You have to keep in mind that WPA3-EAP only supports certificate based
authentication.
If your RADIUS setup uses username/password it will not work in WPA3-EAP
only mode, you need to keep WPA2-EAP support.
At any rate I don't think WPA2-EAP is insecure, I think it is still fine
for the most part with no real security vulnerabilities; unlike WPA2-PSK.
You just need to enable KRACK and KRACK-like mitigations on the AP end
if you aren't sure if the clients are updated.
On 5/17/23 19:55, Robert Senger wrote:
Hi all,
I am trying to set up APs with WPA3, but can't get it to work. WPA2
works fine on the same hardware and software since more that 10
years. This is my third try with WPA3 in the past 3 years...
This is my setup:
__access_points__
Debian 11 Bullseye
hostapd 2.9.0 (or 2.10 from backports)
Qualcomm Atheros AR922X Wireless Network Adapter
__client_machines__
Debian 11 Bullseye
wpasupplicant 2.9.0 (or 2.10 from backports)
NetworkManager 1.30.6 (or 1.42.4 from backports)
Intel Centrino Advanced-N 6205 Wireless Network Adapter
Neither SAE nor WPA-EAP-SUITE-B-192 work, that means, either connection
attempts fail (without useful logs), or the SSID is greyed out on the
client machine. I will post configuration and logs, but first of all,
if you take a look at the software versions and the hardware above, is
there a "no-go" somewhere?
Thanks,
Robert
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
