More questions on hs20/OSU keys and configuration.

Ben Greear greearb at candelatech.com
Thu Mar 26 13:47:04 EDT 2015


Well, I got it working!

Now, off to document, clean up patches, and so forth....

Thanks!
Ben


On 03/26/2015 09:44 AM, Ben Greear wrote:
> On 03/26/2015 06:16 AM, Jouni Malinen wrote:
>> On Wed, Mar 25, 2015 at 04:34:00PM -0700, Ben Greear wrote:
>>> But, it seems that supplicant is using anonymous@, and so the radius server
>>> does not find the user in the eap_user.db file and supplicant cannot connect.
>>
>> Hotspot 2.0 mandates use of identity protection for EAP-TTLS, i.e., the
>> unencrypted EAP-Identity/Response has to use anonymous@<realm> form
>> while the real identity is used only within the encrypted tunnel. You
>> will need to configure the authentication server to allow EAP-TTLS to be
>> used with such an anonymous identity.
>>
> 
> At least part of my problem is that I did not have SQLITE support enabled.
> 
> Should we change this config to fail to load if user requests sqlite but
> does not have support compiled in?
> 
> #ifdef EAP_SERVER
> static int hostapd_config_read_eap_user(const char *fname,
> 					struct hostapd_bss_config *conf)
> {
> 	FILE *f;
> 	char buf[512], *pos, *start, *pos2;
> 	int line = 0, ret = 0, num_methods;
> 	struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL;
> 
> 	if (!fname)
> 		return 0;
> 
> 	if (os_strncmp(fname, "sqlite:", 7) == 0) {
> 		os_free(conf->eap_user_sqlite);
> 		conf->eap_user_sqlite = os_strdup(fname + 7);
> 		return 0;
> 	}
> 
> 
> Thanks,
> ben
> 


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com



More information about the HostAP mailing list