More questions on hs20/OSU keys and configuration.
Ben Greear
greearb at candelatech.com
Thu Mar 26 12:44:54 EDT 2015
On 03/26/2015 06:16 AM, Jouni Malinen wrote:
> On Wed, Mar 25, 2015 at 04:34:00PM -0700, Ben Greear wrote:
>> But, it seems that supplicant is using anonymous@, and so the radius server
>> does not find the user in the eap_user.db file and supplicant cannot connect.
>
> Hotspot 2.0 mandates use of identity protection for EAP-TTLS, i.e., the
> unencrypted EAP-Identity/Response has to use anonymous@<realm> form
> while the real identity is used only within the encrypted tunnel. You
> will need to configure the authentication server to allow EAP-TTLS to be
> used with such an anonymous identity.
>
At least part of my problem is that I did not have SQLITE support enabled.
Should we change this config to fail to load if user requests sqlite but
does not have support compiled in?
#ifdef EAP_SERVER
static int hostapd_config_read_eap_user(const char *fname,
struct hostapd_bss_config *conf)
{
FILE *f;
char buf[512], *pos, *start, *pos2;
int line = 0, ret = 0, num_methods;
struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL;
if (!fname)
return 0;
if (os_strncmp(fname, "sqlite:", 7) == 0) {
os_free(conf->eap_user_sqlite);
conf->eap_user_sqlite = os_strdup(fname + 7);
return 0;
}
Thanks,
ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the HostAP
mailing list