidation>
<ServerNames>
</ServerNames>
<TrustedRootCAHash>44 b 23 98 8a 57 86 12 59 6c b ad fd d9 95 e7 42 b c9 8d</TrustedRootCAHash>
<DisablePrompt>true</DisablePrompt>
</ServerValidation>
<Phase2Authentication>
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
<EapMethod>
<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">26</Type>
<VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
<VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
</EapMethod>
<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
<Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
<Type>26</Type>
<EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1">
<UseWinLogonCredentials>false</UseWinLogonCredentials>
</EapType>
</Eap>
</Config>
</EapHostConfig>
</Phase2Authentication>
<Phase1Identity>
<IdentityPrivacy>false</IdentityPrivacy>
</Phase1Identity>
</EapTtls>
</Config>
</EapHostConfig>
</EAPConfig>
</OneX>
</security>
</MSM>
</WLANProfile>
I have tried the following versions of sample WLAN-EAP-User-Data schema:
1)
<?xml version="1.0" encoding="utf-8"?>
<EapHostUserCredentials xmlns="http://www.microsoft.com/provisioning/EapHostUserCredentials" xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon">
<EapMethod>
<eapCommon:Type>21</eapCommon:Type>
<eapCommon:AuthorId>311</eapCommon:AuthorId>
</EapMethod>
<Credentials xmlns="http://www.microsoft.com/provisioning/EapHostUserCredentials">
<EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsUserPropertiesV1" xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapUserPropertiesV1">
<eapTtls>
<Username>myusername</Username>
<Password>mypassword</Password>
</eapTtls>
</EapTtls>
</Credentials>
</EapHostUserCredentials>
The above schema is supposed to work for non-EAP and does it job for non-EAP. While it doesn't work for EAP-MSCHAPv2.
There's a reference on one of the referenced post as " The baseEap:Eap type is referenced when EAP is used as the inner authentication type, such as EAP-TLS or EAP-MSCHAPv2 (note that MSCHAPv2 is distinct from EAP-MSCHAPv2)." --
jovergar, Microsoft.
Based on that, tried adding "* <Type xmlns="http://www.microsoft.com/provisioning/BaseEapUserPropertiesV1">26</Type>*" in the eapTtls. It dint work.
2)
<?xml version="1.0"?>
<EapHostUserCredentials xmlns="http://www.microsoft.com/provisioning/EapHostUserCredentials" xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon" xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapMethodUserCredentials">
<EapMethod>
<eapCommon:Type>21</eapCommon:Type>
<eapCommon:AuthorId>311</eapCommon:AuthorId>
</EapMethod>
<Credentials xmlns:eapUser="http://www.microsoft.com/provisioning/EapUserPropertiesV1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapUserPropertiesV1" xmlns:EapTtls="http://www.microsoft.com/provisioning/EapTtlsUserPropertiesV1">
<baseEap:Eap>
<baseEap:Type>21</baseEap:Type>
<baseEap:EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsUserPropertiesV1">
<EapTtls:TtlsCred>
<Username>myusername</Username>
<Password>mypassword</Password>
<baseEap:Eap xmlns="http://www.microsoft.com/provisioning/BaseEapUserPropertiesV1">
<Type>21</Type>
</baseEap:Eap>
</EapTtls:TtlsCred>
</baseEap:EapTtls>
</baseEap:Eap>
</Credentials>
</EapHostUserCredentials>
3) Based on MS-PEAP with EAP-MSCHAPv2
<?xml version="1.0" ?>
<EapHostUserCredentials xmlns="http://www.microsoft.com/provisioning/EapHostUserCredentials" xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon" xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapMethodUserCredentials">
<EapMethod>
<eapCommon:Type>21</eapCommon:Type>
<eapCommon:AuthorId>0</eapCommon:AuthorId>
</EapMethod>
<Credentials xmlns:eapUser="http://www.microsoft.com/provisioning/EapUserPropertiesV1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapUserPropertiesV1" xmlns:EapTtls="http://www.microsoft.com/provisioning/EapTtlsUserPropertiesV1" xmlns:MsChapV2="http://www.microsoft.com/provisioning/MsChapV2UserPropertiesV1">
<baseEap:Eap>
<baseEap:Type>21</baseEap:Type>
<EapTtls:EapType>
<baseEap:Eap>
<baseEap:Type>26</baseEap:Type>
<MsChapV2:EapType>
<MsChapV2:Username>myusername</MsChapV2:Username>
<MsChapV2:Password>mypassword</MsChapV2:Password>
</MsChapV2:EapType>
</baseEap:Eap>
</EapTtls:EapType>
</baseEap:Eap>
</Credentials>
</EapHostUserCredentials>
PS: Windows UI uses WlanSetProfileEapUserData() function and could be manipulated to make connection via CLI. However the BLOB formation for the API is not documented either.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hannah Xiong 6,231 Reputation points2020-09-18T09:49:43.12+00:00 Hello,
Thank you so much for posting here.
So sorry that I am not professional with this issue. I have researched about this issue but failed to find any information. Hope others could share their experience or knowledge here.
Thank you so much for your understanding and support.
Best regards,
Hannah Xiong
Sign in to comment