EAP-TEAP with EAP-TLS/EAP-TLS support in eapol_test

Stefan Paetow Stefan.Paetow at jisc.ac.uk
Tue Oct 14 00:44:38 PDT 2025 

Dave,

Try using these parameters instead:

private_key2="./certs/machine.p12"
private_key2_passwd="123456"

Since EAP-TLS in this case is in phase 2, you have to provide the '2' version of the parameter. :-)

Kind regards

Stefan Paetow
Federated Roaming Technical Specialist
eduroam(UK), Jisc

email/teams: stefan.paetow at jisc.ac.uk
gpg: 0x3FCE5142

For eduroam support, please contact the eduroam team via help at jisc.ac.uk and mark it for eduroam’s attention.
I am not available on Mondays and Fridays between 12:00 and 15:00 London time (UTC in winter, UTC+0100 in summer).

Note: I don’t expect a reply outside of your working hours, since I work internationally with colleagues in different nationalities with different religions, customs, and holidays. Reply when it is convenient for you.

Jisc is a registered charity (in England and Wales under charity number 1149740; in Scotland under charity number SC053607) and a company limited by guarantee registered in England under company number 05747339, VAT number GB 197 0632 86. Jisc's registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.

For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice





On 13/10/2025, 09:07, "Hostap on behalf of Dave Wang" <hostap-bounces at lists.infradead.org <mailto:hostap-bounces at lists.infradead.org> on behalf of mythjill at gmail.com <mailto:mythjill at gmail.com>> wrote:


Hi there,


working on using eapol_test (latest, compiled from git repo) to test
EAP-TEAP support in freeradius,


The sample config in freeradius all works, which covers
mschapv2/eap-tls, mschapv2/mschapv2 cases.


However, we are more interested in using eap-tls for user
authentication, but it seems it always fails on the eapol_test side by
complaining about no private key.


"EAP-TLS: Private key not configured"


sample config as follows.


network={
ssid="example"
key_mgmt=WPA-EAP
eap=TEAP
anonymous_identity="anonymous"
phase1="teap_compat=freeradius,tls_disable_tlsv1_0=1,tls_disable_tlsv1_1=1"
# User auth
phase2="auth=TLS"
identity="dave"
private_key="./certs/machine.p12"
private_key_passwd="123456"


#machine auth
machine_phase2="auth=TLS"
machine_identity="test"
machine_private_key="./certs/machine.p12"
machine_private_key_passwd="123456"


pac_file="./pac"
}


Is this case not covered by the integration test done in early 2025
and not supported in eapol_test?


Regards,
Dave


_______________________________________________
Hostap mailing list
Hostap at lists.infradead.org <mailto:Hostap at lists.infradead.org>
http://lists.infradead.org/mailman/listinfo/hostap <http://lists.infradead.org/mailman/listinfo/hostap>

More information about the Hostap mailing list