WPA - AP Association Issue

Jouni Malinen j
Sat Nov 17 07:04:04 PST 2007


On Wed, Nov 14, 2007 at 04:27:55PM +0530, Mr. Maloomnahi wrote:

> I have the same setting going on and TLS / TTLS / PEAP works completely fine. Thansks for all the help.
> 
> But when I add phase 2 of SIM, AKA, PAX, SAKE it does not remain associated and gets disconnected soon.

I've never tested SIM,AKA,PAX,SAKE as a phase 2 method since this is not
really very common configuration. Do you have any particular reason for
selecting this kind of configuration?

> 1] Are the settings in the CONF file wrong? [current one is for AKA]

EAP-TTLS does not normally use a client side private key, so it is
somewhat surprising to see client_cert, private_key, and
private_key_passwd configured. Furthermore, the psk field is only used
with WPA-PSK, so that would not be needed here either.

As far as phase 2 configuration is concerned, EAP-AKA does not use
certificates, i.e., ca_cert2, client_cert2, private_key2 are not used.
Furthermore, password is not used. pin="0" sounds very unlikely to be a
correct PIN for the USIM card and as Bryan already noted, it does not
look like EAP-AKA has even been included in the wpa_supplicant build you
are using.

> 2] Are there any settings required at the AP / Hostapd end?

Yes, you would need to enable the EAP method you are trying to use.. The
debug output showed that the authentication server wants to use EAP-TLS
and client is only configured to allow EAP-TTLS.

> 3] Why does the hostapd.eap_user does not accept PAP and CHAP settings of identiy and pw

It does, but that has nothing to do with SIM, AKA, PAX, or SAKE.. If you
want to use EAP-TTLS with PAP or CHAP, they are charing the same
password with the other password-based phase 2 methods (i.e., you can
just add '"user" MD5 "password" [2]' to configure the username/password
for EAP-TTLS/PAP and EAP-TTLS/CHAP.

> 4] What are the setting in CONF file for SAKE, PAX and SIM?

Those are described in the example hostapd.eap_user file.
 
-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list