how to use wpa_supplicant on wpa network with peap andcredentialing

John H. mistamaila at gmail.com
Wed Jul 19 02:30:59 EDT 2006


so i DO need a certificate?  once i get it working in xp, should the
file be local in XP and i can get it from there?

On 7/18/06, Maureen Lai <maureenlai at allion.com> wrote:
> How about try this configure in wpa_supplicant.conf in wpa_supplicant
> tar ball.
>
> # EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new
> peaplabel
>
> network={
>         ssid="schoolssid"
>         key_mgmt=WPA-EAP
>         eap=PEAP
>         identity="username"
>         password="password"
>         ca_cert="/etc/cert/ca.pem"
>         phase1="peaplabel=1"
>         phase2="auth=MSCHAPV2"
> }
>
> I think you might need to get a certificate file (ca.pem) from your
> radius server first.
>
> -----Original Message-----
> From: hostap-bounces+maureenlai=allion.com at shmoo.com
> [mailto:hostap-bounces+maureenlai=allion.com at shmoo.com] On Behalf Of
> John H.
> Sent: Wednesday, July 19, 2006 10:28 AM
> To: Andrew Barr
> Cc: hostap at shmoo.com
> Subject: Re: how to use wpa_supplicant on wpa network with peap
> andcredentialing
>
> hmm, i did as i thought i was told to do, but it caused an error in my
> config file and not until i commented out the entry could i use
> wpa_supplicant for other networks. here is what i had
>
> #network={
> #        ssid="schoolssid"
> #        proto=WPA
> #        key_mgmt=WPA-PSK
> #        pairwise=TKIP
> #        group=TKIP
> #        scan_ssid=1
> #        eap=PEAP
> #       identity="username"
> #       password="password"
> #}
>
>
> On 7/17/06, Andrew Barr <andrew.james.barr at gmail.com> wrote:
> > On Monday 17 July 2006 17:00, John H. wrote:
> > > sorry, certificates, that's the word they used.  would i need to do
> > > anything for that?
> >
> > Well, for PEAP the usual setup is to validate the server certificate
> to
> > prevent rogue APs and password stealing and the like. You don't HAVE
> to do
> > it, and in the case of my university they don't provide a public key
> > certificate so I can't (although I understand it might be possible to
> capture
> > it out of the authentication stream). You can ignore the certificate
> (if it
> > is just a server cert validation like I described above), or you can
> provide
> > a certificate public key file (see the documentation for acceptable
> formats)
> > to wpa_supplicant. There is an example configuration file distributed
> with
> > wpa_supplicant that should have the exact parameter name in it.
> >
> > --
> > Andrew Barr | http://www.oakcourt.dyndns.org/~andrew/ | GPG:
> 0xAD9AE76A
> > "Those who would trade liberty for security deserve neither." -- B.
> Franklin
> >
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
>



More information about the HostAP mailing list