NetworkManager and wpa_supplicant (it was Re: EAP-TTLS +PAP tunning)

Sergio Belkin sebelk
Thu Jan 1 16:04:08 PST 2009


2008/5/7 Sergio Belkin <sebelk at gmail.com>:
> 2008/5/7 Jouni Malinen <j at w1.fi>:
>> On Tue, May 06, 2008 at 10:56:54AM -0300, Sergio Belkin wrote:
>>
>>  > I have a freeradius server that is working well in  university. We use
>>  > EAP-TTLS and PAP protocols.
>>
>>
>> > the nm-applet for setting the connection up. But I'd want to find a
>>  > way to automatize it, that it finds the TTLS certificate and verifies
>>  > the server name (I didn't see this feature in Linux). Could you help
>>  > me to do this with wpa_supplicant? (What tools/apps and file config
>>  > should I look?)
>>
>>  Is your server certificate signed by one of the common CAs (i.e.,
>>  something that is included in trusted CA lists)
>
> Yes it is
>
> or is this an in-house
>>  self-signed CA (if yes, how is the CA certificate distributed to
>>  clients?)?
>
> In Windows, it's bundled with SecureW2 (a customized installation
> includes CA certificate),
>
>>
>>  wpa_supplicant can be configured to trust a set of CA certificates,
>>  e.g., using a single PEM file with multiple files or using ca_path
>>  parameter to point to a directory of trusted CA certificates. For
>>  example, ca_path="/etc/ssl/certs" would do this on a Gentoo system (that
>>  directory of CA certificates may differ in other distros). subject_match
>>  and altsubject_match parameters can be used to configure requirements
>>  for the authentication server certificate, e.g.,
>>  altsubject_match="DNS:as.example.com".
>
> Thanks Jouni, I think that that's is what I'm looking for!
>
> Greets.
> --
> --
> Open Kairos http://www.openkairos.com
> Watch More TV http://sebelk.blogspot.com
> Sergio Belkin -
>

Hi,
I come back because I still have a big doubt. I want to connect to a
wireless network either WPA(2) Enterprise TTLS/PAP or WPA(2)
Enterprise(2) PEAP/MSCHAPv2. I could connect using NetworkManager. But
AFAIK NetworkManager lack the capability of check server radius name,
so there is somewhat insecure. I'd like provide a workaround using
wpa_supplicant (that it seems has such a capability) that  along wwork
with NetworkManager, (in fact I have the maybe wrong impression that
it is not aware of wpa_supplicant.conf) but I don't understand how
modern distros like Fedora or Ubuntu make interact those software with
each other.
Please could you help me to understand it?

Thanks in advance!

-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -



More information about the Hostap mailing list