Supplicant used different EAP type: 1 (Identity)

Jouni Malinen j at
Sat Sep 14 06:13:38 PDT 2019

On Fri, Sep 13, 2019 at 05:05:01PM -0400, M. Ranganathan wrote:
> I made some progress with trying to configure hostapd and
> wpa_supplicant for EAP-TLS but now I have hit another roadblock.
> Authentication fails with the error message above.
> I see from the wpa_supplicant debug log that the Identity request
> comes in and wpa_supplicant sends the identity but it is rejected by
> the hostapd server
> Here is my hostap config
> interface=ap1-wlan1
> driver=nl80211
> ssid=simplewifi
> wds_sta=1
> hw_mode=g
> channel=1
> ap_isolate=1
> eap_server=1
> ieee8021x=1
> wpa=2
> eap_message=howdy
> eapol_version=2
> wpa_key_mgmt=WPA-EAP
> logger_syslog=-1
> logger_syslog_level=0
> ca_cert=/home/mranga/openssl/ca.crt
> server_cert=/home/mranga/openssl/server.crt
> private_key=/home/mranga/openssl/server.key
> ctrl_interface=/var/run/hostapd
> ctrl_interface_group=0

That's missing eap_user_file, i.e., the EAP server is not configured
with any acceptable user identities and as such, any authentication
attempt will fail. Even for EAP-TLS, you'll need to configure a list of
acceptable EAP user identities which could be as simple as a single
wildcard entry:

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list