In order to add new EAP methods to the linux implementation of IEEE802.1X, I had to make the protocol work on a wire. Since I had some difficulties to succeed and to find sample examples for wired connection, I publish these sample configuration here. I hope it will help.

It is based on hostapd and wpa_supplicant 0.6.4. To compile them, go in the hostapd/wpa_supplicant directory, copy "defconfig" to ".config", for hostapd uncomment the line "CONFIG_DRIVER_WIRED=y" and "make".

Hostapd (the authenticator)

I only give the uncommented of the configuration file (hostapd.conf) (for the details, the sample config file is well documented) :

interface=tap # replace it with your interface name
driver=wired
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ieee8021x=1
eapol_key_index_workaround=0
eap_server=1
eap_user_file=hostapd.eap_user # replace with the right path
ca_cert=newcertca.crt # replace with your CA certificate path
server_cert=newcertca.crt # replace with your server certificate path (here I use the same as for the CA for simplicity
private_key=newkeyca.key # replace with your server private key path


A sample hostapd.eap_user that works is the following :
# Phase 1 users
* PEAP
# Phase 2
"test" MSCHAPV2 "password" [2]


To execute hostapd : "sudo ./hostapd hostapd.conf" (+ "-dd" for debug mode)

Wpa_supplicant (the supplicant, i.e., the client)

A sample wpa_supplicant configuration file: (wpa_supplicant.conf)

ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
fast_reauth=1
network={
ssid=""
scan_ssid=0
key_mgmt=IEEE8021X
eap=PEAP
phase2="auth=MSCHAPV2"
identity="test"
password="password"
ca_cert="newcertca.crt" # replace with your CA certificate path
}


To run wpa_supplicant : "./wpa_supplicant -ieth0 -c./wpa_supplicant.conf -Dwired" (add "-dd -K" for debugging, eth0 is the interface used in this case)