EAP_FAST support with cisco ACS server

[Kiran Divekar]

>>   I want to use using wpa_supplicant 0.5.10 with cisco ACS server. I
>> have recompiled it with openssl having tls-extensions patch. I have
>> the .pac file from the server which is in binary format. I am having
>> trouble getting the wpa_supplicant to use the .pac file.

> The PAC file format used by Cisco is not supported in wpa_supplicant
> since there does not seem to be any public documentation describing the
> used format.

Thanks Jouni for your answer.

>>   Can you please let me know, if I can use the pac file in binary
>> format? If supplicant version 0.5.10 supports pac file in text format
>> only, how can convert the binary file to text file? Also, if I use
>> wpa_suppicant ver. 0.6.1 which support phase1 =
>> "fast_pac_format=binary" option, it fails to recognize the .pac file.?
>> How can I check the integrity of the pac file for wpa_supplicant ?
>
>
> You would need to convert the PAC file to format supported by
> wpa_supplicant for this off-line provisioning to work.. Which is going
> to be a bit complex operation unless you have access to specification of
> the Cisco format. However, if you are fine using in-band provisioning of
> the PAC, that should work fine with Cisco ACS.

I tried the fast_provisioning=1 option for phase1. When I ran the
supplicant, it bailed out during eap_fast_init step. It correctly sets
the provisioning_allowed flag to 1, but goes ahead to load pac file (
eap_fast_load_pac) and fails as the config->pac_file is null. Do i
need to get updated wpa_supplicant or am I missing something else?

Thanks,
- Kiran