Re: EAP-FAST support and hidden SSIDs

From: "Mark Krischer" <mkrisch gmail com>
To: "Robert Love" <rml novell com>
Cc: networkmanager-list gnome org
Subject: Re: EAP-FAST support and hidden SSIDs
Date: Sat, 18 Mar 2006 19:06:42 +1100

Robert--

Thanks for the quick response.

On 3/18/06, Robert Love <rml novell com> wrote:
> On Fri, 2006-03-17 at 13:38 +1100, Mark Krischer wrote:
>
> > is there any plan to add EAP-FAST support to NetworkManager?  i have
> > it working with wpa_supplicant, but NetworkManager doesn't seem to
> > support the complete range that wpa_supplicant does.
>
> Well, I thought I added everything, but the myriad EAP options is hard
> to grok.

EAP-FAST doesn't seem to be supported in the binary packages (I'm
currently running Ubuntu Dapper) because you need to patch openssl to
get it working.  But then, Dapper isn't supporting the newer
NetworkManager because of all the additional related packages anyway. 
But it looks like things are on track to have real enterprise level
WPA support built in to the Linux desktop by the end of the year....

> If you send us your wpa_supplicant config for EAP-FAST, we can look at
> adding it.

Here's an example EAP-FAST conf:

# EAP-FAST with WPA (WPA or WPA2)
network={
        ssid="eap-fast-ssid"
        key_mgmt=WPA-EAP
        eap=FAST
# you may as well automatically generate the anonymous_identity
# field.  i don't believe it needs to be explicitly set... of course, as soon
# as you do that we'll find someone has an implementation which says
# otherwise--but looking at how IBM's Access Connections tool works,
# they don't seem to allow you to explicitly set it, so it should be safe.
        anonymous_identity="FAST-000102030405"
        identity="username"
        password="password"
# i believe this one depends on how people get the PAC allocated.  it
# may be safe to fix this one.  as long as it's possible to override through
# gconf or something.
        phase1="fast_provisioning=1"
# you can use a named blob to store the pac file as well, but again, this
# should be a good default, and allow for gconf override.
        pac_file="/etc/wpa_supplicant.eap-fast-pac"
}

> > also, just a thought on hidden SSIDs.  if the user configures
> > NetworkManager with some SSIDs they are looking for, NetworkManager
> > could/should probe explicitly for those as part of it's scanning
> > process.
>
> Actually, we do.  When you scan, the hidden ESSID's show up -- just not
> with a name attached.  NM will map the MAC address from the scan to the
> name, if you have successfully connected in the past.

Ah, i guess i didn't get to see it since i hadn't gotten past the
EAP-FAST side....

> This requires that your card & driver return hidden ESSID's in a scan,
> however.  Most do.  Prism does not.  Orinoco may not?

I've got the intel abg chip in my thinkpad.  Once there's EAP-FAST
support, I'll rebuild from cvs and test it out and let you know.

Thanks again.

--mk


>
>         Robert Love
>
>
>



--
"Reminds me of my safari in Africa.
Somebody forgot the corkscrew and for several days we had to live on
nothing but food and water."
— W.C. Fields

References:
- EAP-FAST support and hidden SSIDs
  - From: Mark Krischer
- Re: EAP-FAST support and hidden SSIDs
  - From: Robert Love

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]