Midvalley

Hey, Added in .OneX.CacheUserData = True, there was no change. I added in a bunch of other settings that I wasn't declaring before because they were fine at default, just to see, didn't make any change. Played around with this a bit and found that when I ran the autoit script it creates: HKEY_CURRENT_USERSoftwareMicrosoftWlansvcUserDataProfiles{2AF0898C-0B41-4F72-8728-A54D089C2EC2}msmusername in the registry, which makes sense since the credentials seem to be profile specific. When I save the credentials using the GUI, I get: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWlansvcUserDataProfiles{2AF0898C-0B41-4F72-8728-A54D089C2EC2}msmusername created, which was not present in the registry previously. The msmusername has a binary key underneath it which appears to be the EAP userdata. Thanks

Hey MattyD, Thanks for the clarification on the iFlags. I've had a chance for further testing today, so here's what I've found. Creating a profile using this code: #include "NativeWifi.au3" #RequireAdmin Local $oProfile, $oUserData, $sReason $fDebugWifi = True _Wlan_StartSession() $oProfile = _Wlan_CreateProfileObject() With $oProfile .Name = "SSID" .SSID.Add("SSID") .Type = "Infrastructure" .Auth = "WPA2" .Encr = "AES" .Options.NonBroadcast = True .Options.ConnMode = "Automatic" .OneX.Enabled = True .OneX.AuthMode = "User" .PMK.PreAuthEnabled = True .PMK.CacheEnabled = True .EAP.BaseType = "PEAP" .EAP.Type = "PEAP-MSCHAP" .EAP.PEAP.MSCHAP.UseWinLogonCreds = False .EAP.PEAP.ServerValidation.NoUserPrompt = True .EAP.PEAP.ServerValidation.Enabled = True .EAP.PEAP.ServerValidation.ThumbPrints.Add("possible cert 1 thumbprint (we have two ACS appliances)") .EAP.PEAP.ServerValidation.ThumbPrints.Add("possible cert 2 thumbprint (we have two ACS appliances)") .EAP.PEAP.FastReconnect = True EndWith ;ConsoleWrite(_Wlan_ConvertProfile($oProfile) & @CRLF) Displays the profile in XML format - This is what gets sent to the API _Wlan_SetProfile($oProfile, $sReason, 0) $oUserData = _Wlan_CreateUserDataObject() With $oUserData .BaseType = "PEAP" .Type = "PEAP-MSCHAP" .PEAP.MSCHAP.Username = "user" .PEAP.MSCHAP.Password = "password" EndWith ;ConsoleWrite(_Wlan_ConvertUserData($oUserData) & @CRLF) _Wlan_SetProfileUserData("ACS_WLAN", $oUserData, 1) Successfully creates a profile, that looks to be configured identical to the way I would do it in the GUI. It connects and works. Logging off the user that ran the script (compiled as an X86 exe with RequireAdministrator set for the execution level) and attempting to log into a domain account fails, no logon servers available (no network connection). Logging in as another local account gets prompts for the PEAP username and password, which when typed in, gets that profile to work. Logging off and back on as another local user produces the same prompts. Performing the same configuration manually and saving the same username and password in the PEAP user authentication area works for all accounts, and prelogon. I compared the profile XMLs that get created with winmerge, they were absolutely identical in terms of the way the settings look in the GUI but the way the settings are stored in the file appears a little different. Nativewifi script: <?xml version="1.0"?