Re: IEEE 802.1X support with Host AP driver


From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-09-06 15:07:52 UTC



On Sun, Sep 01, 2002 at 09:10:10PM +0300, Jouni Malinen wrote:

> I used only Xsupplicant (from www.open1x.org) in testing. So if anyone
> would be interested in testing hostapd with IEEE 802.1X and WinXP
> Supplicant, I would be interested in hearing whether this works. Even
> the minimal authentication server should provide useful information and
> it should be trivial to setup.

I have now implemented the needed EAPOL state machines for the .1X Authenticator in hostapd (few bugs were just fixed in CVS) and I did some testing with WinXP as the Supplicant and FreeRADIUS as the Authentication Server.

EAP/MD5-Challenge seems to work fine both with FreeRADIUS and the minimal test auth. server included in hostapd. I was able to configure the user identification and password for FreeRADIUS and use the same info on WinXP Supplicant to get the port authorized.

I'm not very familiar with WinXP certificate configuration and EAP/TLS seemed to miss something in the client side. I was able to add the trusted root certificate and a client certificate, but WinXP did not seem to find them when Supplicant needed certificates. Anyway, since the authenticator PAE and backend authentication state machines are now fully implemented, I would assume that also EAP/TLS would work with WinXP--assuming one were able to add suitable certificates for it.  

-- 
Jouni Malinen                                            PGP id EFC895FA


This archive was generated by hypermail 2.1.4.