Configuration of hostapd for: EAP-PEAP/TLS (outer PEAP and inner TLS configuration)

Heiss, Stefan Stefan.Heiss
Wed Jan 17 00:26:56 PST 2007


I want to configure hostapd in such a way that it will do outer PEAP and inner TLS configuraiton. 

There is actually a example for using TTLS/TLS(outer TTLS and inner TLS authentication) which is:
 # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner authentication.
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
# Phase1 / outer authentication
anonymous_identity=anonymous at example.com
ca_cert="/etc/cert/ca.pem"
# Phase 2 / inner authentication
phase2="autheap=TLS"
ca_cert2="/etc/cert/ca2.pem"
client_cert2="/etc/cer/user.pem"
private_key2="/etc/cer/user.prv"
private_key2_passwd="password"
priority=2
} 
>From this example, I would like to derive the PEAP/TLS configuration, and version one would be: 
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
# Phase1 / outer authentication
#anonymous_identity=anonymous at example.com <mailto:>  => anonymous identitiy is not required for PEAP therefore leave it out
ca_cert="/etc/cert/ca.pem"
# Phase 2 / inner authentication
phase2="autheap=TLS"
ca_cert2="/etc/cert/ca2.pem"
client_cert2="/etc/cer/user.pem"
private_key2="/etc/cer/user.prv"
private_key2_passwd="password"
priority=2
} 
The second version is: (Note that the difference between both is in bold!) 
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
# Phase1 / outer authentication
#anonymous_identity=anonymous at example.com <mailto:>  => anonymous identitiy is not required for PEAP therefore leave it out 
identity="user name" 
password="user password"
ca_cert="/etc/cert/ca.pem"
# Phase 2 / inner authentication
phase2="autheap=TLS"
ca_cert2="/etc/cert/ca2.pem"
client_cert2="/etc/cer/user.pem"
private_key2="/etc/cer/user.prv"
private_key2_passwd="password"
priority=2
}

I wonder which version would do the configuration correct for PEAP/TLS.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20070117/ebc516fd/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Heiss, Stefan.vcf
Type: text/x-vcard
Size: 409 bytes
Desc: Heiss, Stefan.vcf
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20070117/ebc516fd/attachment.vcf 



More information about the Hostap mailing list