More questions on hs20/OSU keys and configuration.
Ben Greear
greearb
Thu Mar 26 10:47:04 PDT 2015
Well, I got it working!
Now, off to document, clean up patches, and so forth....
Thanks!
Ben
On 03/26/2015 09:44 AM, Ben Greear wrote:
> On 03/26/2015 06:16 AM, Jouni Malinen wrote:
>> On Wed, Mar 25, 2015 at 04:34:00PM -0700, Ben Greear wrote:
>>> But, it seems that supplicant is using anonymous@, and so the radius server
>>> does not find the user in the eap_user.db file and supplicant cannot connect.
>>
>> Hotspot 2.0 mandates use of identity protection for EAP-TTLS, i.e., the
>> unencrypted EAP-Identity/Response has to use anonymous@<realm> form
>> while the real identity is used only within the encrypted tunnel. You
>> will need to configure the authentication server to allow EAP-TTLS to be
>> used with such an anonymous identity.
>>
>
> At least part of my problem is that I did not have SQLITE support enabled.
>
> Should we change this config to fail to load if user requests sqlite but
> does not have support compiled in?
>
> #ifdef EAP_SERVER
> static int hostapd_config_read_eap_user(const char *fname,
> struct hostapd_bss_config *conf)
> {
> FILE *f;
> char buf[512], *pos, *start, *pos2;
> int line = 0, ret = 0, num_methods;
> struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL;
>
> if (!fname)
> return 0;
>
> if (os_strncmp(fname, "sqlite:", 7) == 0) {
> os_free(conf->eap_user_sqlite);
> conf->eap_user_sqlite = os_strdup(fname + 7);
> return 0;
> }
>
>
> Thanks,
> ben
>
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Hostap
mailing list