wpa configuration for 802.1x and TKIP

Dani Camps danicamps81
Mon Jan 24 13:52:51 PST 2005


I am using the DLink-2100 AP and the DLink-G650 wlan
card with the madwifi drivers, running on Fedora Core
3.

I want to configure 802.1x using EAP-PEAP with a
Radius as a authentication server. My AP does support
WPA, so I configure it to use WPA-EAP and I configure
the Radius server settings (IP address and shared
secret), then it forces me to use encryption and I
choose TKIP encryption, about TKIP I can configure two
parameters, the key update time (3 mts by default) and
a key, that is the initial key to be used for
encryption ? I ma not sure ...

Then in my laptop I need wpa_supplicant not
xsupplicant, isn't it ? And my question is about the
configuration needed in wpa_supplicant, is this
correct ?


network={

ssid="my_network_ssid"
proto=WPA
key_mgmt=WPA-EAP
eap=PEAP
pairwise=TKIP
group=TKIP

#Are these the username and password used for the
#MSCHAPv2 authentication, against the Radius server
???

identity="my_identity"
password="***********"

#Certificate to check the Radius server certificate
ca_cert="/route_to_the_ca_certificate/cacert.pem"
phase2="auth=MSCHAPV2"

}

In xsupplicant I had two extra parameters for the TLS
tunnel:

chunk_size = 1398
random_file = /dev/urandom

Am I missing these lines in the wpa_supplicant
configuration ?

And there is still another thing I don't understand
the:
identity="my_identity"

Is the one used in the EAPOL identity request or the
one used in the MSCHAPv2 so the user configured in the
Radius, or both are the same ?

Using wpa_supplicant do I still need xsupplicant for
something ?


Thanks a lot !







		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250




More information about the Hostap mailing list