NetworkManager and wpa_supplicant (it was Re: EAP-TTLS +PAP tunning)

Sergio Belkin sebelk
Thu Jan 1 16:04:08 PST 2009

2008/5/7 Sergio Belkin <sebelk at>:
> 2008/5/7 Jouni Malinen <j at>:
>> On Tue, May 06, 2008 at 10:56:54AM -0300, Sergio Belkin wrote:
>>  > I have a freeradius server that is working well in  university. We use
>>  > EAP-TTLS and PAP protocols.
>> > the nm-applet for setting the connection up. But I'd want to find a
>>  > way to automatize it, that it finds the TTLS certificate and verifies
>>  > the server name (I didn't see this feature in Linux). Could you help
>>  > me to do this with wpa_supplicant? (What tools/apps and file config
>>  > should I look?)
>>  Is your server certificate signed by one of the common CAs (i.e.,
>>  something that is included in trusted CA lists)
> Yes it is
> or is this an in-house
>>  self-signed CA (if yes, how is the CA certificate distributed to
>>  clients?)?
> In Windows, it's bundled with SecureW2 (a customized installation
> includes CA certificate),
>>  wpa_supplicant can be configured to trust a set of CA certificates,
>>  e.g., using a single PEM file with multiple files or using ca_path
>>  parameter to point to a directory of trusted CA certificates. For
>>  example, ca_path="/etc/ssl/certs" would do this on a Gentoo system (that
>>  directory of CA certificates may differ in other distros). subject_match
>>  and altsubject_match parameters can be used to configure requirements
>>  for the authentication server certificate, e.g.,
>>  altsubject_match="".
> Thanks Jouni, I think that that's is what I'm looking for!
> Greets.
> --
> --
> Open Kairos
> Watch More TV
> Sergio Belkin -

I come back because I still have a big doubt. I want to connect to a
wireless network either WPA(2) Enterprise TTLS/PAP or WPA(2)
Enterprise(2) PEAP/MSCHAPv2. I could connect using NetworkManager. But
AFAIK NetworkManager lack the capability of check server radius name,
so there is somewhat insecure. I'd like provide a workaround using
wpa_supplicant (that it seems has such a capability) that  along wwork
with NetworkManager, (in fact I have the maybe wrong impression that
it is not aware of wpa_supplicant.conf) but I don't understand how
modern distros like Fedora or Ubuntu make interact those software with
each other.
Please could you help me to understand it?

Thanks in advance!

Open Kairos
Watch More TV
Sergio Belkin -

More information about the Hostap mailing list