HostAPD RADIUS setup for EAP-FAST / PEAP-TLS and EAP-TTLS-TLS

Ferguson, Dana R Dana.Ferguson at flukenetworks.com
Thu Oct 20 10:18:24 EDT 2011


Hi,

This is what I have for this:

ca_cert=/etc/hostapd/Certificates/CA/pem/512ca.pem
server_cert=/etc/hostapd/Certificates/CA/pem/512ca.pem
private_key=/etc/hostapd/Certificates/CA/pfx/512ca.pfx

They are created with openssl and are go till 2031 I tested these on a FreeRADIUS box so they work.

Thank you,

Dana

From: 万青松 [mailto:wanqingsong_1983 at 126.com]
Sent: Thursday, October 20, 2011 2:35 AM
To: Ferguson, Dana R
Cc: Jouni Malinen; hostap at lists.shmoo.com
Subject: Re:RE: HostAPD RADIUS setup for EAP-FAST / PEAP-TLS and EAP-TTLS-TLS

Please show the error messge, that would be helpful.
Maybe:

in hostapd.conf:
ca_cert=/home/ssl/certs/ca.crt.pem
server_cert=/home/ssl/certs/server.crt.pem
private_key=/home/ssl/private/serverkey.pem

I use openssl to generate the *.pem files, if these files have something wrong when you start the hostapd it will report errors.


At 2011-10-20 09:35:33,"Ferguson, Dana R" <Dana.Ferguson at flukenetworks.com<mailto:Dana.Ferguson at flukenetworks.com>> wrote:

>Hi,

>

>I tried enabling the EAP-FAST in the hostapd.conf but the RADIUS server wouldn't start correctly.

>

>As for the EAP-PEAP-TLS and EAP/TTLS-TLS this is the only place I could find that might be where I enable it but every time I add it in it to gives me errors.

>

>Thank you,

>

>Dana

>

>-----Original Message-----

>From: hostap-bounces at lists.shmoo.com<mailto:hostap-bounces at lists.shmoo.com> [mailto:hostap-bounces at lists.shmoo.com]<mailto:[mailto:hostap-bounces at lists.shmoo.com]> On Behalf Of Jouni Malinen

>Sent: Wednesday, October 19, 2011 3:13 PM

>To: hostap at lists.shmoo.com<mailto:hostap at lists.shmoo.com>

>Subject: Re: HostAPD RADIUS setup for EAP-FAST / PEAP-TLS and EAP-TTLS-TLS

>

>On Wed, Oct 19, 2011 at 01:43:39PM -0700, Ferguson, Dana R wrote:

>> >From my hostapd.eap_user config.

>

>> # Wildcard for all other identities

>> *                                 PEAP,TTLS,TLS

>

>Are you enabling EAP-FAST somewhere else?

>

>> # Phase 2 (tunneled within EAP-PEAP or EAP-TTLS) users

>> "test"             PEAP,MD5,GTC,MSCHAPV2,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2           "test"  [2]

>

>This does not enable TLS in phase 2. Do you have that somewhere else to enable PEAP/TLS and EAP-TTLS/TLS?

>

>--

>Jouni Malinen                                            PGP id EFC895FA

>_______________________________________________

>HostAP mailing list

>HostAP at lists.shmoo.com<mailto:HostAP at lists.shmoo.com>

>http://lists.shmoo.com/mailman/listinfo/hostap

>

>

>_______________________________________________

>HostAP mailing list

>HostAP at lists.shmoo.com<mailto:HostAP at lists.shmoo.com>

>http://lists.shmoo.com/mailman/listinfo/hostap

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20111020/ab1d67ff/attachment-0001.htm 


More information about the HostAP mailing list