eap-mschapv2

Jouni Malinen jkmaline at cc.hut.fi
Fri Aug 6 16:21:46 EDT 2004


On Sat, Aug 07, 2004 at 12:49:23AM +1000, Simon Males wrote:

> Would you be able to assist me in the following configuration. I have 
> deciphered this information from the WinXP setup guide for access to the 
> wireless network at my university
> 
> Data encryption:		TKIP
> IEEE 802.1x authentication:	Disabled
> EAP Type:			Protected EAP (PEAP)
> Trusted Root CA:		Tawte Server CA
> Authentication Method:		EAP-MSCHAPv2
> 
> wpa_supplicant.conf:
> 
> network {
> 	ssid="xyz"
> 	proto=WPA
> 	eap=PEAP
> 	ca_cert=		<<-- how do i get this

You would need to download the CA certificate from the CA. "Tawte"
sounds like a typo though. Could that be "Thawte"? I would assume the
root CA would be available somewhere from www.thawte.com. In addition,
this is likely to be available in most web browser installation.

> 	pairwise=TKIP
> 	identity="usr at host"
> 	password="foobar"
> 	phase1 phase2 ?

phase1/phase2 depends on the used authentication server. If it is
Microsoft IAS, you should not need to set either. You can set them to
following values, if the connection does not work otherwise:

    phase1="peapver=0"
    phase2="auth=MSCHAPV2"

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list