MSCHAPv2 Authentication

Jouni Malinen j
Sun Mar 18 10:23:24 PDT 2007


On Tue, Mar 13, 2007 at 11:40:39AM +0100, Luca Merolla wrote:
> I have tryed to comment the scan_ssid parameter and to change the ESSID,
> maybe the output will help...

The debug log shows a successfully completed authentication with
WPA-Enterprise/TKIP using EAP-PEAP/MSCHAPv2..

> I want also to say in windows when you want to connect for the first
> time to one access point you have to try with the default parameters so
> it will download a certificate and it will fail to login without asking
> username and password.
> After you make all the changes to use PEAP, etc... and you will be able
> to connect, but if you dont download this certificate from the access
> point first, you have no chance to connect.

This is just WinXP configuration/UI issue.. If the client is not
configured to verify the certificate, it can connect without having the
CA certificate. Sure, this is not exactly secure, but it can be used for
testing. Once you receive the CA certificate somehow, it should be used
to allow the server certificate to be validated.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list