Configuration of hostapd for: EAP-PEAP/TLS (outer PEAP and inner TLS configuration)
Heiss, Stefan
Stefan.Heiss
Wed Jan 17 00:26:56 PST 2007
I want to configure hostapd in such a way that it will do outer PEAP and inner TLS configuraiton.
There is actually a example for using TTLS/TLS(outer TTLS and inner TLS authentication) which is:
# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner authentication.
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
# Phase1 / outer authentication
anonymous_identity=anonymous at example.com
ca_cert="/etc/cert/ca.pem"
# Phase 2 / inner authentication
phase2="autheap=TLS"
ca_cert2="/etc/cert/ca2.pem"
client_cert2="/etc/cer/user.pem"
private_key2="/etc/cer/user.prv"
private_key2_passwd="password"
priority=2
}
>From this example, I would like to derive the PEAP/TLS configuration, and version one would be:
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
# Phase1 / outer authentication
#anonymous_identity=anonymous at example.com <mailto:> => anonymous identitiy is not required for PEAP therefore leave it out
ca_cert="/etc/cert/ca.pem"
# Phase 2 / inner authentication
phase2="autheap=TLS"
ca_cert2="/etc/cert/ca2.pem"
client_cert2="/etc/cer/user.pem"
private_key2="/etc/cer/user.prv"
private_key2_passwd="password"
priority=2
}
The second version is: (Note that the difference between both is in bold!)
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
# Phase1 / outer authentication
#anonymous_identity=anonymous at example.com <mailto:> => anonymous identitiy is not required for PEAP therefore leave it out
identity="user name"
password="user password"
ca_cert="/etc/cert/ca.pem"
# Phase 2 / inner authentication
phase2="autheap=TLS"
ca_cert2="/etc/cert/ca2.pem"
client_cert2="/etc/cer/user.pem"
private_key2="/etc/cer/user.prv"
private_key2_passwd="password"
priority=2
}
I wonder which version would do the configuration correct for PEAP/TLS.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20070117/ebc516fd/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Heiss, Stefan.vcf
Type: text/x-vcard
Size: 409 bytes
Desc: Heiss, Stefan.vcf
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20070117/ebc516fd/attachment.vcf
More information about the Hostap
mailing list