EAP-TTLS with phase2="autheap=TLS" ?

Andrea G Forte andreaf
Tue Feb 7 14:56:52 PST 2006


I am confused by the example in the supplicant config file. In particular:

# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
# authentication.
network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TTLS
    # Phase1 / outer authentication
    anonymous_identity="anonymous at example.com"
    ca_cert="/etc/cert/ca.pem"
    # Phase 2 / inner authentication
*  phase2="autheap=TLS" *
    ca_cert2="/etc/cert/ca2.pem"
    client_cert2="/etc/cer/user.pem"
    private_key2="/etc/cer/user.prv"
    private_key2_passwd="password"
    priority=2
}

It seems not to be a standard mode (phase2="autheap=TLS"). Earlier in 
the config file:

# phase2: Phase2 (inner authentication with TLS tunnel) parameters
#    (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
#    "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
# Following certificate/private key fields are used in inner Phase2
# authentication when using EAP-TTLS or EAP-PEAP.

there is no mention of this other mode. Also, freeradius does not 
support it (unless I have done something wrong) saying that TLS inside a 
TTLS tunnel is not possible.
Am I doing something wrong in the configuration os is the above example 
in the config file a typo?

Thank you,
Andrea





More information about the Hostap mailing list