> <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> <name>ACS_WLAN</name> <SSIDConfig> <SSID> <hex>removed</hex> <name>removed</name> </SSID> <nonBroadcast>true</nonBroadcast> </SSIDConfig> <connectionType>ESS</connectionType> <connectionMode>auto</connectionMode> <MSM> <security> <authEncryption> <authentication>WPA2</authentication> <encryption>AES</encryption> <useOneX>true</useOneX> </authEncryption> <PMKCacheMode>enabled</PMKCacheMode> <preAuthMode>enabled</preAuthMode> <OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> <authMode>user</authMode> <EAPConfig> <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig" xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon"> <EapMethod> <eapCommon:Type>25</eapCommon:Type> <eapCommon:AuthorId>0</eapCommon:AuthorId> </EapMethod> <Config xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1" xmlns:msPeap="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1" xmlns:eapTls="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1" xmlns:msChapV2="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1" xmlns:msPeapV2="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2" xmlns:eapTlsV2="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2"> <baseEap:Eap> <baseEap:Type>25</baseEap:Type> <msPeap:EapType> <msPeap:ServerValidation> <msPeap:DisableUserPromptForServerValidation>true</msPeap:DisableUserPromptForServerValidation> <msPeap:TrustedRootCA> removed</msPeap:TrustedRootCA> <msPeap:TrustedRootCA> removed</msPeap:TrustedRootCA> </msPeap:ServerValidation> <msPeap:FastReconnect>true</msPeap:FastReconnect> <msPeap:InnerEapOptional>false</msPeap:InnerEapOptional> <baseEap:Eap> <baseEap:Type>26</baseEap:Type> <msChapV2:EapType> <msChapV2:UseWinLogonCredentials>false</msChapV2:UseWinLogonCredentials> </msChapV2:EapType> </baseEap:Eap> <msPeap:PeapExtensions> <msPeapV2:PerformServerValidation>true</msPeapV2:PerformServerValidation> </msPeap:PeapExtensions> </msPeap:EapType> </baseEap:Eap> </Config> </EapHostConfig> </EAPConfig> </OneX> </security> </MSM> </WLANProfile> Manual Profile: <?xml version="1.0"?> <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> <name>ACS_WLAN</name> <SSIDConfig> <SSID> <hex>removed</hex> <name>removed</name> </SSID> <nonBroadcast>true</nonBroadcast> </SSIDConfig> <connectionType>ESS</connectionType> <connectionMode>auto</connectionMode> <autoSwitch>false</autoSwitch> <MSM> <security> <authEncryption> <authentication>WPA2</authentication> <encryption>AES</encryption> <useOneX>true</useOneX> <FIPSMode xmlns="http://www.microsoft.com/networking/WLAN/profile/v2">false</FIPSMode> </authEncryption> <PMKCacheMode>enabled</PMKCacheMode> <PMKCacheTTL>720</PMKCacheTTL> <PMKCacheSize>128</PMKCacheSize> <preAuthMode>enabled</preAuthMode> <preAuthThrottle>3</preAuthThrottle> <OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> <cacheUserData>true</cacheUserData> <authMode>user</authMode> <EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA>Removed</TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig> </OneX> </security> </MSM> </WLANProfile> Please note that I left some options, such as a couple under .PMK out because the script profile seemed to default to what I wanted when the options were turned on. I went for the path of least-resistance in terms of specifying options. I'm 99% sure that the setuserprofiledata command works perfectly when the profile itself is created manually, I'm second guessing myself but I can half remember testing these scenarios. I guess that indicates an issue with the profile generation? On the other side, the profile works for all users once the PEAP username and password are entered manually, so that indicates that the profile works and the issue is where the userdata is being stored (per-user)?. Just to test I recompiled the EXE as x64, there was no change in the behavior. I don't know if you needed all that, but I wanted to make sure you have all the information I had in case it is necessary. I'm kinda stumped as to what I can try on my side, so if you need anything else from me, please let me know. Thanks for all your work on NativeWifi, and the help you've been giving to everyone that asked you a question regarding it. Regards.

