Hostapd and wpa_supplicant configuration

Jouni Malinen j at w1.fi
Sat Aug 16 08:22:43 EDT 2008


On Thu, Aug 14, 2008 at 11:22:00AM +0200, mohamed.chaari at orange-ftgroup.com wrote:

> I want to use hostapd and wpa_supplicant to sercure the access to a
> Network. I want to use WPA-EAP with EAP-PSK. I have installed hostapd in
> the Access Point and wa_supplicant in te client laptop. I used these
> configurations :

> * The file hostapd.conf :

> eap_server=1

> auth_server_addr=127.0.0.1
> auth_server_port=1812
> auth_server_shared_secret=secret

The configuration for an external RADIUS server is not actually needed
(or used) if the internal authentication server (eap_server=1) is used.
The internal server skips RADIUS processing completely.

However, you do need to configure the user accounts and password for the
internal server in order for the authentication to work. eap_user_file
option is used in hostapd.conf to point to the user data and the user
file defines valid user names and passwords. See the included
hostapd.eap_user for an example how to configure a user for EAP-PSK.


> * The file wpa_supplicant.conf of the :

> 	eap=psk

That needs to be in upper case (eap=PSK).

> 	identity="eap_psk_user"
> 	eap_psk=06b4be19da289f475aa46a33cb793029
> 	nai="eap_psk_user at example.com"

The current development branch (0.6.x) has cleaned up EAP-PSK
configuration to use same mechanism as other username/password(or PSK)
methods. In that version, the configuration would be as follows:

    anonymous_identity="psk user"
    identity="psk.user at example.com"
    password=0123456789abcdef0123456789abcdef

If you are using 0.5.x, the configuration you showed above is otherwise
correct, but 'eap_psk' should be spelled 'eappsk' here.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list