wpa_supplicant (EAP-TLS) + RADIUS (Free radius) + AP

Anuranjani Nandakumar n.anuranjani
Thu Jul 6 03:27:30 PDT 2006

Hi all,
I am trying to configure wpa_supplicant in Windows which has a netgear
wg311v2 card. I am using FreeRadius as the backend server. Linksys
WRT54G is the AP.
My configuration are as follows:
In FreeRadius:
	-Edited radiusd.conf to enable "eap" in authenticate.
	-Edited eap.conf:
 	eap {
              	 default_eap_type = tls
               	 timer_expire     = 60
       	 tls {
                       private_key_password = *********
                       private_key_file =   ${raddbdir}/certs/server_keycert.pem
                       certificate_file = ${raddbdir}/certs/server_keycert.pem
                       CA_file = ${raddbdir}/certs/cacert.pem
                       dh_file = ${raddbdir}/certs/dh
                       random_file = ${raddbdir}/certs/random
                       fragment_size = 1024

In the Access point:
	Linksys WRT54G has the following wireless security options:
	Security mode:  Disabled
	                          WPA Personal
		     WPA Enterprise
		     WPA2 Personal
		     WPA2 Enterprise
	From the above options i chose WPA Enterprise which would mean EAP + WPA.
	WPA Algorithms: TKIP
	From these i chose TKIP but was not quite sure why i am choosing that.
	Radius server:
	Radius port : 1812
	Shared key:
	Key renewal timeout :
Please confirm whether the configurations i made are correct for an
EAP-TLS authentication followed by WPA.

In the wpa_supplicant:

The wireless card used is Netgear wg311 v2 and this uses Ndis driver.

I tried configuring the wpa_supplicant in Windows XP. The supplicant
configuration was totally out of context for me. I was wondering on
how i wld replace the path to certificates in Windows. I jus gave a
rough configuration and ran the supplicant. To my surprise supplicant
contacted the AP and the AP inturn sent it to RADIUS. But the RADIUS
server as i expected replied with an access reject.

Please help me out on configuring the wpa_supplicant in windows given
tht my CA cert is cacert.pem and client cert is client_cert.p12

I hope its a detailed description of the set up. Have i left anything
specific tht would make things clear? Do let me know.

Thanks in advance
Anuranjani Nandakumar.

More information about the Hostap mailing list