how to use wpa_supplicant on wpa network with peap andcredentialing
Maureen Lai
maureenlai
Tue Jul 18 20:51:58 PDT 2006
How about try this configure in wpa_supplicant.conf in wpa_supplicant
tar ball.
# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new
peaplabel
network={
ssid="schoolssid"
key_mgmt=WPA-EAP
eap=PEAP
identity="username"
password="password"
ca_cert="/etc/cert/ca.pem"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
}
I think you might need to get a certificate file (ca.pem) from your
radius server first.
-----Original Message-----
From: hostap-bounces+maureenlai=allion.com at shmoo.com
[mailto:hostap-bounces+maureenlai=allion.com at shmoo.com] On Behalf Of
John H.
Sent: Wednesday, July 19, 2006 10:28 AM
To: Andrew Barr
Cc: hostap at shmoo.com
Subject: Re: how to use wpa_supplicant on wpa network with peap
andcredentialing
hmm, i did as i thought i was told to do, but it caused an error in my
config file and not until i commented out the entry could i use
wpa_supplicant for other networks. here is what i had
#network={
# ssid="schoolssid"
# proto=WPA
# key_mgmt=WPA-PSK
# pairwise=TKIP
# group=TKIP
# scan_ssid=1
# eap=PEAP
# identity="username"
# password="password"
#}
On 7/17/06, Andrew Barr <andrew.james.barr at gmail.com> wrote:
> On Monday 17 July 2006 17:00, John H. wrote:
> > sorry, certificates, that's the word they used. would i need to do
> > anything for that?
>
> Well, for PEAP the usual setup is to validate the server certificate
to
> prevent rogue APs and password stealing and the like. You don't HAVE
to do
> it, and in the case of my university they don't provide a public key
> certificate so I can't (although I understand it might be possible to
capture
> it out of the authentication stream). You can ignore the certificate
(if it
> is just a server cert validation like I described above), or you can
provide
> a certificate public key file (see the documentation for acceptable
formats)
> to wpa_supplicant. There is an example configuration file distributed
with
> wpa_supplicant that should have the exact parameter name in it.
>
> --
> Andrew Barr | http://www.oakcourt.dyndns.org/~andrew/ | GPG:
0xAD9AE76A
> "Those who would trade liberty for security deserve neither." -- B.
Franklin
>
_______________________________________________
HostAP mailing list
HostAP at shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
More information about the Hostap
mailing list