hostap configure file example

Jim Howard jim at grayraven.com
Wed Jun 8 14:52:57 EDT 2005


Hello,

After some struggle, I have hostap working in WPA-PSK mode. 

( Just as an aside, I've noticed some clients can't connect to it, I think because they are hardwired to accept only 802.1x authentication version 1 packets, and hostap sets the 802.1x authentication packet version to 2.  )

I would like to configure my access point to use WAP, with PEAP/MSCHAPV2 for authenticatin, using the built in authenticator.

I'm having trouble getting the configuration file correct for this.  I think I understand how to set up the built in authenticator ( see hostapd.conf snipette below), but I'm confused about how to configure for PEAP/MSCHAPV2.  Can someone point to an example hostapd.conf for this configuration?

thanks,

Jim Howard
jim [at] grayraven[dot]com




##### IEEE 802.1X (and IEEE 802.1aa/D4) related configuration #################

# Require IEEE 802.1X authorization
ieee8021x=1

# Use integrated EAP authenticator instead of external RADIUS authentication
# server
eap_authenticator=1

# Path for EAP authenticator user database
eap_user_file=/etc/hostapd.eap_user

# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
ca_cert=/etc/hostapd.ca.pem

# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
server_cert=/etc/hostapd.server.pem

# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
# This may point to the same file as server_cert if both certificate and key
# are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be
# used by commenting out server_cert and specifying the PFX file as the
# private_key.
#private_key=/etc/hostapd.server.prv

# Passphrase for private key
#private_key_passwd=secret passphrase

# Configuration data for EAP-SIM database/authentication gateway interface.
# This is a text string in implementation specific format. The example
# implementation in eap_sim_db.c uses this as the file name for the GSM
# authentication triplets.
#eap_sim_db=/etc/hostapd.sim_db

# Optional displayable message sent with EAP Request-Identity
eap_message=hello

# WEP rekeying (disabled if key lengths are not set or are set to 0)
# Key lengths for default/broadcast and individual/unicast keys:
# 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits)
# 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits)
#wep_key_len_broadcast=5
#wep_key_len_unicast=5
# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
wep_rekey_period=0

# EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only if
# only broadcast keys are used)
eapol_key_index_workaround=0

# EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable
# reauthentication).
#eap_reauth_period=3600
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050608/959542cd/attachment.htm 


More information about the HostAP mailing list