EAP-TLS + PSK : Unsupported EAP type 'PSK'

Jouni Malinen j
Sat Jul 19 23:38:07 PDT 2014

On Wed, Jul 16, 2014 at 11:16:17AM +0200, L?o Peltier wrote:
> I'm currently setting up access points that need both EAP-TLS
> authentication and a PSK when an user need to access the device
> directly. This works using 'hostapd v0.7.3' on Ubuntu 12.04 (i386) using the
> following config:
> hostapd.conf (shortened):
> > wpa_key_mgmt=WPA-EAP WPA-PSK
> > wpa_psk=deadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f
> > eap_user_file=/path/to/users
> users:
> > "some-prefix-"* TLS
> > * PSK deadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f

That EAP users PSK entry is for EAP-PSK, not for WPA-Passphrase/PSK.
Since you mention EAP-TLS and PSK, I'd assume you only need the TLS
entry in the EAP users file and the WPA PSK is configured with wpa_psk.

> > Unsupported EAP type 'PSK' on line 2 in '/var/run/hostapd-eap'

While that can be resolved by adding support for EAP-PSK into hostapd
build, it does not sound like you would actually be using EAP-PSK and
the more appropriate way of fixing this is removing that unused "* PSK
..." line from the eap_user_file.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list