From owner-freebsd-net@FreeBSD.ORG Fri Jun 19 10:55:34 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 870BC106566C for ; Fri, 19 Jun 2009 10:55:34 +0000 (UTC) (envelope-from vladimirt@PartyGaming.com) Received: from mx1.corp.idatanet.com (mx1.corp.idatanet.com [85.115.136.170]) by mx1.freebsd.org (Postfix) with ESMTP id 065178FC16 for ; Fri, 19 Jun 2009 10:55:33 +0000 (UTC) (envelope-from vladimirt@PartyGaming.com) Received: from gibsvwin008.partygaming.local ([10.3.10.32]) by mx1.corp.idatanet.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 19 Jun 2009 12:55:25 +0200 Received: from GIBSVWIN004X.partygaming.local ([10.3.10.228]) by gibsvwin008.partygaming.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 19 Jun 2009 12:55:28 +0200 Received: from SOFSVWIN004X.partygaming.local ([10.4.10.228]) by GIBSVWIN004X.partygaming.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 19 Jun 2009 12:55:28 +0200 Received: from 10.4.71.11 ([10.4.71.11]) by SOFSVWIN004X.partygaming.local ([10.4.10.230]) via Exchange Front-End Server corp.mail.partygaming.com ([10.3.10.32]) with Microsoft Exchange Server HTTP-DAV ; Fri, 19 Jun 2009 10:55:27 +0000 Received: from daemon2.partygaming.local by corp.mail.partygaming.com; 19 Jun 2009 13:55:26 +0300 From: Vladimir Terziev To: Sam Leffler In-Reply-To: <4A3A7B04.2020906@freebsd.org> References: <4A3A7B04.2020906@freebsd.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit Organization: GB Servicves Ltd. Date: Fri, 19 Jun 2009 13:55:26 +0300 Message-Id: <1245408926.31855.26.camel@daemon2.partygaming.local> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 FreeBSD GNOME Team Port X-OriginalArrivalTime: 19 Jun 2009 10:55:28.0123 (UTC) FILETIME=[74DA54B0:01C9F0CC] Cc: freebsd-net@freebsd.org, "Paul B. Mahol" Subject: Re: hostapd with 802.1X EAP-TLS/TTLS support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2009 10:55:34 -0000 Thanks Sam, What should i put for HOSTAPD_CFLAGS, HOSTAPD_DPADD, HOSTAPD_LDADD or WPA_SUPPLICANT_* (not sure which ones i should use) in order to get hostapd rebuilt with the functionality i want ? Regards, Vladimir On Thu, 2009-06-18 at 20:36 +0300, Sam Leffler wrote: > EAP/TLS and TTLS should be configured by default in HEAD. Not sure > what > is done in RELENG_7. Regardless you can trivially rebuild hostapd w/ > the functionality you want by definitions to your src.conf: > > HOSTAPD_CFLAGS > HOSTAPD_DPADD > HOSTAPD_LDADD > > (looks like you use WPA_SUPPLICANT_* knobs in RELENG_7, check > usr.sbin/wpa/hostapd/Makefile). > > As to what should be enabled by default, I can only say that I tried > to > choose the most common setup as the default. Choosing this > configuration also balances between bloat and inclusion of code that > might not be as well audited and/or tested as other code. Hence the > default setup used to be WPA-PSK only but has since grown to include > various EAP flavors. My assumption was that anyone building a system > using these tools would want to go through and choose what they wanted > anyway so enabling everything was a bad idea. > > Sam > > > Vladimir Terziev wrote: > > Hi Paul, > > > > is there some special reason behind this? Why the server is made > part of > > the main distribution with stripped functionality ? > > > > Also, how can i enable it ? > > > > Thanks, > > > > Vladimir > > > > > > On Thu, 2009-06-18 at 13:55 +0300, Paul B. Mahol wrote: > > > >> On 6/18/09, Vladimir Terziev wrote: > >> > >>> Hi, > >>> > >>> i try to setup wireless access point at home, based on FreeBSD > >>> 7.2R-i386, ral(4) wireless card and hostpad(8). > >>> > >>> I want my wireless AP to support 802.1x EAP-TLS/TTLS > authentication. > >>> > >> I > >> > >>> issued a custom SSL certificate for the hostapd(8) and put the > >>> > >> following > >> > >>> directives in hostapd.conf: > >>> > >>> eap_server=0 > >>> ca_cert=/usr/local/etc/myCA.crt.pem > >>> server_cert=/usr/local/etc/hostapd.server.crt.pem > >>> private_key=/usr/local/etc/hostapd.server.key.pem > >>> private_key_passwd=some_pass > >>> > >>> When i tried to start the hostapd(8) i got the following errors: > >>> > >>> Line 15: unknown configuration item 'eap_server' > >>> Line 16: unknown configuration item 'ca_cert' > >>> Line 17: unknown configuration item 'server_cert' > >>> Line 18: unknown configuration item 'private_key' > >>> Line 19: unknown configuration item 'private_key_passwd' > >>> > >>> Does the stock FreeBSD's hostapd(8) support 802.1X EAP-TLS/TTLS at > >>> > >> all > >> > >>> and if "not" why ? > >>> > >> 802.1X EAP-TLS/TTLS is not enabled by default on FreeBSD's > hostapd(8). > >> > >> -- > >> Paul > >> > >> > >> > > > > This email and any attachments are confidential, and may be legally > privileged and protected by copyright. If you are not the intended > recipient dissemination or copying of this email is prohibited. If you > have received this in error, please notify the sender by replying by > email and then delete the email completely from your system. > > > > Any views or opinions are solely those of the sender. This > communication is not intended to form a binding contract unless > expressly indicated to the contrary and properly authorised. Any > actions taken on the basis of this email are at the recipient's own > risk. > > > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > > > > > > > > >