On Fri, Sep 13, 2019 at 05:05:01PM -0400, M. Ranganathan wrote: > I made some progress with trying to configure hostapd and > wpa_supplicant for EAP-TLS but now I have hit another roadblock. > Authentication fails with the error message above. > > I see from the wpa_supplicant debug log that the Identity request > comes in and wpa_supplicant sends the identity but it is rejected by > the hostapd server > > Here is my hostap config > > interface=ap1-wlan1 > driver=nl80211 > ssid=simplewifi > wds_sta=1 > hw_mode=g > channel=1 > ap_isolate=1 > eap_server=1 > ieee8021x=1 > wpa=2 > eap_message=howdy > eapol_version=2 > wpa_key_mgmt=WPA-EAP > logger_syslog=-1 > logger_syslog_level=0 > ca_cert=/home/mranga/openssl/ca.crt > server_cert=/home/mranga/openssl/server.crt > private_key=/home/mranga/openssl/server.key > ctrl_interface=/var/run/hostapd > ctrl_interface_group=0 That's missing eap_user_file, i.e., the EAP server is not configured with any acceptable user identities and as such, any authentication attempt will fail. Even for EAP-TLS, you'll need to configure a list of acceptable EAP user identities which could be as simple as a single wildcard entry: * TLS -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
