WPA - AP Association Issue

[Bryan Kadzban]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Mr. Maloomnahi wrote:
> 1] Why does the hostapd keeps asking for the vendor method 13 [TLS]?

It doesn't, unless you're using its built-in RADIUS server.  The EAP
method is negotiated between the supplicant and the RADIUS server (not
the supplicant and the AP).

> 2] Since TTLS, PEAP all have been selected during the build, why is
> it not asking for other methods?

Because more than the build-time configuration determines this.  The
methods that get advertised are the intersection of the build-time
configuration and the run-time configuration (i.e. with FreeRADIUS, the
/etc/raddb/eap.conf file, among others).

> 3] How do we change the setting from TLS to TTLS or PEAP or others at
> hostapd?

Unless you're using its built-in RADIUS server, you don't.  You do it at
your RADIUS server.

If you are using hostapd's built-in RADIUS server, then you'd have to
change the hostapd.conf file, but I don't know how many different EAP
methods it actually supports.  You'd have to look at the documentation
for that file.

> 4] Does hostapd automatically consider all EAP methods for
> association?

The AP code inside hostapd doesn't consider any of them; it just passes
the data through from the RADIUS server.  The RADIUS code does not
consider everything either; only what it has support for (and what
hasn't been turned off in the runtime configuration).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHRCDpS5vET1Wea5wRAy7WAJ9eTOeYxm1bbueL8eUUskzVqT7ZegCgmHxB
btLX8LxEb2g7wB+0kIk8hiM=
=jQjC
-----END PGP SIGNATURE-----