EAP-FAST

Maja Wolniewicz mgw at umk.pl
Tue Jan 19 22:24:52 CET 2010 

W dniu 19.01.2010 15:06, Alan DeKok pisze:
> Stefan Winter wrote:
>> every now and then there's a mild interest on this list about enabling
>> EAP-FAST. In our eduroam R&D group, we are currently looking into
>> EAP-FAST, which naturally includes FreeRADIUS support. Is it worthwhile
>> posting our results here, for others "play with it" as well? Or has
>> everybody already run away from the somwhat complicated installation of
>> EAP-FAST support in FreeRADIUS [we certainly had our difficulties...]
> 
>   Currently FreeRADIUS supports EAP-FAST only by using the hostap EAP
> library.  It's a bit of a hack to implement...
> 
>   I have some possible EAP-FAST code for a very old version of
> FreeRADIUS (1.1.4).  If someone is willing to play with it, it could be
> made to work with the latest version.
> 
>   My main concerns with the code is that it's pretty bad...
Following Stefan's Winter message, I attach my How-To deploy EAP-FAST on
FreeRADIUS which summarizes what I've done to get it to work with
version 2.1.8.
A few changes in FreeRADIUS are needed to provide some configuration
variables to the hostap EAP library.
The biggest problem is that this solution works only with eapol_test
client. In real world, on the wireless network we managed to
authenticate using EAP-FAST on FreeRADIUS only with anonymous PAC
provisioning, because EAP fragmentation seems to be not handled.

Greetings
Maja

-- 
Maja Gorecka-Wolniewicz          mgw at umk.pl
             http://www.umk.pl/~mgw
             PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum               Information & Communication
Informatyczne                    Technology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: eap-fast-freeradius-howto
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100119/22806193/attachment.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2929 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100119/22806193/attachment.bin>

More information about the Freeradius-Users mailing list