802.1X PEAP EAP MASCHAPv2

Bryan Kadzban bryan at kadzban.is-a-geek.net
Wed Aug 17 12:43:25 EDT 2005


On Wed, Aug 17, 2005 at 03:58:49PM +0000, Lucia Di Occhi wrote:
> I am having problems connecting to a network using PEAP
> They use CISCO Aironet 1200 and a CISCO Secure ACS configured for PEAP  
> EAP-MSCHAPv2.
> 
>        eap=TTLS

Isn't PEAP different from TTLS?  I thought it was (at least, the driver
for eap-ttls is a different file than the driver for eap-peap).  Maybe
try eap=PEAP in the config instead?  Or did you do that already?

Also, double check the PEAP version against what your RADIUS server
supports.  Some servers don't support PEAPv1 well (at least according to
eap_testing.txt in the wpa_supplicant sources); they require PEAPv0.

It seems (from reading the comments in the sample .conf file anyway)
that you can use the phase1 setting to do this, like so:

network whatever {
	eap=PEAP
	phase1="peapver=0"   # or maybe "peapver=1 peaplabel=1"
	phase2="auth=MSCHAPV2"
    # other stuff
}

The anonymous_identity option may also be useful.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050817/3ea456d9/attachment.pgp 


More information about the HostAP mailing list