More questions on hs20/OSU keys and configuration.

Ben Greear greearb
Thu Mar 26 07:38:25 PDT 2015

On 03/26/2015 06:16 AM, Jouni Malinen wrote:
> On Wed, Mar 25, 2015 at 04:34:00PM -0700, Ben Greear wrote:
>> But, it seems that supplicant is using anonymous@, and so the radius server
>> does not find the user in the eap_user.db file and supplicant cannot connect.
> Hotspot 2.0 mandates use of identity protection for EAP-TTLS, i.e., the
> unencrypted EAP-Identity/Response has to use anonymous@<realm> form
> while the real identity is used only within the encrypted tunnel. You
> will need to configure the authentication server to allow EAP-TTLS to be
> used with such an anonymous identity.

This is a problem with my hostapd-radius server, or the AP, config, or both?

If the radius server, is this some extra config I need to poke into the eap_user.db
similar to how sql-example.txt does?


Ben Greear <greearb at>
Candela Technologies Inc

More information about the Hostap mailing list