Sample configuration files for hostapd and wpa_supplicant to make them work on a wired connection

user warning: Can't create/write to file '/tmp/#sql_4d68_0.MYI' (Errcode: 30) query: SELECT t.* FROM inl_term_node r INNER JOIN inl_term_data t ON r.tid = t.tid INNER JOIN inl_vocabulary v ON t.vid = v.vid LEFT JOIN inl_term_data tac_td ON t.tid = tac_td.tid WHERE (t.tid IN (0, 1) OR tac_td.vid NOT IN (1)) AND ( r.nid = 523 ) ORDER BY v.weight, t.weight, t.name in /var/www/obonet/includes/database.mysql.inc on line 174.
Wed, 10/01/2008 - 14:28 by Damien Leroy

In order to add new EAP methods to the linux implementation of IEEE802.1X, I had to make the protocol work on a wire. Since I had some difficulties to succeed and to find sample examples for wired connection, I publish these sample configuration here. I hope it will help.

It is based on hostapd and wpa_supplicant 0.6.4. To compile them, go in the hostapd/wpa_supplicant directory, copy "defconfig" to ".config", for hostapd uncomment the line "CONFIG_DRIVER_WIRED=y" and "make".

Hostapd (the authenticator)

I only give the uncommented of the configuration file (hostapd.conf) (for the details, the sample config file is well documented) :

interface=tap # replace it with your interface name
driver=wired
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ieee8021x=1
eapol_key_index_workaround=0
eap_server=1
eap_user_file=hostapd.eap_user # replace with the right path
ca_cert=newcertca.crt # replace with your CA certificate path
server_cert=newcertca.crt # replace with your server certificate path (here I use the same as for the CA for simplicity
private_key=newkeyca.key # replace with your server private key path

A sample hostapd.eap_user that works is the following :
# Phase 1 users
* PEAP
# Phase 2
"test" MSCHAPV2 "password" [2]

To execute hostapd : "sudo ./hostapd hostapd.conf" (+ "-dd" for debug mode)

Wpa_supplicant (the supplicant, i.e., the client)

A sample wpa_supplicant configuration file: (wpa_supplicant.conf)

ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
fast_reauth=1
network={
ssid=""
scan_ssid=0
key_mgmt=IEEE8021X
eap=PEAP
phase2="auth=MSCHAPV2"
identity="test"
password="password"
ca_cert="newcertca.crt" # replace with your CA certificate path
}

To run wpa_supplicant : "./wpa_supplicant -ieth0 -c./wpa_supplicant.conf -Dwired" (add "-dd -K" for debugging, eth0 is the interface used in this case)