testing EAP-FAST
Tilman Baumann
tilman.baumann
Fri May 31 08:00:17 PDT 2013
On 30/05/13 15:14, Tilman Baumann wrote:
> On 30/05/13 11:24, Tilman Baumann wrote:
>> On 13/05/13 20:01, Jouni Malinen wrote:
>>> On Mon, May 13, 2013 at 04:45:31PM +0100, Tilman Baumann wrote:
>>
>>>> PS: I would like to test LEAP-FAST as well. Is freeradius with the
>>>> hostap eap lib the best way to go?
>>>> I did not really want to re-compile it, but I would if that's the way to
>>>> go. (using debian package right now)
>>>
>>> Assuming you are talking about EAP-FAST here, it would likely be easier
>>> to use hostapd as the RADIUS authentication server than trying to make
>>> FreeRADIUS use this through the eap2 module.
>>
>>
>> Sorry to pick your brain again. I'm getting stuck here - again. I should
>> really know more basics before I start working on things like that. *g*
>>
>> So basically I like to try if EAP-FAST works with wpa_supplicant.
>>
>> I'm trying to figure out which config options I will need to ask from
>> the user to cover all non certificate based authentication methods on
>> wired ethernet.
>> See my simple wpa_supplicant.conf below.
>
> Looks like I was reading the wrong examples. But I still don't get it.
> But I suppose anonymous_identity phase1 and pac_file are not irrelevant...
I simplified my hostapd.eap_user a bit
* PEAP,TTLS,TLS
"test"
PEAP,MD5,GTC,MSCHAPV2,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2
"test" [2]
FAST still does not work.
I'm using this client conf.
network={
key_mgmt=IEEE8021X
eap=FAST
identity="test"
password="test"
anonymous_identity="test"
phase1="fast_provisioning=3"
pac_file="/var/run/wpa_supplicant.pacfile"
}
If I change eap from FAST to PEAP I can log in no worries. It is really
just FAST that buggs me.
I must still be missing something crucial.
If you like I can provide network captures or log files.
--
Tilman Baumann
Oncam Grandeye
6 Huxley Road, Surrey Research Park
Guildford, GU2 7RE, United Kingdom
More information about the Hostap
mailing list