how to use wpa_supplicant on wpa network with peap and credentialing
John H.
mistamaila
Tue Aug 1 21:39:23 PDT 2006
so just have this for last two?
# phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
as in, keep phase2 in there, or comment that out too?
On 8/1/06, Jouni Malinen <jkmaline at cc.hut.fi> wrote:
> On Tue, Aug 01, 2006 at 12:23:57PM -0500, John H. wrote:
>
> > i am attaching again and it should come to you. i don't know if it's
> > a bug or not, so should i do that at the website?
>
> No need to report it there.
>
> > phase1 - hexdump_ascii(len=11):
> > 70 65 61 70 6c 61 62 65 6c 3d 31 peaplabel=1
>
> Is that really required? Or to be more specific, why did you add this in
> the configuration? I'm aware of only one RADIUS authentication server
> that uses this with PEAPv1. Do you know which authentication server is
> used here? Interestingly enough, it seemed to advertise support for
> PEAPv2. In addition, it seems to use a somewhat incorrect implementation
> of EAP-MSCHAPv2.
>
> Based on the debug log, my guess would be that the keying material (PMK)
> is derived differently in the authentication server and the supplicant
> because of this peaplabel=1 configuration. I would recommend removing it
> and trying again. EAP authentication is completed successfully, so it
> should be enough concentrate on resolving the part happening after this,
> i.e., 4-way handshake which is using PMK.
>
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
More information about the Hostap
mailing list