TTLS TLS configuration
Jouni Malinen
j at w1.fi
Tue Sep 23 13:23:46 EDT 2008
On Tue, Sep 23, 2008 at 05:36:43PM +0200, Fernando wrote:
> I want to perform an authentication using wpa_supplicant and freeradius
> with EAP-TTLS using in phase 2 EAP-TLS but I don't know how configure it
> in wpa_supplicant. I've wrote in the configuration file
> "phase2=auth=TLS" is it ok? and I don't know where the different
Close, but not quite.. EAP-TTLS uses phase2="autheap=TLS".
> configuration parameters of EAP-TLS must be placed, such as, client
> cert, client priv etc. Can you provide me with an example of
> configuration file?
network={
key_mgmt=WPA-EAP
eap=TTLS
anonymous_identity="anonymous"
identity="User"
ca_cert="ca.pem"
phase2="autheap=TLS"
ca_cert2="ca.pem"
client_cert2="user.pem"
private_key2="user.pem"
private_key2_passwd="whatever"
}
> I've written client cert, client priv... in the same configuration file
> and I've been testing it but when the second phase starts the client
> (wpa_supplicant) sends a NAK when TLS is requested.
You probably used client_cert and private_key while the Phase 2
parameters need to be configured separately with
client_cert2/private_key2 to allow a somewhat odd case of someone using
different client cert in phase 1 and 2 (ca_cert vs. ca_cert2 could be
considered a bit more realistic case for difference to occur).
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list