802.1x auth with wpa_supp? - authenticated!

Morgan Read mstuff at pl.net
Tue Oct 5 05:48:29 EDT 2004 

Hi List,
I'd like to say thank you to everybody on this list who's had the 
pleasure of following my (gradual) learning curve - I suspect it might 
have been more exhausting for the rest of you than me!

Jouni, a huge thankyou; I'm amazed by the enormous amount of 
correspondence you manage to keep up - including for a complete novice.

For those who have the pleasure of following this thread in my 
footsteps, I posted to the wrong fork a couple of messages back, so this 
(now on the right thread) is actualy a response to: 
<http://sisyphus.iocaine.com/pipermail/hostap/2004-October/008194.html>

Now for dhcp...

Regards,
Morgan.

Jouni Malinen wrote:
 > On Mon, Oct 04, 2004 at 11:26:37PM +1300, Morgan Read wrote:
 >
 >
 >>Is anybody able confirm that the final but one line in the attached file
 >>(AUTHENTICATED.txt) means what is says, ie I've succeeded in
 >>authenticating against the server?  And, consequently problems with
 >>getting an IP are with dhcp and dhclient and not wpa_supplicant (see
 >>dhclient.txt)?
 >
 >
 > The debug log from wpa_supplicant seemed to indeed show a successful
 > authentiation.
 >
 >
 >>Is it possible to set up wpa_supplicant to run dhclient automatically
 >>once authentication is complete?
 >
 >
 > Not at the moment. There has been some discussion on adding that,
 > though. Another option would be to use wpa_cli to check the status of
 > the connection from an external script and delay DHCP client starting
 > until the authentication has been completed.
 >
 >
 >>Also, I've assumed the WPA responses "EAPOL frame too short" (last line
 >>etc) are irrelevant as I'm not using wpa but 802.1x?
 >
 >
 > Yes, that is fine. WPA part of wpa_supplicant is just reporting that it
 > is ignoring the packet.
 >
 >
 >>Resolved earlier ssl private_key errors by commenting out private_key in
 >>the conf file - so, private_key not necessary; wpa_supplicant seems to
 >>do this internally.  wpa-supplicant.conf attached fyi.
 >
 >
 > wpa_supplicant doesn't do "this" internally. EAP-PEAP does not require
 > client certificate/key at all for TLS.. The configuration file you use
 > looks valid for EAP-PEAP/MSCHAPv2.
 >

-- 
Morgan Read
<mailto:mstuffATplDOTnet>

More information about the HostAP mailing list