konikofi at candelatech.com
Tue Aug 11 17:53:19 EDT 2015
Thought I had anonymous at mytest.com covered with hostapd.eap_user entry:
and it is now working...thanks!
On 08/11/2015 02:21 PM, Jouni Malinen wrote:
> On Tue, Aug 11, 2015 at 02:04:13PM -0700, Isaac Konikoff wrote:
>> Here is my hostapd log showing a failure when HS2.0 in enabled and a
>> success when HS2.0 is disabled. EAP-TTLS used in both cases,
>> wpa_supplicant configs also included below.
>> Is the failure due to an incorrect EAP method or TLS tunnel fail in phase 1?
>> 1439324295.015930: EAP-Identity: Peer identity - hexdump_ascii(len=20):
>> 61 6e 6f 6e 79 6d 6f 75 73 40 6d 79 74 65 73 74 anonymous at mytest
>> 2e 63 6f 6d .com
>> 1439324295.015947: RADIUS SRV: [0x2c 127.0.0.1] EAP:
>> EAP-Response/Identity 'anonymous at mytest.com'
>> 1439324295.015952: EAP: EAP entering state SELECT_ACTION
>> 1439324295.015957: EAP: getDecision: no more methods available -> FAILURE
> The station has been configured to use anonymous at mytest.com as the outer
> identity while the authentication server has no user enabled to match
> that. Usually the easiest way of enabling EAP-TTLS is to add a wildcard
> hostapd.eap_user entry like this:
> * TTLS
> For more restricted testing cases, you could also add an explicit rule
> for that exact "anonymous at mytest.com" string if for some reason you do
> not want to enable wildcard matching to enable EAP-TTLS.
More information about the HostAP