More questions on hs20/OSU keys and configuration.
Ben Greear
greearb
Thu Mar 26 07:38:25 PDT 2015
On 03/26/2015 06:16 AM, Jouni Malinen wrote:
> On Wed, Mar 25, 2015 at 04:34:00PM -0700, Ben Greear wrote:
>> But, it seems that supplicant is using anonymous@, and so the radius server
>> does not find the user in the eap_user.db file and supplicant cannot connect.
>
> Hotspot 2.0 mandates use of identity protection for EAP-TTLS, i.e., the
> unencrypted EAP-Identity/Response has to use anonymous@<realm> form
> while the real identity is used only within the encrypted tunnel. You
> will need to configure the authentication server to allow EAP-TTLS to be
> used with such an anonymous identity.
This is a problem with my hostapd-radius server, or the AP, config, or both?
If the radius server, is this some extra config I need to poke into the eap_user.db
similar to how sql-example.txt does?
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Hostap
mailing list