More questions on hs20/OSU keys and configuration.

Ben Greear greearb at candelatech.com
Thu Mar 26 10:38:25 EDT 2015



On 03/26/2015 06:16 AM, Jouni Malinen wrote:
> On Wed, Mar 25, 2015 at 04:34:00PM -0700, Ben Greear wrote:
>> But, it seems that supplicant is using anonymous@, and so the radius server
>> does not find the user in the eap_user.db file and supplicant cannot connect.
>
> Hotspot 2.0 mandates use of identity protection for EAP-TTLS, i.e., the
> unencrypted EAP-Identity/Response has to use anonymous@<realm> form
> while the real identity is used only within the encrypted tunnel. You
> will need to configure the authentication server to allow EAP-TTLS to be
> used with such an anonymous identity.

This is a problem with my hostapd-radius server, or the AP, config, or both?

If the radius server, is this some extra config I need to poke into the eap_user.db
similar to how sql-example.txt does?

Thanks,
Ben


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com


More information about the HostAP mailing list