Enforce Security - 802.1x
benoitne at gmail.com
Fri Jan 16 09:50:29 EST 2015
Thanks for your response.
I am using 3 devices to test (MacOS computer - iPhone and android phone)
I did a packet capture and realized that when WPA-EAP-SHA256 is turned
on in my hostapd.conf the Probe Response Auth Key Management is WPA (1)
, this is probably the reason why my devices ask me a passphrase!
When I use WPA-EAP the Probe Response Auth Key Management is WSK (2)
On 16/01/2015 12:37, Andreas Hartmann wrote:
> Ben wrote:
>> I checked and I have libln 3.2
>> wpa_supplicant wasn't installed, I just installed it (v2.3) but same
>> issue :
>> as soon as I changed from WPA-EAP to WPA-EAP-SHA256 my computer doesn't
>> see the AP as a 802.11x but a normal pre-shared WPA2 AP!
> Don't know, which SW (probably networkmanager? or wicd? or?) exactly
> this shows.
> As you didn't had wpa_supplicant before, it can't change anything if you
> just install it.
> You have to check all the things lowlevel as root with
> iw dev wlan0 (or whatever your device is called) scan
> What does it display? It should show something like I already sent to you.
> Or with
> iwlist wlan0 (or whatever your device name is) scanning
> What does it show exactly?
>> On 15/01/2015 21:36, Andreas Hartmann wrote:
>>> Ben wrote:
>>>> [WPA2 - EAP-TLS with integrated Radius & EAP Server ON]
>>>> I am using hostapd for a long time and now I am testing multiple
>>>> options, everything is working expect three things :
>>>> -I am seeing that Authentication Algorithm needs to be open for 802.1x
>>>> so it seems that I need to use auth_alg=0 but it is only working with
>>> For me, auth_algs=1 works pretty fine here.
>>> RSN: * Version: 1
>>> * Group cipher: CCMP
>>> * Pairwise ciphers: CCMP
>>> * Authentication suites: IEEE 802.1X IEEE
>>> * Capabilities: 16-PTKSA-RC MFP-capable (0x008c)
>>> * 0 PMKIDs
>>> * Group mgmt cipher suite: AES-128-CMAC
>>>> Is someone can explain to me why ? I think 3 would be to accept both
>>>> (802.1x and Shared key), but I would like to force it to 802.1x only..
>>>> -i80211w : I am able to join my network through an Android but
>>>> impossible with an iPhone, anyone had been able to test it and make it
>>>> As soon as I required it (ieee8021w=2) I am get into an issue to connect
>>>> (log saying that I am authenticated but no more message after this)
>>>> -Someone can explain to me the role of Key Management Algorithms?
>>>> I am trying to change from WPA-EAP to WPA-EAP-SHA256 but as soon as I do
>>>> that my computer being confused and detects my wireless network as a
>>>> normal WPA2 network and not a 802.1x anymore...
>>>> Is there pre-requesite to make it work properly?
>>> If it's a Linux STA: you need wpa_supplicant 2.3 and libnl 3.2. Libnl 1
>>> and wpa_supplicant 2.0 is broken (here too).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the HostAP