testing EAP-FAST

Tilman Baumann tilman.baumann at grandeye.com
Fri May 31 11:00:17 EDT 2013


On 30/05/13 15:14, Tilman Baumann wrote:
> On 30/05/13 11:24, Tilman Baumann wrote:
>> On 13/05/13 20:01, Jouni Malinen wrote:
>>> On Mon, May 13, 2013 at 04:45:31PM +0100, Tilman Baumann wrote:
>>
>>>> PS: I would like to test LEAP-FAST as well. Is freeradius with the
>>>> hostap eap lib the best way to go?
>>>> I did not really want to re-compile it, but I would if that's the way to
>>>> go. (using debian package right now)
>>>
>>> Assuming you are talking about EAP-FAST here, it would likely be easier
>>> to use hostapd as the RADIUS authentication server than trying to make
>>> FreeRADIUS use this through the eap2 module.
>>
>>
>> Sorry to pick your brain again. I'm getting stuck here - again. I should
>> really know more basics before I start working on things like that. *g*
>>
>> So basically I like to try if EAP-FAST works with wpa_supplicant.
>>
>> I'm trying to figure out which config options I will need to ask from
>> the user to cover all non certificate based authentication methods on
>> wired ethernet.
>> See my simple wpa_supplicant.conf below.
> 
> Looks like I was reading the wrong examples. But I still don't get it.
> But I suppose anonymous_identity phase1 and pac_file are not irrelevant...


I simplified my hostapd.eap_user a bit

*                                       PEAP,TTLS,TLS
"test"
PEAP,MD5,GTC,MSCHAPV2,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2
        "test"  [2]


FAST still does not work.

I'm using this client conf.
network={
        key_mgmt=IEEE8021X
        eap=FAST
        identity="test"
        password="test"
        anonymous_identity="test"
        phase1="fast_provisioning=3"
        pac_file="/var/run/wpa_supplicant.pacfile"
}

If I change eap from FAST to PEAP I can log in no worries. It is really
just FAST that buggs me.


I must still be missing something crucial.

If you like I can provide network captures or log files.

-- 
Tilman Baumann
Oncam Grandeye
6 Huxley Road, Surrey Research Park
Guildford, GU2 7RE, United Kingdom


More information about the HostAP mailing list