<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><span style="color: rgb(68, 68, 68); font-size: 15px; line-height: 21.299999237060547px; background-color: rgb(255, 255, 255);">Thanks for your response Mathy. What I am trying to utilize here is the </span><span style="line-height: 21.299999237060547px; color: rgb(68, 68, 68); font-size: 15px; background-color: rgb(255, 255, 255);">integrated RADIUS authentication server. </span><span style="color: rgb(68, 68, 68); font-size: 15px; line-height: 21.299999237060547px; background-color: rgb(255, 255, 255);">Here is my configuration file:</span><div style="line-height: 21.299999237060547px; color: rgb(68, 68, 68); font-size: 15px; background-color: rgb(255, 255, 255);"><br></div><div style="line-height: 21.299999237060547px; color: rgb(68, 68, 68); font-size: 15px; background-color: rgb(255, 255, 255);"><div>interface=wlan0</div><div>driver=nl80211</div><div>ssid=Test</div><div><br></div><div>ignore_broadcast_ssid=1</div><div><br></div><div>eap_server=1</div><div><br></div><div># Path for EAP server user database</div><div>eap_user_file=/etc/hostapd.eap_user</div><div><br></div><div># CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS</div><div>ca_cert=/etc/certificates/cacert.pem</div><div><br></div><div># Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS</div><div>server_cert=/etc/certificates/newcert.pem</div><div><br></div><div># private_key.</div><div>private_key=/etc/certificates/newkey.pem</div><div><br></div><div># Passphrase for private key</div><div>private_key_passwd=pass</div><div><br></div><div>own_ip_addr=127.0.0.1</div><div><br></div><div># RADIUS authentication server</div><div>auth_server_addr=127.0.0.1</div><div>auth_server_port=1812</div><div>auth_server_shared_secret=pass</div><div><br></div><div>radius_server_clients=/etc/hostapd.radius_clients</div><div>radius_server_auth_port=1812</div><div><br></div><div><br></div><div>You are right. Since I don't have these two lines it is behaving as an open network. So now after I added these lines:</div><div><span style="line-height: normal; color: rgb(0, 0, 0); font-size: 16px;"> wpa=3</span><br style="line-height: normal; color: rgb(0, 0, 0); font-size: 16px;"><span style="line-height: normal; color: rgb(0, 0, 0); font-size: 16px;"> wpa_key_mgmt=WPA-EAP</span></div><div><br></div><div>Since I don't get it yet (and I really appreciate your help), what is the next step? configure the client with the CA cert and the public key I think, is that right? any thoughts ?</div><div><br></div><div>Thanks</div></div><br><div>> From: vanhoefm@gmail.com<br>> Date: Tue, 6 May 2014 18:14:02 +0200<br>> Subject: Re: Hostapd RADIUS server configuration<br>> To: mrhusam@hotmail.com<br>> CC: hostap@lists.shmoo.com<br>> <br>> What is your complete configuration file? Have you included the<br>> following two lines?<br>> <br>> wpa=3<br>> wpa_key_mgmt=WPA-EAP<br>> <br>> These enable WPA/RSN and configure the authentication mechanism.<br>> Otherwise it might just be an open network.<br>> <br>> On Tue, May 6, 2014 at 5:52 PM, Husam Ismail .. <mrhusam@hotmail.com> wrote:<br>> > Here is what I have on hostapd.eap_user:<br>> ><br>> > # Phase 1 users<br>> > "user" MD5 "password"<br>> > "test user" MD5 "secret"<br>> > "example user" TLS<br>> > "DOMAIN\user" MSCHAPV2 "password"<br>> > "gtc user" GTC "password"<br>> > #"pax user" PAX "unknown"<br>> > #"pax.user@example.com" PAX 0123456789abcdef0123456789abcdef<br>> > #"psk user" PSK "unknown"<br>> > #"psk.user@example.com" PSK 0123456789abcdef0123456789abcdef<br>> > #"sake.user@example.com" SAKE<br>> > 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef<br>> > "ttls" TTLS<br>> > "not anonymous" PEAP<br>> > # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes<br>> > #"0"* AKA,TTLS,TLS,PEAP,SIM<br>> > #"1"* SIM,TTLS,TLS,PEAP,AKA<br>> > #"2"* AKA,TTLS,TLS,PEAP,SIM<br>> > #"3"* SIM,TTLS,TLS,PEAP,AKA<br>> > #"4"* AKA,TTLS,TLS,PEAP,SIM<br>> > #"5"* SIM,TTLS,TLS,PEAP,AKA<br>> ><br>> > # Wildcard for all other identities<br>> > #* PEAP,TTLS,TLS,SIM,AKA<br>> > * PEAP,TTLS,TLS<br>> ><br>> > # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users<br>> > "t-md5" MD5 "password" [2]<br>> > "DOMAIN\t-mschapv2" MSCHAPV2 "password" [2]<br>> > "t-gtc" GTC "password" [2]<br>> > "not anonymous" MSCHAPV2 "password" [2]<br>> > "user" MD5,GTC,MSCHAPV2 "password" [2]<br>> > "test user" MSCHAPV2 hash:000102030405060708090a0b0c0d0e0f [2]<br>> > "ttls-user" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2 "password" [2]<br>> ><br>> > # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2<br>> > #"0"* AKA [2]<br>> > #"1"* SIM [2]<br>> > #"2"* AKA [2]<br>> > #"3"* SIM [2]<br>> > #"4"* AKA [2]<br>> > #"5"* SIM [2]<br>> ><br>> ><br>> > Problem is, I can connect to the wireless network and access the server<br>> > without the use of any password or certifications. What do I miss here?<br>> ><br>> ><br>> > _______________________________________________<br>> > HostAP mailing list<br>> > HostAP@lists.shmoo.com<br>> > http://lists.shmoo.com/mailman/listinfo/hostap<br>> ><br></div> </div></body>
</html>