wpa configuration for 802.1x and TKIP
Dani Camps
danicamps81
Mon Jan 24 13:52:51 PST 2005
I am using the DLink-2100 AP and the DLink-G650 wlan
card with the madwifi drivers, running on Fedora Core
3.
I want to configure 802.1x using EAP-PEAP with a
Radius as a authentication server. My AP does support
WPA, so I configure it to use WPA-EAP and I configure
the Radius server settings (IP address and shared
secret), then it forces me to use encryption and I
choose TKIP encryption, about TKIP I can configure two
parameters, the key update time (3 mts by default) and
a key, that is the initial key to be used for
encryption ? I ma not sure ...
Then in my laptop I need wpa_supplicant not
xsupplicant, isn't it ? And my question is about the
configuration needed in wpa_supplicant, is this
correct ?
network={
ssid="my_network_ssid"
proto=WPA
key_mgmt=WPA-EAP
eap=PEAP
pairwise=TKIP
group=TKIP
#Are these the username and password used for the
#MSCHAPv2 authentication, against the Radius server
???
identity="my_identity"
password="***********"
#Certificate to check the Radius server certificate
ca_cert="/route_to_the_ca_certificate/cacert.pem"
phase2="auth=MSCHAPV2"
}
In xsupplicant I had two extra parameters for the TLS
tunnel:
chunk_size = 1398
random_file = /dev/urandom
Am I missing these lines in the wpa_supplicant
configuration ?
And there is still another thing I don't understand
the:
identity="my_identity"
Is the one used in the EAPOL identity request or the
one used in the MSCHAPv2 so the user configured in the
Radius, or both are the same ?
Using wpa_supplicant do I still need xsupplicant for
something ?
Thanks a lot !
__________________________________
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
http://info.mail.yahoo.com/mail_250
More information about the Hostap
mailing list