More questions on hs20/OSU keys and configuration.

Jouni Malinen j at w1.fi
Thu Mar 26 09:16:48 EDT 2015


On Wed, Mar 25, 2015 at 04:34:00PM -0700, Ben Greear wrote:
> But, it seems that supplicant is using anonymous@, and so the radius server
> does not find the user in the eap_user.db file and supplicant cannot connect.

Hotspot 2.0 mandates use of identity protection for EAP-TTLS, i.e., the
unencrypted EAP-Identity/Response has to use anonymous@<realm> form
while the real identity is used only within the encrypted tunnel. You
will need to configure the authentication server to allow EAP-TTLS to be
used with such an anonymous identity.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list