Configuration of hostapd for: EAP-PEAP/TLS (outer PEAP and inner TLS configuration)
jkmaline at cc.hut.fi
Sat Feb 10 22:52:31 EST 2007
On Wed, Jan 17, 2007 at 09:26:56AM +0100, Heiss, Stefan wrote:
> I want to configure hostapd in such a way that it will do outer PEAP and inner TLS configuraiton.
hostapd does not support this.
> There is actually a example for using TTLS/TLS(outer TTLS and inner TLS authentication) which is:
> # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner authentication.
This is not for hostapd, but for wpa_supplicant..
> From this example, I would like to derive the PEAP/TLS configuration, and version one would be:
> # Phase1 / outer authentication
> #anonymous_identity=anonymous at example.com <mailto:> => anonymous identitiy is not required for PEAP therefore leave it out
> # Phase 2 / inner authentication
That should be auth=TLS for PEAP (only TTLS has two different types of
inner methods, auth=PAP/CHAP/MSCHAP/MSCHAPV2 and autheap=<eap method>;
that autheap for TTLS is similar to auth with PEAP).
> I wonder which version would do the configuration correct for PEAP/TLS.
The first one was closer. phase2 should be changed, but other than that,
it looked file.
Jouni Malinen PGP id EFC895FA
More information about the HostAP