On Wed, Feb 17, 2016 at 03:13:03PM +0100, gunnaroeh@xxxxxxxxx wrote: > I got the impression, that to be able to connect to a 802.1X wired > network, which is not password protected (certificates only) I need > to use wpasupplicant. > The network admin stated that the following informations about the > network are correct: > > key_mgmt=IEEE8021X > eap=PEAP > anonymous_identity="some identity" > ca_cert="path to ca.cer" > phase2="auth=mschapv2" > Why would this use PEAP if you are using certificates instead of username/password? Wouldn't it be EAP-TLS which is used with private key and certificate? Or maybe this is PEAP with EAP-TLS in Phase 2? Without knowing what the authentication server expects, it is difficult to provide more guidance on how to configure wpa_supplicant for that. In any case, the configuration here is invalid, i.e., PEAP with MSCHAPv2 requires a user name and password. > sudo wpa_supplicant -c /etc/wpa_supplicant.conf -dd wired -i eth0 I'm surprised if that command line would actually be accepted.. The driver interface would need to be selected with -Dwired. > Initializing interface 'eth0' conf '/etc/wpa_supplicant.conf' driver > 'default' ctrl_interface 'N/A' bridge 'N/A' ... > nl80211: Supported cipher 00-0f-ac:4 And this seems to imply that the nl80211 (Wi-Fi) driver interface is used instead. You'll need to add -Dwired to the command line for the operations to work. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
