QUESTION: How to do a COMPUTER NAME (not user name) 802.1x (RADIUS) authentication with wpa_supplicant in Ubuntu 12.04?

McArthor Lee macarthorzhuce
Fri Mar 29 03:08:20 PDT 2013


Hi Jouni,


Yes, I think the problem may lie in the certificate.


I made the certificate by the steps stated in my first email. The "identity" field of wpa_supplicant.conf is computer name "host/ubuntu.nps.test", while the certificate only contains information about the "testadmin" user. The information sent to NPS server is mismatch, I think, but I don't know what's the correct thing to do a computer name authentication.


At 2013-03-29 15:19:28,"Jouni Malinen" <j at w1.fi> wrote:
>On Fri, Mar 29, 2013 at 09:30:36AM +0800, McArthor Lee wrote:
>> I'm not using NM to configure 802.1x. I'm configuring 802.1x with wpa_supplicant directly. And I'm trying to do a computer name authentication. I wonder if wpa_supplicant supports such authentication, and how to do it.
>
>In most cases, I'd expect this to be just a configuration question,
>i.e., to set the identity and certificate parameters that the server
>side expects. I'm not sure what the exact NPS requirements here are, so
>it is a bit difficult to comment on what could be missing or incorrect.
>Anyway, the reason for denying authentication was "Authentication failed
>due to a user credentials mismatch. Either the user name provided does
>not map to an existing user account or the password was incorrect."
>which does not more like something being different in identities rather
>than something missing from implementation.
>
>-- 
>Jouni Malinen                                            PGP id EFC895FA
>_______________________________________________
>HostAP mailing list
>HostAP at lists.shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20130329/5e282114/attachment-0001.htm 



More information about the Hostap mailing list