Optional displayable message sent with EAP Request-Identity

Jouni Malinen j
Fri Dec 26 10:29:26 PST 2008

On Tue, Dec 23, 2008 at 06:51:34PM +0530, Noorul Ameen T wrote:

> I configured linksys ap in enterprise mode and hostapd as a radius server.
> How to make hostapd to send Identity hints (eap_message=hello in
> hostapd.conf) if the connected user is not found in hostapd.eap_user
> file? In other words, for the Unknown identity I want the server to
> send the optional displayable meesage with EAP Request-Identity.

I'm assuming you are talking about the delivery option 3 described in
RFC 4284 appendix. Only the option 1 (EAP-Request/Identity from the
AP/Authenticator) was previously supported, so you would have needed to
configure this in the AP. Anyway, I added support for option 3 into
hostapd now, so you should be able to do this with the current 0.6.x
snapshot version from the git tree.

This is configured by adding a eap_user file entry that is pointing to
Identity method and configuring eap_message in hostapd.conf in the same
way as it is done for the AP/Authenticator delivery. Here's an example
eap_user file I used when testing this:

"user at example.com"	MD5	"password"
*	Identity

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list