Could not get PMK
David Dudley
DavidDu
Tue Jun 3 14:05:13 PDT 2008
Well, now that I'm finally down past a bunch of items (I never realized
so much went on when I clicked "connect"), I'm down to what I hope is
one of the last problems.
For some reason, I cannot get wpa_supplicant to send a password.
mschapv2 fails every time because I can't send a password.
Is there a way I can set the thing up to not require a password?
Or is there a way I can get wpa_supplicant to send one? I have
password="meter" in my wpa_supplicant.conf file, but it seems to ignore
it.
David
>>> Jouni Malinen <j at w1.fi> 5/24/2008 1:26 AM >>>
On Fri, May 23, 2008 at 03:29:01PM -0500, David Dudley wrote:
> OK, I've attached my hostapd.conf file, and a log from the last time
I
> tried to attach a remote with wpa_supplicant.
It looks like wpa_supplicant was configured to allow any EAP method
and
FreeRADIUS ended up suggesting EAP-MD5 as the first alternative and
that
method does not provide keying material (MSK / PMK) like Alan
mentioned.
I would recommend picking one of the EAP methods and configure
wpa_supplicant only to allow that one to be used (eap-option in the
network block). If you want to use password to authenticate the client
device, you could use either EAP-PEAP or EAP-TTLS. Just remember to
configure ca_cert option in wpa_supplicant to point to a trusted CA
certificate in order to allow the client to authenticate the server,
too.
PS.
It looked like the hostapd configuration and maybe also wpa_supplicant
was set to allow WPA-Personal (PSK) to be used. Was that on purpose or
were you planning on using WPA-Enterprise (EAP) authentication for all
devices? If only EAP is going to be used, I would suggest disabling
WPA-PSK in the configuration. Similarly, if you know that all devices
support CCMP, you could disable TKIP as a pairwise cipher in the
configuration.
--
Jouni Malinen PGP id
EFC895FA
_______________________________________________
HostAP mailing list
HostAP at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: David Dudley.vcf
Url: http://lists.shmoo.com/pipermail/hostap/attachments/20080603/b841479a/attachment.txt
More information about the Hostap
mailing list