On Fri, 2010-04-23 at 09:34 -0700, Don Weeks wrote: > I just got to this but for our use, we need to send over a > certificate, username and password for authentication with AAA before >From the device side, to the best of my knowledge, there is no way to alter the device certificate. It's burnt into it, precisely to avoid "misrepresentation" and theft of service. > we get an IP address. In order to make this more clear, each of our > radios represents a different ISP and as such, generates a different > certificate. I need to be able to create an operator with a Unique ID > and send over a operator specific certificate plus username and > password. Is the password in the XML clear text or is it an encrypted > version of the password? Esentially, to login, I need to send > user at realm, password and certificate before I get an IP. It sounds like TTLS to me or some other kind. As I said, in this release only TLS was tested and known to work. TTLS code is there, but I'd be surprised if it worked. Other EAP methods probabnly won't work. Can your test setup be altered? > Don > > On Fri, Apr 16, 2010 at 12:01 PM, Inaky Perez-Gonzalez > <inaky.perez-gonzalez at intel.com> wrote: > On Fri, 2010-04-16 at 04:23 -0700, Don Weeks wrote: > > Yes, an example of TTLS would help. That is where I am stuck > right > > now. I did check and I can see Clear's network using the > driver but > > ours does not show up. > > > So this is what I got from the team; remember this is just the > EAP > section. If you are not seeing your network it means that the > channel > plan and NAP ID are probably not specified correctly and you > still > haven't even gotten to the EAP part. EAP is only used once you > plug to a > NAP/NSP. > > ---- example ---- > > I am not an expert in this.. however, following is the working > version > for UQ with TTLS. The only differences are the realm names. > > Even if there are a lot of fields, it is not being used. > > > > <EAP> > > <x1> > > <METHOD_TYPE>EAP_TTLS</METHOD_TYPE> > > <VENDOR_ID></VENDOR_ID> > > <VENDOR_TYPE></VENDOR_TYPE> > > <USER_IDENTITY></USER_IDENTITY> > > > <PROVISIONED_PSEUDO_IDENTITY></PROVISIONED_PSEUDO_IDENTITY> > > <PASSWORD></PASSWORD> > > <REALM>uqwimax.jp</REALM> > > <USE_PRIVACY>False</USE_PRIVACY> > > <ENCAPS></ENCAPS> > > <VFY_SERVER_REALM>False</VFY_SERVER_REALM> > > <SERVER_REALMS> > > <x0> > > <SERVER_REALM>uqwimax.jp</SERVER_REALM> > > </x0> > > </SERVER_REALMS> > > <CERT> > > <x0> > > <CERT_TYPE>DEVICE</CERT_TYPE> > > </x0> > > <x1> > > <CERT_TYPE>CA</CERT_TYPE> > > </x1> > > </CERT> > > </x1> > > <x2> > > <METHOD_TYPE></METHOD_TYPE> > > <VENDOR_ID>24757</VENDOR_ID> > > <VENDOR_TYPE>1</VENDOR_TYPE> > > <USER_IDENTITY></USER_IDENTITY> > > > <PROVISIONED_PSEUDO_IDENTITY></PROVISIONED_PSEUDO_IDENTITY> > > <PASSWORD></PASSWORD> > > <REALM></REALM> > > <USE_PRIVACY>False</USE_PRIVACY> > > <ENCAPS>1</ENCAPS> > > <VFY_SERVER_REALM>False</VFY_SERVER_REALM> > > <SERVER_REALMS></SERVER_REALMS> > > <CERT></CERT> > > </x2> > > </EAP> > > > > > > > > Don > > > > On Thu, Apr 15, 2010 at 12:54 PM, Inaky Perez-Gonzalez > > <inaky at linux.intel.com> wrote: > > On Wed, 2010-04-07 at 10:00 -0400, Don Weeks wrote: > > > Thanks Inaky, > > > > > > I have been gathering the details but we use > certificates > > and TTLS > > > sercurity which they don't so I don't have an > example of > > doing those. > > > I do have all these details for our base stations > but just > > missing > > > some of the finer points. I know this is an OMA > XML file but > > OMA > > > breaks their stuff down into tiny sections. Any > idea which > > one is the > > > security parameters one or does someone have an > example of > > EAP_TTLS to > > > go by? Also, the NDS files go > in /usr/local/share/wimax and > > then > > > > > > I'll ask around for an example that you can use > > > > > restart wimaxd to pick them up? And is the file > name > > important as > > > there are 2 NDS files in the directory. > > > > > > You need to modify the file with wimaxd stopped, or > it will > > overwrite > > the changes. The file name should be > > NDnSAgentConfig_forDriver.xml. > > > > > > > > > > > > >