<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="-1"><font face="Arial">Thanks Jouni!<br>
<br>
</font></font>
<div class="moz-cite-prefix">On 15/01/2015 23:55, Jouni Malinen
wrote:<br>
</div>
<blockquote cite="mid:20150115225523.GB17835@w1.fi" type="cite">
<pre wrap="">On Thu, Jan 15, 2015 at 08:00:41PM +0100, Ben wrote:
</pre>
<blockquote type="cite">
<pre wrap="">[WPA2 - EAP-TLS with integrated Radius & EAP Server ON]
I am using hostapd for a long time and now I am testing multiple
options, everything is working expect three things :
-I am seeing that Authentication Algorithm needs to be open for
802.1x so it seems that I need to use auth_alg=0 but it is only
working with auth_alg=3.
Is someone can explain to me why ? I think 3 would be to accept both
(802.1x and Shared key), but I would like to force it to 802.1x
only..
</pre>
</blockquote>
<pre wrap="">
# Bit fields of allowed authentication algorithms:
# bit 0 = Open System Authentication
# bit 1 = Shared Key Authentication (requires WEP)
auth_algs=3
Please note that "bit 0" = 1 and "bit 1" = 2. In other words, you should
really use auth_algs=1 with WPA2-Enterprise. auth_algs=3 will work as
well, since you cannot really use Shared Key Authentication with WPA2.
</pre>
</blockquote>
<br>
It makes sense now! I read to quickly the comment and not realized
that it speaks about bit and not value!<br>
I put auth_algs=1<br>
<blockquote cite="mid:20150115225523.GB17835@w1.fi" type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">-i80211w : I am able to join my network through an Android but
impossible with an iPhone, anyone had been able to test it and make
it work?
</pre>
</blockquote>
<pre wrap="">
Which iOS version are you using?</pre>
</blockquote>
<br>
Latest : iOS 8.1.2<br>
<blockquote cite="mid:20150115225523.GB17835@w1.fi" type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">As soon as I required it (ieee8021w=2) I am get into an issue to
connect (log saying that I am authenticated but no more message
after this)
</pre>
</blockquote>
<pre wrap="">
Which wpa_key_mgmt value did you use with ieee80211w=2? WPA-EAP-SHA256
is the only option I'd expect to work here robustly.
</pre>
</blockquote>
Yes!<br>
I also tried WPA-EAP (without SHA256) and it is working on Android
device.<br>
As soon as I put WPA-EAP-SHA256 my network is considered as a normal
WPA2 network on my computer! <br>
This is the reason why I am suspecting something missing on my
hostapd to make it work properly?<br>
<blockquote cite="mid:20150115225523.GB17835@w1.fi" type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">-Someone can explain to me the role of Key Management Algorithms?
I am trying to change from WPA-EAP to WPA-EAP-SHA256 but as soon as
I do that my computer being confused and detects my wireless network
as a normal WPA2 network and not a 802.1x anymore...
Is there pre-requesite to make it work properly?
</pre>
</blockquote>
<pre wrap="">
What WLAN component and software do you use on your computer in this
case? There are number of deployed devices that have had issues with
either multiple AKMs or PMF getting enabled.
</pre>
</blockquote>
I have tried on MacOS - iPhone - Android.<br>
All with the default Wireless Network Management<br>
</body>
</html>