# WPA2-enterprise (+ hidden)



## victron (Mar 29, 2013)

Hello,

One of my customer uses WPA2-enterprise (+ hidden) for guests. Could you help me to set it up?

Below part of my wpa_supplicant1.conf. (As I understood certificates on client site are not mandatory.)


```
network={
  ssid="off"
  proto=RSN
  key_mgmt=WPA-EAP
  eap=PEAP
  identity="user"
  password="0123456789OS"
  scan_ssid=1
  phase2="auth=MSCHAPV2"
  
}
```
Below response from wpa_supplicant. (Does I need to install any certificates?) Where am I wrong?

```
Associated with 00:26:cb:b9:1d:b0
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=AZFNCO-NAP1.azer.ua'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=AZFNCO-NAP1.azer.ua'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=AZFNCO-NAP1.azer.ua'
EAP-MSCHAPV2: failure message: '' (retry allowed, error 691)
CTRL-REQ-IDENTITY-0:Identity needed for SSID off
CTRL-REQ-PASSWORD-0:Password needed for SSID off
```


----------



## bbzz (Mar 29, 2013)

http://forums.freebsd.org/showthread.php?t=28467&highlight=WPA+enterprise might help you out.


----------



## victron (Mar 30, 2013)

Hello,

Thank you for the link. Currently the problem is resolved. The configuration is correct - exception password. Now I exactly now that a certificate is not mandatory. It's just needed for server verification.
If in debug of wpa_supplicant(8) this is present:

```
ignore=FALSE methodState=MAY_CONT decision=FAIL
.....
EAP: EAP entering state IDLE
```

something is not ok with the user authentication.

Thank you.


----------

