Does RADIUS server support ERP?

James Prestwood james.prestwood at linux.intel.com
Tue Apr 2 12:09:14 PDT 2019


Hi,

I am trying to get FILS working and it appears a RADIUS server is
required for this? I am using EAP-PWD as the method for full EAP
authentication, then trying to use FILS to authenticate using the
cached ERP keys. I have played around with the configuration trying to
eliminate the RADIUS server, but regardless of what I do the FILS
authentication will always try to use RADIUS. The full EAP auth works
fine, and I even see hostapd caching my ERP keys:

EAP: Stored ERP keys 3d340950a519007f at example.com

After this I disconnect, and reconnect using FILS. Unfortunately FILS
tries to use RADIUS rather than the internal EAP/ERP server, and since
the previous run never cached the ERP keys in the RADIUS server it only
finds the full user identity, not the derived identity (above). Further
I see in the hostapd RADIUS server implementation there is no use of
the erp_add_key/erp_set_key functions. This makes me think the hostapd
RADIUS server does not support ERP?

If the hostapd RADIUS server does not support ERP is there a way to get
FILS to use the internal EAP/ERP server? I have tried removing all the
radius server options, but FILS still attempts to get a response from
RADIUS regardless.

Thanks,
James




More information about the Hostap mailing list