PEAPv1(EAP-GTC) config with Cisco ACS

Jouni Malinen j at w1.fi
Thu Mar 5 02:09:17 EST 2009


On Thu, Mar 05, 2009 at 09:49:59AM +1100, Ben Carbery wrote:

> I am trying to get wpa_supplicant going with this setup:
> 
> Linux Laptop (Thinkpad with iwl4965agn) -> Aruba AP -> Aruba Wireless
> Controller -> Cisco ACS RADIUS server (terminates EAP)
> 
> It's PEAPv1 as the passwords need to be in clear text, not MSCHAP.

>         # guessing about the following..
>         phase1="peap_outer_success=0 peaplabel=1"

That's incorrect; just remove the phase1 parameter and authentication
should work fine with ACS. Forcing peaplabel=1 will break key derivation
with most authentication servers, including ACS.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list