Config for WPA Peap and MSchap v2 and Radius auth
bryan at kadzban.is-a-geek.net
Mon Jan 9 18:24:39 EST 2006
Kevin Everts wrote:
> The AP at work is using WPA with
> TKIP, EAP/LEAP for radius authentication (windows 2000 domain authentication
> to a windows 2000 radius server).
LEAP (the Cisco proprietary, brute-force-able protocol) or PEAP (the
tunnel protocol, usually with MSCHAPv2 underneath)? AFAIK the Windows
RADIUS server doesn't support LEAP. But it does support PEAP/MSCHAPv2,
so I'm guessing that's what you meant.
> Here is my config for the AP (from /etc/wpa_supplicant.conf)
That should be:
since IEEE8021X is for dynamic WEP. WPA-EAP is for either WPA or WPA2
(not *-PSK though; see the sample config file for the documentation).
You will probably also need:
These may be the defaults, but it's always a good idea to be explicit.
You will also need to set identity="yourusername", and configure your
password. If this is a Windows box, and your company is doing machine
authentication, then there's no way I know of to use the machine's
domain credentials, but hopefully that's not an issue.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060109/1eb27bab/attachment.pgp
More information about the HostAP