Configuring PEAP w/ ndiswrapper

Jouni Malinen jkmaline at cc.hut.fi
Fri Sep 3 11:13:34 EDT 2004


On Fri, Sep 03, 2004 at 07:06:07AM -0300, Donald Teed wrote:

> Some Mac users on our campus found it was possible to get
> wpa_supplicant working with TTLS rather than PEAP - and thus I discovered
> we do not only work with PEAP.  I've tried TTLS as well,
> with a certificate (PEAP doesn't require a certificate,
> but TTLS does - as I've been told) and still the broadcom
> will not work with a broadcasting SSID and ndiswrapper .10 .

Both EAP-PEAP and EAP-TTLS require CA certificate to be configured to
avoid man-in-the-middle attacks. There's not much difference in that
sense with these methods. Yes, you can test either one without the
certificate and the authentication should succeed, but it is just not
secure to do so. Anyway, I don't think the problems with Broadcom card
and ndiswrapper have much to do with the EAP method since most reports I
have seen so far indicate that either the IEEE 802.11 association is not
succeeding or EAPOL packets are not being received at all.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list