EAP-TTLS/EAP-TLS hostap configuration
Mr Dash Four
mr.dash.four
Mon Nov 28 05:32:37 PST 2011
> The internal authentication server in hostapd is focusing more on small
> size than large set of functionality that could be more common in
> enterprise environments. Neither two different sets of server
> certificates nor matching of certificate attributes are supported.
>
Thanks! Two more queries, if I may:
1) Should I at least assume that if I use hostapd as RADIUS,
EAP-TTLS/EAP-TLS is supported, but only if I use one set of ca, server
and user certificates/key?; and
2) If I do *not* use hostapd as authentication server (and use external
RADIUS instead), wish to perform EAP-TTLS/EAP-TLS authentication, use
two pairs of ca, server and user certificates/key then I presume all
negotiations between the (wireless) client and RADIUS are passed to
RADIUS by hostapd, thus allowing authentication process to be concluded,
is that correct (I am also assuming that hostapd is installed on the
AP/NAS)?
Many thanks for your input Jouni, much appreciated!
More information about the Hostap
mailing list