how to use wpa_supplicant on wpa network with peap and credentialing

John H. mistamaila
Tue Aug 1 21:39:23 PDT 2006

so just have this for last two?
#       phase1="peaplabel=1"

as in, keep phase2 in there, or comment that out too?

On 8/1/06, Jouni Malinen <jkmaline at> wrote:
> On Tue, Aug 01, 2006 at 12:23:57PM -0500, John H. wrote:
> > i am attaching again and it should come to you.  i don't know if it's
> > a bug or not, so should i do that at the website?
> No need to report it there.
> > phase1 - hexdump_ascii(len=11):
> >      70 65 61 70 6c 61 62 65 6c 3d 31                  peaplabel=1
> Is that really required? Or to be more specific, why did you add this in
> the configuration? I'm aware of only one RADIUS authentication server
> that uses this with PEAPv1. Do you know which authentication server is
> used here? Interestingly enough, it seemed to advertise support for
> PEAPv2. In addition, it seems to use a somewhat incorrect implementation
> of EAP-MSCHAPv2.
> Based on the debug log, my guess would be that the keying material (PMK)
> is derived differently in the authentication server and the supplicant
> because of this peaplabel=1 configuration. I would recommend removing it
> and trying again. EAP authentication is completed successfully, so it
> should be enough concentrate on resolving the part happening after this,
> i.e., 4-way handshake which is using PMK.
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at

More information about the Hostap mailing list