IEEE 802.1X support with Host AP driver

Jacques Caron Jacques.Caron at
Fri Oct 18 04:53:16 EDT 2002

Any card NDIS 5.1-compliant drivers will work with XP. You can recognize 
those by looking at the properties of the card in XP. If you have a 
"Wireless" tab, it's NDIS 5.1 and you'll get full support (including 
dynamic keying).

If you don't have that tab, then I suppose the authentication bit should 
still work (not sure, actually), but you won't get dynamic keying. As 
EAP-MD5 doesn't provide session keys anyway, it shouldn't be a problem.

Important thing: you have to activate "show connection icon in taskbar" or 
whatever it's called, otherwise you will never get the notifications that 
you have to enter username/password information. And XP is pretty dumb 
about it, it doesn't even have an option to save that information... :-(


At 05:41 AM 10/18/2002, Huei-Ping Chen wrote:
>I would also like to try out hostapd with winXP with MD5,
>the first thing come to my mind is that, do I need a
>cisco aironet 350 card ? some document seems to indicate
>that I need cisco aironet 350.
>I only have two linksys cards, one goes to hostAP, one
>goes to winXP, would linksys in winXP do 802.1x ?
>-- Ping
>On Fri, 6 Sep 2002, Jouni Malinen wrote:
> > On Sun, Sep 01, 2002 at 09:10:10PM +0300, Jouni Malinen wrote:
> >
> > > I used only Xsupplicant (from in testing. So if anyone
> > > would be interested in testing hostapd with IEEE 802.1X and WinXP
> > > Supplicant, I would be interested in hearing whether this works. Even
> > > the minimal authentication server should provide useful information and
> > > it should be trivial to setup.
> >
> > I have now implemented the needed EAPOL state machines for the .1X
> > Authenticator in hostapd (few bugs were just fixed in CVS) and I did
> > some testing with WinXP as the Supplicant and FreeRADIUS as the
> > Authentication Server.
> >
> > EAP/MD5-Challenge seems to work fine both with FreeRADIUS and the
> > minimal test auth. server included in hostapd. I was able to configure
> > the user identification and password for FreeRADIUS and use the same
> > info on WinXP Supplicant to get the port authorized.
> >
> > I'm not very familiar with WinXP certificate configuration and EAP/TLS
> > seemed to miss something in the client side. I was able to add the
> > trusted root certificate and a client certificate, but WinXP did not
> > seem to find them when Supplicant needed certificates. Anyway, since the
> > authenticator PAE and backend authentication state machines are now
> > fully implemented, I would assume that also EAP/TLS would work with
> > WinXP--assuming one were able to add suitable certificates for it.
> >
> > --
> > Jouni Malinen PGP id EFC895FA
> >
> >
>Do you Yahoo!?
>Faith Hill - Exclusive Performances, Videos & More
>HostAP mailing list
>HostAP at

-- Jacques Caron, IP Sector Technologies
    Join the discussion on public WLAN open global roaming:

More information about the HostAP mailing list