On Fri, May 24, 2019 at 05:05:12PM +0200, Jan Ceuleers wrote: > I have been using wpa_psk_file functionality in hostapd for a long time, > and I have lots of devices configured with their own (MAC-specific) PSKs. > > I now have another AP that does not support such functionality directly > (it does not run hostapd), but it does support RADIUS. > > I was wondering whether it is possible, without reconfiguring any of the > STAs, to migrate these MAC/PSK pairs to a RADIUS server and have both my > hostapd-running and the non-hostapd-running APs use that RADIUS server > for authentication. I'd expect those stations to be currently configured to use WPA2-Personal (PSK). > (I see that the proprietary AP supports RADIUS in WPA2-Enterprise mode, > not in WPA2-PSK mode. What I don't know is whether this affects the > over-the-air protocol as well in case the STA's identifier is its MAC > address rather than some other piece of information which the STA needs > to transmit to the AP). While the other AP would be using WPA2-Enterprise (EAP). For this to work, the stations would need to be configured to allow WPA2-Enterprise to be used. While it may be possible to configure a station to connect to either of those APs once determining which EAP method is used here, I doubt any of the STAs would have been configured in such manner previously. In other words, it sounds very unlikely that this would work without reconfiguring every station. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
