HostAPD RADIUS setup for EAP-FAST / PEAP-TLS and EAP-TTLS-TLS

Ferguson, Dana R Dana.Ferguson
Thu Oct 20 07:43:44 PDT 2011 

Adding the config for the # Integrated EAP server #

eap_server=1
ca_cert=/etc/hostapd/Certificates/CA/pem/512ca.pem
server_cert=/etc/hostapd/Certificates/CA/pem/512ca.pem
private_key=/etc/hostapd/Certificates/CA/pfx/512ca.pfx
private_key_passwd=passphrase
#check_crl=1
dh_file=/etc/hostapd.dh.pem
#eap_sim_db=unix:/tmp/hlr_auc_gw.sock
pac_opaque_encr_key=e350ddd67135c2029ad25ce0d2886c4e
eap_fast_a_id=c035cfc65e00352b84a64ea738bfa9af
eap_fast_a_id_info=testsvr
eap_fast_prov=3
pac_key_lifetime=604800
pac_key_refresh_time=86400
#eap_sim_aka_result_ind=1
tnc=1


Here is the error I get:

Configuration file: ./hostapd.conf
Line 550: unknown configuration item 'pac_opaque_encr_key'
Line 559: unknown configuration item 'eap_fast_a_id'
Line 564: unknown configuration item 'eap_fast_a_id_info'
Line 571: unknown configuration item 'eap_fast_prov'
Line 574: unknown configuration item 'pac_key_lifetime'
Line 579: unknown configuration item 'pac_key_refresh_time'
6 errors found in configuration file './hostapd.conf'
Thank you,

Dana

From: hostap-bounces at lists.shmoo.com [mailto:hostap-bounces at lists.shmoo.com] On Behalf Of Ferguson, Dana R
Sent: Thursday, October 20, 2011 8:18 AM
To: ???
Cc: Jouni Malinen; hostap at lists.shmoo.com
Subject: RE: Re:RE: HostAPD RADIUS setup for EAP-FAST / PEAP-TLS and EAP-TTLS-TLS

Hi,

This is what I have for this:

ca_cert=/etc/hostapd/Certificates/CA/pem/512ca.pem
server_cert=/etc/hostapd/Certificates/CA/pem/512ca.pem
private_key=/etc/hostapd/Certificates/CA/pfx/512ca.pfx

They are created with openssl and are go till 2031 I tested these on a FreeRADIUS box so they work.

Thank you,

Dana

From: ??? [mailto:wanqingsong_1983 at 126.com]<mailto:[mailto:wanqingsong_1983 at 126.com]>
Sent: Thursday, October 20, 2011 2:35 AM
To: Ferguson, Dana R
Cc: Jouni Malinen; hostap at lists.shmoo.com<mailto:hostap at lists.shmoo.com>
Subject: Re:RE: HostAPD RADIUS setup for EAP-FAST / PEAP-TLS and EAP-TTLS-TLS

Please show the error messge, that would be helpful.
Maybe:

in hostapd.conf:
ca_cert=/home/ssl/certs/ca.crt.pem
server_cert=/home/ssl/certs/server.crt.pem
private_key=/home/ssl/private/serverkey.pem

I use openssl to generate the *.pem files, if these files have something wrong when you start the hostapd it will report errors.


At 2011-10-20 09:35:33,"Ferguson, Dana R" <Dana.Ferguson at flukenetworks.com<mailto:Dana.Ferguson at flukenetworks.com>> wrote:

>Hi,

>

>I tried enabling the EAP-FAST in the hostapd.conf but the RADIUS server wouldn't start correctly.

>

>As for the EAP-PEAP-TLS and EAP/TTLS-TLS this is the only place I could find that might be where I enable it but every time I add it in it to gives me errors.

>

>Thank you,

>

>Dana

>

>-----Original Message-----

>From: hostap-bounces at lists.shmoo.com<mailto:hostap-bounces at lists.shmoo.com> [mailto:hostap-bounces at lists.shmoo.com]<mailto:[mailto:hostap-bounces at lists.shmoo.com]> On Behalf Of Jouni Malinen

>Sent: Wednesday, October 19, 2011 3:13 PM

>To: hostap at lists.shmoo.com<mailto:hostap at lists.shmoo.com>

>Subject: Re: HostAPD RADIUS setup for EAP-FAST / PEAP-TLS and EAP-TTLS-TLS

>

>On Wed, Oct 19, 2011 at 01:43:39PM -0700, Ferguson, Dana R wrote:

>> >From my hostapd.eap_user config.

>

>> # Wildcard for all other identities

>> *                                 PEAP,TTLS,TLS

>

>Are you enabling EAP-FAST somewhere else?

>

>> # Phase 2 (tunneled within EAP-PEAP or EAP-TTLS) users

>> "test"             PEAP,MD5,GTC,MSCHAPV2,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2           "test"  [2]

>

>This does not enable TLS in phase 2. Do you have that somewhere else to enable PEAP/TLS and EAP-TTLS/TLS?

>

>--

>Jouni Malinen                                            PGP id EFC895FA

>_______________________________________________

>HostAP mailing list

>HostAP at lists.shmoo.com<mailto:HostAP at lists.shmoo.com>

>http://lists.shmoo.com/mailman/listinfo/hostap

>

>

>_______________________________________________

>HostAP mailing list

>HostAP at lists.shmoo.com<mailto:HostAP at lists.shmoo.com>

>http://lists.shmoo.com/mailman/listinfo/hostap

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20111020/32297521/attachment.htm

More information about the Hostap mailing list