Hostapd RADIUS server configuration

Mathy vanhoefm at gmail.com
Tue May 6 12:14:02 EDT 2014


What is your complete configuration file? Have you included the
following two lines?

wpa=3
wpa_key_mgmt=WPA-EAP

These enable WPA/RSN and configure the authentication mechanism.
Otherwise it might just be an open network.

On Tue, May 6, 2014 at 5:52 PM, Husam Ismail .. <mrhusam at hotmail.com> wrote:
> Here is what I have on hostapd.eap_user:
>
> # Phase 1 users
> "user" MD5 "password"
> "test user" MD5 "secret"
> "example user" TLS
> "DOMAIN\user" MSCHAPV2 "password"
> "gtc user" GTC "password"
> #"pax user" PAX "unknown"
> #"pax.user at example.com" PAX 0123456789abcdef0123456789abcdef
> #"psk user" PSK "unknown"
> #"psk.user at example.com" PSK 0123456789abcdef0123456789abcdef
> #"sake.user at example.com" SAKE
> 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
> "ttls" TTLS
> "not anonymous" PEAP
> # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes
> #"0"* AKA,TTLS,TLS,PEAP,SIM
> #"1"* SIM,TTLS,TLS,PEAP,AKA
> #"2"* AKA,TTLS,TLS,PEAP,SIM
> #"3"* SIM,TTLS,TLS,PEAP,AKA
> #"4"* AKA,TTLS,TLS,PEAP,SIM
> #"5"* SIM,TTLS,TLS,PEAP,AKA
>
> # Wildcard for all other identities
> #* PEAP,TTLS,TLS,SIM,AKA
> * PEAP,TTLS,TLS
>
> # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
> "t-md5" MD5 "password" [2]
> "DOMAIN\t-mschapv2" MSCHAPV2 "password" [2]
> "t-gtc" GTC "password" [2]
> "not anonymous" MSCHAPV2 "password" [2]
> "user" MD5,GTC,MSCHAPV2 "password" [2]
> "test user" MSCHAPV2 hash:000102030405060708090a0b0c0d0e0f [2]
> "ttls-user" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2 "password" [2]
>
> # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2
> #"0"* AKA [2]
> #"1"* SIM [2]
> #"2"* AKA [2]
> #"3"* SIM [2]
> #"4"* AKA [2]
> #"5"* SIM [2]
>
>
> Problem is, I can connect to the wireless network and access the server
> without the use of any password or certifications. What do I miss here?
>
>
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>


More information about the HostAP mailing list