Cannot lookup EAP user on reauthentication (PEAP/TTLS)

Alan DeKok aland at
Mon May 30 06:06:34 PDT 2022

On May 27, 2022, at 9:09 PM, James Prestwood <prestwoj at> wrote:
> I believe its looking it up directly from the reauth command:

  OK, so that's the piece which was missing.

  The reauth command could just re-authenticate a particular port.  In which case (IIRC) t only needs to know the MAC which was authenticated.

> And you're right, I'm not sure why it needs to look up the identity at
> this point. It could just send an identity request to the station, wait
> for whatever identity is sent back, and use that for the lookup. This
> would put the burden on the station to send the correct identity. But
> in any case, this is what it does.

  That seems correct.  If the supplicant sends the same identity, the previously cached one will be found.  If the supplicant sends a different identity, then they have to do a full re-authentication.

  Alan DeKok.

More information about the Hostap mailing list