More questions on hs20/OSU keys and configuration.
Thu Mar 26 06:16:48 PDT 2015
On Wed, Mar 25, 2015 at 04:34:00PM -0700, Ben Greear wrote:
> But, it seems that supplicant is using anonymous@, and so the radius server
> does not find the user in the eap_user.db file and supplicant cannot connect.
Hotspot 2.0 mandates use of identity protection for EAP-TTLS, i.e., the
unencrypted EAP-Identity/Response has to use anonymous@<realm> form
while the real identity is used only within the encrypted tunnel. You
will need to configure the authentication server to allow EAP-TTLS to be
used with such an anonymous identity.
Jouni Malinen PGP id EFC895FA
More information about the Hostap