Config for WPA Peap and MSchap v2 and Radius auth
Bryan Kadzban
bryan
Mon Jan 9 15:24:39 PST 2006
Kevin Everts wrote:
> The AP at work is using WPA with
> TKIP, EAP/LEAP for radius authentication (windows 2000 domain authentication
> to a windows 2000 radius server).
LEAP (the Cisco proprietary, brute-force-able protocol) or PEAP (the
tunnel protocol, usually with MSCHAPv2 underneath)? AFAIK the Windows
RADIUS server doesn't support LEAP. But it does support PEAP/MSCHAPv2,
so I'm guessing that's what you meant.
> Here is my config for the AP (from /etc/wpa_supplicant.conf)
>
> network={
> ssid="CE"
> key_mgmt=IEEE8021X
> eap=PEAP
> phase2="auth=MSCHAPV2"
> }
That should be:
key_mgmt=WPA-EAP
since IEEE8021X is for dynamic WEP. WPA-EAP is for either WPA or WPA2
(not *-PSK though; see the sample config file for the documentation).
You will probably also need:
pairwise=TKIP
group=TKIP
proto=WPA
These may be the defaults, but it's always a good idea to be explicit.
You will also need to set identity="yourusername", and configure your
password. If this is a Windows box, and your company is doing machine
authentication, then there's no way I know of to use the machine's
domain credentials, but hopefully that's not an issue.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060109/1eb27bab/attachment.pgp
More information about the Hostap
mailing list