More questions on hs20/OSU keys and configuration.

Jouni Malinen j
Thu Mar 26 06:16:48 PDT 2015

On Wed, Mar 25, 2015 at 04:34:00PM -0700, Ben Greear wrote:
> But, it seems that supplicant is using anonymous@, and so the radius server
> does not find the user in the eap_user.db file and supplicant cannot connect.

Hotspot 2.0 mandates use of identity protection for EAP-TTLS, i.e., the
unencrypted EAP-Identity/Response has to use anonymous@<realm> form
while the real identity is used only within the encrypted tunnel. You
will need to configure the authentication server to allow EAP-TTLS to be
used with such an anonymous identity.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list