Using wpasupplicant to connect to 802.1X certificate protected network. Xubuntu 14.04
Jouni Malinen
j at w1.fi
Wed Feb 17 07:43:47 PST 2016
On Wed, Feb 17, 2016 at 03:13:03PM +0100, gunnaroeh at posteo.de wrote:
> I got the impression, that to be able to connect to a 802.1X wired
> network, which is not password protected (certificates only) I need
> to use wpasupplicant.
> The network admin stated that the following informations about the
> network are correct:
>
> key_mgmt=IEEE8021X
> eap=PEAP
> anonymous_identity="some identity"
> ca_cert="path to ca.cer"
> phase2="auth=mschapv2"
>
Why would this use PEAP if you are using certificates instead of
username/password? Wouldn't it be EAP-TLS which is used with private key
and certificate? Or maybe this is PEAP with EAP-TLS in Phase 2?
Without knowing what the authentication server expects, it is difficult
to provide more guidance on how to configure wpa_supplicant for that. In
any case, the configuration here is invalid, i.e., PEAP with MSCHAPv2
requires a user name and password.
> sudo wpa_supplicant -c /etc/wpa_supplicant.conf -dd wired -i eth0
I'm surprised if that command line would actually be accepted.. The
driver interface would need to be selected with -Dwired.
> Initializing interface 'eth0' conf '/etc/wpa_supplicant.conf' driver
> 'default' ctrl_interface 'N/A' bridge 'N/A'
...
> nl80211: Supported cipher 00-0f-ac:4
And this seems to imply that the nl80211 (Wi-Fi) driver interface is
used instead. You'll need to add -Dwired to the command line for the
operations to work.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list