how to use wpa_supplicant on wpa network with peap and credentialing

John H. mistamaila at gmail.com
Fri Jul 28 15:30:23 EDT 2006


no go, it won't work:(
attached is the debug information, and i replaced my school's ssid
with myssid and my username with myusername

here is what i had to do in windows to get it working
wpa
tkip

in authentication, change eap type to to peap and click on properties
uncheck validate server cert, change select auth method to secured
pass(eap-mschap v2) and check enable fast reconnect

click configure on select auth method, and uncheck automatically use
my windows logon name and password


i then connected, but i specified nothing for domain, only something
for user and password.



On 7/23/06, Ambedkar R <ambedkar_r at yahoo.com> wrote:
> Your configuration file is correct now.
>
>
> "John H." <mistamaila at gmail.com> wrote:
>
> so is this good?
>
>
> network={
> ssid="ssid"
> key_mgmt=WPA-EAP
> pairwise=TKIP
> group=TKIP
> scan_ssid=1
> eap=PEAP
> identity="user"
> password="pass"
> # ca_cert="/etc/cert/ca.pem"
> phase1="peaplabel=1"
> phase2="auth=MSCHAPV2"
> }
>
>
> On 7/22/06, Ambedkar R wrote:
> >
> > Your configuration file seems little wrong,you cant use it for connecting
> > supplicant with AP.One thing you should understand which is either you are
> > going to use WPA-Personal or WPA-Enterprise.If WPA-Personal comes there is
> > no requirement for username and password you should use only
> Passphrase(Here
> > supplicant authenticated by AP).If WPA-Enterprise comes you need to use
> > username,password and certificates(In this case supplicant autheticated by
> > RADIUS server,it may be mutual authetication or only client authetication)
> >
> > When you authenticating your supplicant with RADIUS,just you make small
> > change in your configuration file at 4 th line,it should
> > be:"key_mgmt=WPA-EAP".And also you should include phase 2 authetication.
> >
> > Regards
> >
> > Ambedkar.R
> >
> > "John H." wrote:
> >
> > hmm, i did as i thought i was told to do, but it caused an error in my
> > config file and not until i commented out the entry could i use
> > wpa_supplicant for other networks. here is what i had
> >
> > #network={
> > # ssid="schoolssid"
> > # proto=WPA
> > # key_mgmt=WPA-PSK
> > # pairwise=TKIP
> > # group=TKIP
> > # scan_ssid=1
> > # eap=PEAP
> > # identity="username"
> > # password="password"
> > #}
> >
> >
> > On 7/17/06, Andrew Barr wrote:
> > > On Monday 17 July 2006 17:00, John H. wrote:
> > > > sorry, certificates, that's the word they used. would i need to do
> > > > anything for that?
> > >
> > > Well, for PEAP the usual setup is to validate the server certificate to
> > > prevent rogue APs and password stealing and the like. You don't HAVE to
> do
> > > it, and in the case of my university they don't provide a public key
> > > certificate so I can't (although I understand it might be possible to
> > capture
> > > it out of the authentication stream). You can ignore the certificate (if
> > it
> > > is just a server cert validation like I described above), or you can
> > provide
> > > a certificate public key file (see the documentation for acceptable
> > formats)
> > > to wpa_supplicant. There is an example configuration file distributed
> with
> > > wpa_supplicant that should have the exact parameter name in it.
> > >
> > > --
> > > Andrew Barr | http://www.oakcourt.dyndns.org/~andrew/ |
> > GPG: 0xAD9AE76A
> > > "Those who would trade liberty for security deserve neither." -- B.
> > Franklin
> > >
> > _______________________________________________
> > HostAP mailing list
> > HostAP at shmoo.com
> > http://lists.shmoo.com/mailman/listinfo/hostap
> >
> >
> >
> >
> > ________________________________
> > Do you Yahoo!?
> > Next-gen email? Have it all with the all-new Yahoo! Mail Beta.
> >
> >
>
>
>
>
>  ________________________________
> How low will we go? Check out Yahoo! Messenger's low PC-to-Phone call rates.
>
>



More information about the HostAP mailing list