WPA - AP Association Issue

Bryan Kadzban bryan at kadzban.is-a-geek.net
Wed Nov 7 07:19:53 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

prashant.nair at sify.com wrote:
> I am sending you email regarding the issue from another email ID.

Since I don't know the answer to everything here, I'm re-CC'ing the list...

> 1] Where would I get the information on the EAP methods and related
> numbers? [Not available in google and hostapd forum]

The way I found the number for EAP-TLS was to look in RFC 2716, section
4.1.  I found the number for EAP-TTLS by matching the number in one of
wpa_supplicant's messages ("allowed EAP methods") to your configuration,
so I'm not quite so sure about that one.  I don't see an obvious RFC for
it, either, so I can't tell for sure.

There's probably a usable mapping somewhere in wpa_supplicant's config
file parsing code, if you want to go looking for it.

> 2] Is it required that while "make" for the hostapd we need to set
> the CONFIG_RADIUS_SERVER=y in ".config" file?

If you want to use the integrated hostapd RADIUS server, it is required,
yes.  If you want to use a separate RADIUS server program, then I
suspect it's not required, but I could be wrong.

> 3] How would I change the EAP method within the AP / hostapd as of
> now for TTLS [Checked .config, CONF file and forum ... no answers yet
> on that]

I don't know.  I don't use hostapd, but I assume it's possible...

> 4] How easy is the installation and usage of FreeRADIUS

Installation depends on your distro.  For configuration, I had to modify
all of radiusd.conf (to ensure that only "preprocess" and "eap" were
turned on in the authorize section, that "preprocess" was configured
correctly, and that only "eap" was allowed in the "authenticate"
section), clients.conf (to add the client andd set the shared secret),
and eap.conf (to comment out all the EAP types except EAP-TLS -- you
will want to comment out everything but EAP-TTLS and some other method,
probably EAP-MD5, since the lower layer doesn't need to create a key).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHMa1oS5vET1Wea5wRA18MAJ9iOPvolEV5FKLrhj6nMy4D7hREJQCfbz2j
dQUapwtt/A1yrJifUE7iaGk=
=c11P
-----END PGP SIGNATURE-----



More information about the HostAP mailing list