<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="-1"><font face="Arial">Thanks for your response.<br>
I am using 3 devices to test (MacOS computer - iPhone and
android phone)<br>
I did a packet capture and realized that when WPA-EAP-SHA256 is
turned on in my hostapd.conf the Probe Response Auth Key
Management is WPA (1) , this is probably the reason why my
devices ask me a passphrase!<br>
When I use WPA-EAP the Probe Response Auth Key Management is WSK
(2) <br>
<br>
</font></font>
<div class="moz-cite-prefix">On 16/01/2015 12:37, Andreas Hartmann
wrote:<br>
</div>
<blockquote cite="mid:54B8F7FF.7080102@maya.org" type="cite">
<pre wrap="">Ben wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I checked and I have libln 3.2
wpa_supplicant wasn't installed, I just installed it (v2.3) but same
issue :
as soon as I changed from WPA-EAP to WPA-EAP-SHA256 my computer doesn't
see the AP as a 802.11x but a normal pre-shared WPA2 AP!
</pre>
</blockquote>
<pre wrap="">
Don't know, which SW (probably networkmanager? or wicd? or?) exactly
this shows.
As you didn't had wpa_supplicant before, it can't change anything if you
just install it.
You have to check all the things lowlevel as root with
iw dev wlan0 (or whatever your device is called) scan
What does it display? It should show something like I already sent to you.
Or with
iwlist wlan0 (or whatever your device name is) scanning
What does it show exactly?
Regards,
Andreas
</pre>
<blockquote type="cite">
<pre wrap="">On 15/01/2015 21:36, Andreas Hartmann wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Ben wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
[WPA2 - EAP-TLS with integrated Radius & EAP Server ON]
I am using hostapd for a long time and now I am testing multiple
options, everything is working expect three things :
-I am seeing that Authentication Algorithm needs to be open for 802.1x
so it seems that I need to use auth_alg=0 but it is only working with
auth_alg=3.
</pre>
</blockquote>
<pre wrap="">For me, auth_algs=1 works pretty fine here.
RSN: * Version: 1
* Group cipher: CCMP
* Pairwise ciphers: CCMP
* Authentication suites: IEEE 802.1X IEEE
802.1X/SHA-256
* Capabilities: 16-PTKSA-RC MFP-capable (0x008c)
* 0 PMKIDs
* Group mgmt cipher suite: AES-128-CMAC
</pre>
<blockquote type="cite">
<pre wrap="">Is someone can explain to me why ? I think 3 would be to accept both
(802.1x and Shared key), but I would like to force it to 802.1x only..
-i80211w : I am able to join my network through an Android but
impossible with an iPhone, anyone had been able to test it and make it
work?
As soon as I required it (ieee8021w=2) I am get into an issue to connect
(log saying that I am authenticated but no more message after this)
-Someone can explain to me the role of Key Management Algorithms?
I am trying to change from WPA-EAP to WPA-EAP-SHA256 but as soon as I do
that my computer being confused and detects my wireless network as a
normal WPA2 network and not a 802.1x anymore...
Is there pre-requesite to make it work properly?
</pre>
</blockquote>
<pre wrap="">If it's a Linux STA: you need wpa_supplicant 2.3 and libnl 3.2. Libnl 1
and wpa_supplicant 2.0 is broken (here too).
Regards,
Andreas
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<br>
</body>
</html>