WPA2 AES CCMP PEAP GTC Question

[Jouni Malinen]

On Thu, Dec 04, 2008 at 02:59:52PM -0500, david.obrien1 at wachovia.com wrote:
> I have a linux laptop wanting to wifi into the wireless network here...
> The configuration pages from the internal wifi instructions say to go this 
> for the windows configuration
> What would be an appropriate wpa_supplicant.conf to do all this?
> 
> 1.
> a.      select the Enterprise Security radio button
> b.      select WPA2 ? Enterprise in the Network Authentication: drop-down

wpa=WPA2
key_mgmt=WPA-EAP

> c.      select AES ? CCMP in the Data Encryption: drop-down

pairwise=CCMP

> d.      select PEAP in the Authentication Type: drop-down

eap=PEAP

> e.      select GTC in the Authentication Protocol: drop-down

phase2="auth=GTC"

> f.      select Use Windows logon in the User Credentials: drop-down

Single sign-on is not supported yet, so this would mean having to either
enter the credential as part of the configuration file or to provide
them through wpa_cli or wpa_gui during authentication

identity="user"
password="passwd"

> g.      enter anonymous in the Roaming Identity: field

anonymous_identity="anonymous"

> 2.      Configure the following in the Step 2 of 2: PEAP Server section
> a.      check the Validate Server Certificate box
> b.      Select Any Trusted CA in the Certificate Issuer: drop-down

ca_path="/etc/ssl/certs"

(the exact path is distro-specific)

> c.      check the Specify Server or Certificate Name box
> d.      select the Domain name must end with the specified entry radio 
> button
> e.      enter wachovia.net in the Server or Certificate Name: field

I'm not fully sure about which certificate field is matching against,
but it could be this one:

altsubject_match="DNS:wachovia.net"

(see subject_match and altsubject_match description in
wpa_supplicant.conf for more information)

-- 
Jouni Malinen                                            PGP id EFC895FA