how to use wpa_supplicant on wpa network with peap andcredentialing

Maureen Lai maureenlai at allion.com
Tue Jul 18 23:51:58 EDT 2006


How about try this configure in wpa_supplicant.conf in wpa_supplicant
tar ball.

# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new
peaplabel

network={
	ssid="schoolssid"
	key_mgmt=WPA-EAP
	eap=PEAP
	identity="username"
	password="password"
	ca_cert="/etc/cert/ca.pem"
	phase1="peaplabel=1"
	phase2="auth=MSCHAPV2"
}

I think you might need to get a certificate file (ca.pem) from your
radius server first.

-----Original Message-----
From: hostap-bounces+maureenlai=allion.com at shmoo.com
[mailto:hostap-bounces+maureenlai=allion.com at shmoo.com] On Behalf Of
John H.
Sent: Wednesday, July 19, 2006 10:28 AM
To: Andrew Barr
Cc: hostap at shmoo.com
Subject: Re: how to use wpa_supplicant on wpa network with peap
andcredentialing

hmm, i did as i thought i was told to do, but it caused an error in my
config file and not until i commented out the entry could i use
wpa_supplicant for other networks. here is what i had

#network={
#        ssid="schoolssid"
#        proto=WPA
#        key_mgmt=WPA-PSK
#        pairwise=TKIP
#        group=TKIP
#        scan_ssid=1
#        eap=PEAP
#       identity="username"
#       password="password"
#}


On 7/17/06, Andrew Barr <andrew.james.barr at gmail.com> wrote:
> On Monday 17 July 2006 17:00, John H. wrote:
> > sorry, certificates, that's the word they used.  would i need to do
> > anything for that?
>
> Well, for PEAP the usual setup is to validate the server certificate
to
> prevent rogue APs and password stealing and the like. You don't HAVE
to do
> it, and in the case of my university they don't provide a public key
> certificate so I can't (although I understand it might be possible to
capture
> it out of the authentication stream). You can ignore the certificate
(if it
> is just a server cert validation like I described above), or you can
provide
> a certificate public key file (see the documentation for acceptable
formats)
> to wpa_supplicant. There is an example configuration file distributed
with
> wpa_supplicant that should have the exact parameter name in it.
>
> --
> Andrew Barr | http://www.oakcourt.dyndns.org/~andrew/ | GPG:
0xAD9AE76A
> "Those who would trade liberty for security deserve neither." -- B.
Franklin
>
_______________________________________________
HostAP mailing list
HostAP at shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap




More information about the HostAP mailing list