Hey again, I spoke too soon. We decided to take the profile out of the image and setup an exe to call with sysprep instead. This would also give us a utility to repair broken profiles after the fact. We built that, started testing, and now we have noticied that when we apply the profile it doesn't save the EAP user/pass for all users, just the current user. The profile itself gets created for everyone but our prelogin is broken, and when we log in with a different local account than what ran the script it prompts for user/pass for the network. Looking at the UDF documentation, the $iFlags on _wlan_setprofiledata should do exactly what I need, but I can't seem to get it work. Is the command looking for the $WLAN_SET_EAPHOST_DATA_ALL_USERS (0x01), or just the number value(ex, 1, or 0x01)? I've tried a couple combinations both with the flag value in the command, and store in and called as $iFlags, but it always seems to just take effect for the executing user. Any ideas? Thanks.

Hey MattyD, This worked perfectly in our image. Thank you very much. I actually just clipped it down to: #include "NativeWifi.au3" Local $oUserData $fDebugWifi = True _Wlan_StartSession() $oUserData = _Wlan_CreateUserDataObject() With $oUserData .BaseType = "PEAP" .Type = "PEAP-MSCHAP" .PEAP.MSCHAP.Domain = "Domain" ;Leave this line out if you don't wish to specify a domain .PEAP.MSCHAP.Username = "Username" .PEAP.MSCHAP.Password = "Password" EndWith ;ConsoleWrite(_Wlan_ConvertUserData($oUserData) & @CRLF) _Wlan_SetProfileUserData("Profile Name", $oUserData) Since we had the wireless profile defined in the image itself.

Hi MattyD, Thank you very much for the help! I'll test this out on some PCs next week and let you know how it turns out. If all goes according to plan it'll help a lot with automating the rollout of some wireless workstations. Thanks!

Hey Guys, I've been trying to use v4-1.3 to create a small script to simply add a MS-CHAP PEAP username and password to an existing wireless connection that is created through an unattend script on a computer image. Trying: #RequireAdmin ;So the $WLAN_PROFILE_GET_PLAINTEXT_KEY flag works (Win7 only) XP is always unencrypted. #include <nativewifi.au3> $fDebugWifi = True ;if using the #RequireAdmin directive, SciTE also needs to be running as admin to see any debug messages. _Wlan_StartSession() Local $Profile = "myexistingprofile" Local $UserData[4] $UserData[0] = "PEAP-MSCHAP" $UserData[1] = "None" $UserData[2] = "username" $UserData[3] = "password" Local $iaFlags = "1" _Wlan_SetProfileUserData($profile, $UserData, $iaFlags) ConsoleWrite(@error & @CRLF) Always comes back with an API error saying the the network profile is corrupt. Looking over the documentation and the tutorials it looks like the proper way for v4 to call this is to use a with statement against an object and then define the properties. Here's where I get in over my head, I have some experience doing vbscript/MS-CLI scripting, but no actual programming experience. Anyway, I re-jigged what I had done so far and ended up with: #include <nativewifi.au3> #include <array.au3> $fDebugWifi = True ;if using the #RequireAdmin directive, SciTE also needs to be running as admin to see any debug messages. _Wlan_StartSession() Local $fxml = "True" Local $iaFlags = "" Local $Profile = "myexistingprofile" local $oProfile With $oProfile .BaseType = "PEAP" .Type = "PEAP-MSCHAP" .PEAP.MSCHAP.Domain = "None" .PEAP.MSCHAP.Username = "username" .PEAP.MSCHAP.Password = "password" EndWith _Wlan_SetProfileUserData($Profile, $oProfile) ConsoleWrite(@error & @CRLF) Now, as far as I know, the only issue with this is that I don't know how to create a variable as an object, or what object should be called into that variable since I don't actually want to edit any further parts, or create a new profile from scratch. Complicating this, I'm seeing a lot of threads around the internet researching the corrupt profile error with that API call and windows 7 x64, so at this point I'm not sure if I can even create that object that this is going to work for me. The first code sample I had could very well be working, and I'm running into that API problem I mentioned as opposed to anything with the script. I realize that this could be something that belongs in a general/newbie help forum, but I'm hoping that this is the right place since I need to get this specific UDF to perform these functions. Thanks for any help that you can provide.