testing EAP-FAST

Tilman Baumann tilman.baumann at grandeye.com
Fri May 31 11:00:17 EDT 2013

On 30/05/13 15:14, Tilman Baumann wrote:
> On 30/05/13 11:24, Tilman Baumann wrote:
>> On 13/05/13 20:01, Jouni Malinen wrote:
>>> On Mon, May 13, 2013 at 04:45:31PM +0100, Tilman Baumann wrote:
>>>> PS: I would like to test LEAP-FAST as well. Is freeradius with the
>>>> hostap eap lib the best way to go?
>>>> I did not really want to re-compile it, but I would if that's the way to
>>>> go. (using debian package right now)
>>> Assuming you are talking about EAP-FAST here, it would likely be easier
>>> to use hostapd as the RADIUS authentication server than trying to make
>>> FreeRADIUS use this through the eap2 module.
>> Sorry to pick your brain again. I'm getting stuck here - again. I should
>> really know more basics before I start working on things like that. *g*
>> So basically I like to try if EAP-FAST works with wpa_supplicant.
>> I'm trying to figure out which config options I will need to ask from
>> the user to cover all non certificate based authentication methods on
>> wired ethernet.
>> See my simple wpa_supplicant.conf below.
> Looks like I was reading the wrong examples. But I still don't get it.
> But I suppose anonymous_identity phase1 and pac_file are not irrelevant...

I simplified my hostapd.eap_user a bit

*                                       PEAP,TTLS,TLS
        "test"  [2]

FAST still does not work.

I'm using this client conf.

If I change eap from FAST to PEAP I can log in no worries. It is really
just FAST that buggs me.

I must still be missing something crucial.

If you like I can provide network captures or log files.

Tilman Baumann
Oncam Grandeye
6 Huxley Road, Surrey Research Park
Guildford, GU2 7RE, United Kingdom

More information about the HostAP mailing list