802.1X PEAP EAP MASCHAPv2
Bryan Kadzban
bryan
Wed Aug 17 09:43:25 PDT 2005
On Wed, Aug 17, 2005 at 03:58:49PM +0000, Lucia Di Occhi wrote:
> I am having problems connecting to a network using PEAP
> They use CISCO Aironet 1200 and a CISCO Secure ACS configured for PEAP
> EAP-MSCHAPv2.
>
> eap=TTLS
Isn't PEAP different from TTLS? I thought it was (at least, the driver
for eap-ttls is a different file than the driver for eap-peap). Maybe
try eap=PEAP in the config instead? Or did you do that already?
Also, double check the PEAP version against what your RADIUS server
supports. Some servers don't support PEAPv1 well (at least according to
eap_testing.txt in the wpa_supplicant sources); they require PEAPv0.
It seems (from reading the comments in the sample .conf file anyway)
that you can use the phase1 setting to do this, like so:
network whatever {
eap=PEAP
phase1="peapver=0" # or maybe "peapver=1 peaplabel=1"
phase2="auth=MSCHAPV2"
# other stuff
}
The anonymous_identity option may also be useful.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050817/3ea456d9/attachment.pgp
More information about the Hostap
mailing list