Problem connecting Hostapd to external Radius server
Jouni Malinen
jkmaline at cc.hut.fi
Wed Mar 16 13:16:58 EST 2005
On Wed, Mar 16, 2005 at 11:16:50AM +0100, Ajeet Nankani wrote:
> Atleast for me it was little bit confusing also in the begning, this
> eap_authenticator and then using this integrated eap_authenticator as a
> radius for other APs in DS.
>
> To make it more clear, I suggest Jouni to make a separate section in
> hostapd.conf file for this integrated radius server and name the section
> as INTEGRATED RADIUS SERVER, in which we move following options.
>
> eap_authenticator
> ca_cert=/etc/hostapd.ca.pem
> server_cert=/etc/hostapd.server.pem
> private_key=/etc/hostapd.server.prv
> private_key_passwd=secret passphrase
> eap_sim_db=/etc/hostapd.sim_db
Moving these (and eap_user_file) into a separate section sounds
reasonable, but "integrated radius server" is not a correct name for it.
This configuration is for (integrated) EAP authenticator, not RADIUS
server. The RADIUS server can also use this EAP authenticator, but these
fields are generic to the EAP authenticator which can be used both
without RADIUS and with RADIUS.
> and if possible rename eap_authenticator as "integrated_radius_server"
I do not agree with this change, eap_authenticator is used to enable EAP
authentication that can be used as an intergrated authentication
server (without RADIUS) and/or EAP authenticator for a RADIUS server
that other devices can use. In other words, this option does not enable
RADIUS server (but it is needed for the RADIUS server).
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list