Configuration for 802.1x/EAPOL authentication with WEP keys

hareesh.khattri at ndsu.edu hareesh.khattri
Sun Mar 27 19:16:20 PST 2005 

Thanks Jouni,


> FreeRADIUS is rejecting the authentication since it did not recognize
> the CA certificate used in signing the client certificate. Did you
> generate both the client and server certificates with the same CA?
>


 I generated both the certificates after creating a root CA. And signed
both using the same CA.


 My configuration for WPA-EAP,

network={
	ssid="test"
        proto=WPA
        key_mgmt=WPA-EAP
        pairwise=CCMP TKIP
        group=CCMP TKIP
        eap=TLS
        identity="client at example.com"
        ca_cert="/etc/certs/cacert.pem"
        client_cert="/etc/certs/cert-clt.pem"
        private_key="/etc/certs/cert-clt.pem"
        private_key_passwd="whatever"
        priority=1

}

for hostapd conf

sid=test
macaddr_acl=1
accept_mac_file=/etc/hostapd.accept
deny_mac_file=/etc/hostapd.deny
ieee8021x=1
own_ip_addr=134.129.123.104
# RADIUS authentication server
auth_server_addr=134.129.123.204
auth_server_port=1812
auth_server_shared_secret=secret
# RADIUS accounting server
acct_server_addr=134.129.123.204
acct_server_port=1813
acct_server_shared_secret=secret

wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
wpa_group_rekey=300
wpa_gmk_rekey=6400




Configuration for WPA-PSK:

network={
       ssid="test"
       psk="secretpassphrase"
       priority=5
}


 For the hostapd conf:

ssid=test
macaddr_acl=1
accept_mac_file=/etc/hostapd.accept
deny_mac_file=/etc/hostapd.deny
auth_algs=1
own_ip_addr=134.129.123.104
wpa=1
wpa_passphrase=secretpassphrase
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP


I have attached the debug messages from the wpa-supplicant and the hostapd.

The wpa_supplicant scans the network with ssid "test" but does not detect
it to be WPA/RSN capable so it does not associate.


Hareesh

-------------- next part --------------
A non-text attachment was scrubbed...
Name: wpasupp-debug.gz
Type: application/x-gzip
Size: 1180 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050327/785bfa23/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostapd-debug.gz
Type: application/x-gzip
Size: 723 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050327/785bfa23/attachment-0001.bin

More information about the Hostap mailing list