1 EAP/TLS support is experimental.
3 HOWTO setup documents to integrate & configure the following
5 1. XSupplicant - freeradius (EAP/TLS) notes may be found at:
7 http://www.eax.com/802/
8 or http://www.missl.cs.umd.edu/wireless/eaptls/
10 XSupplicant is hosted by:
12 http://www.open1x.org/
14 2. XP - freeradius (EAP/TLS) notes may be found at:
16 http://www.denobula.com/EAPTLS.pdf
18 ----------------------------------------------------------------------
19 A summary of how EAP works, as posted to the list by
20 John Lindsay <jlindsay@internode.com.au>
22 To make it clear for everyone, the supplicant is the software on the client
23 (machine with the wireless card).
25 The EAP process doesn't start until the client has associated with the
26 Access Point using Open authentication. If this process isn't crystal
27 clear you need to go away and gain understanding.
29 Once the association is made the AP blocks all traffic that is not 802.1x
30 so although associated the connection only has value for EAP. Any EAP
31 traffic is passed to the radius server and any radius traffic is passed
34 So, after the client has associated to the Access Point, the supplicant
35 starts the process for using EAP over LAN by asking the user for their
38 Using 802.1x and EAP the supplicant sends the username and a one-way hash
39 of the password to the AP.
41 The AP encapsulates the request and sends it to the RADIUS server.
43 The radius server needs a plaintext password so that it can perform the
44 same one-way hash to determine that the password is correct. If it is, the
45 radius server issues an access challenge which goes back via to the AP to
46 the client. (my study guide says client but my brain says 'supplicant')
48 The client sends the EAP response to the challenge via the AP to the RADIUS
51 If the response is valid the RADIUS server sends a success message and the
52 session WEP key (EAP over wireless) to the client via the AP. The same
53 session WEP key is also sent to the AP in the success packet.
55 The client and the AP then begin using session WEP keys. The WEP key used
56 for multicasts is then sent from the AP to the client. It is encrypted
57 using the session WEP key.