Config for WPA Peap and MSchap v2 and Radius auth

Kevin Everts kevin79 at gmail.com
Wed Jan 11 12:38:55 EST 2006


Thanks. That worked. One more question. How do I connect to an AP with the
SSID broadcast turned off?

On 1/9/06, Bryan Kadzban <bryan at kadzban.is-a-geek.net> wrote:
>
> Kevin Everts wrote:
> > The AP at work is using WPA with
> > TKIP, EAP/LEAP for radius authentication (windows 2000 domain
> authentication
> > to a windows 2000 radius server).
>
> LEAP (the Cisco proprietary, brute-force-able protocol) or PEAP (the
> tunnel protocol, usually with MSCHAPv2 underneath)?  AFAIK the Windows
> RADIUS server doesn't support LEAP.  But it does support PEAP/MSCHAPv2,
> so I'm guessing that's what you meant.
>
> > Here is my config for the AP (from /etc/wpa_supplicant.conf)
> >
> > network={
> >     ssid="CE"
> >     key_mgmt=IEEE8021X
> >     eap=PEAP
> >     phase2="auth=MSCHAPV2"
> > }
>
> That should be:
>
> key_mgmt=WPA-EAP
>
> since IEEE8021X is for dynamic WEP.  WPA-EAP is for either WPA or WPA2
> (not *-PSK though; see the sample config file for the documentation).
>
> You will probably also need:
>
> pairwise=TKIP
> group=TKIP
> proto=WPA
>
> These may be the defaults, but it's always a good idea to be explicit.
>
> You will also need to set identity="yourusername", and configure your
> password.  If this is a Windows box, and your company is doing machine
> authentication, then there's no way I know of to use the machine's
> domain credentials, but hopefully that's not an issue.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20060111/661c6870/attachment.htm 


More information about the HostAP mailing list