HostAP and EAP/TLS

Chris Evans cwevans at acm.org
Tue May 18 13:31:09 EDT 2004


I've got it working fine on my system.  Or so I think.  Every once in a 
while my hostap boxes crash, but it works well enough for me to not 
debug.  The freeradius server stays up just fine.

If you need more help then the part of the file that I think applies to 
eap-tls, just let me know.

part of my radiusd.conf file
eap {
                 #  Invoke the default supported EAP type when
                 #  EAP-Identity response is received.
                 #
                 #  The incoming EAP messages DO NOT specify which EAP
                 #  type they will be using, so it MUST be set here.
                 #
                 #  For now, only one default EAP type may be used at a 
time.
                 #
                 default_eap_type = tls
                 authtype = EAP  ## TODO added, does this work
                 #  Default expiry time to clean the EAP list, It is
                 #  maintained to correlate the EAP-Response for each
                 #  EAP-request sent.
                 timer_expire     = 60
...
                ## EAP-TLS is highly experimental EAP-Type at the moment.
                 #       Please give feedback on the mailing list.
                 tls {
                         private_key_password = password-foo
                         private_key_file = /etc/freeradius/cert-srv.pem

                         #  If Private key & Certificate are located in
                         #  the same file, then private_key_file &
                         #  certificate_file must contain the same file
                         #  name.
                         certificate_file = /etc/freeradius/cert-srv.pem

                         #  Trusted Root CA list
                         CA_file = /etc/freeradius/root.pem

                         dh_file = /etc/freeradius/dh_file
                         random_file = /etc/freeradius/random_file

                         #
                         #  This can never exceed the size of a RADIUS
                         #  packet (4096 bytes), and is preferably half
                         #  that, to accomodate other attributes in
                         #  RADIUS packet.  On most APs the MAX packet
                         #  length is configured between 1500 - 1600
                         #  In these cases, fragment size should be
                         #  1024 or less.
                         #
                         fragment_size = 512

                                 #  include_length is a flag which is
                                 #  by default set to yes If set to
                                 #  yes, Total Length of the message is
                                 #  included in EVERY packet we send.
                                 #  If set to no, Total Length of the
                                 #  message is included ONLY in the
                                 #  First packet of a fragment series.
                                 #
                                 include_length = yes
                 }


         }

On May 18, 2004, at 9:31 AM, Daniel Walther wrote:

> Hi @all
>
> I'm trying to set up HostAP with EAP/TLS. I'm using freeradius.
> But now I have the problem, that the freeradius server crashes after 
> one
> autorization request over EAP/TLS.
> Is there anyone who use HostAP with EAP/TLS and it works? And with 
> which
> products and settings do you use it?
>
> Thanks for your help.
>
> Regards
> Daniel
>
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
>
--
       -+--++---+++----++++-----+++++-----++++----+++---++--+-
      ___
  _.-|   |          |\__/,|   (`\      | Chris Evans
{   |   |          |o o  |__ _) )     |
  "-.|___|        _.( T   )  `  /      | cwevans at acm.org
   .--'-`-.     _((_ `^--' /_<  \      |
.+|______|__.-||__)`-'(((/  (((/      |  "Any technology distinguishable
                                       |  from magic, is not advanced
   Nika plays with a computer mouse    |  enough" -- Gregory Benford
       BY: Mike Rosulek                |
          http://showcase.netins.net/web/mikewrld/ascii/




More information about the HostAP mailing list