# EAP-FAST with wpa_supplicant

## tetsujin

I need to find out how to emerge, compile or whatnot the ability to use EAP-FAST into wpa_supplicant. The ablility is there I just can't use it. the error messege I get is:

```
Line 118: unknown EAP method 'FAST'

You may need to add support for this EAP method during wpa_supplicant

build time configuration.

See README for more information.

Line 118: failed to parse eap 'FAST'.

Line 124: failed to parse network block.

Failed to read read or parse configuration '/etc/wpa_supplicant.conf'.

```

My wpa_supplicant.conf 

```
##### Example wpa_supplicant configuration file ###############################

#

# This file describes configuration file format and lists all available option.

# Please also take a look at simpler configuration examples in 'examples'

# subdirectory.

#

# Empty lines and lines starting with # are ignored

# NOTE! This file may contain password information and should probably be made

# readable only by root user on multiuser systems.

# Note: All file paths in this configuration file should use full (absolute,

# not relative to working directory) path in order to allow working directory

# to be changed. This can happen if wpa_supplicant is run in the background.

# Whether to allow wpa_supplicant to update (overwrite) configuration

#

# This option can be used to allow wpa_supplicant to overwrite configuration

# file whenever configuration is changed (e.g., new network block is added with

# wpa_cli or wpa_gui, or a password is changed). This is required for

# wpa_cli/wpa_gui to be able to store the configuration changes permanently.

# Please note that overwriting configuration file will remove the comments from

# it.

update_config=1

# global configuration (shared by all network blocks)

#

# Parameters for the control interface. If this is specified, wpa_supplicant

# will open a control interface that is available for external programs to

# manage wpa_supplicant. The meaning of this string depends on which control

# interface mechanism is used. For all cases, the existance of this parameter

# in configuration is used to determine whether the control interface is

# enabled.

#

# For UNIX domain sockets (default on Linux and BSD): This is a directory that

# will be created for UNIX domain sockets for listening to requests from

# external programs (CLI/GUI, etc.) for status information and configuration.

# The socket file will be named based on the interface name, so multiple

# wpa_supplicant processes can be run at the same time if more than one

# interface is used.

# /var/run/wpa_supplicant is the recommended directory for sockets and by

# default, wpa_cli will use it when trying to connect with wpa_supplicant.

#

# Access control for the control interface can be configured by setting the

# directory to allow only members of a group to use sockets. This way, it is

# possible to run wpa_supplicant as root (since it needs to change network

# configuration and open raw sockets) and still allow GUI/CLI components to be

# run as non-root users. However, since the control interface can be used to

# change the network configuration, this access needs to be protected in many

# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you

# want to allow non-root users to use the control interface, add a new group

# and change this value to match with that group. Add users that should have

# control interface access to this group. If this variable is commented out or

# not included in the configuration file, group will not be changed from the

# value it got by default when the directory or socket was created.

#

# When configuring both the directory and group, use following format:

# DIR=/var/run/wpa_supplicant GROUP=wheel

# DIR=/var/run/wpa_supplicant GROUP=0

# (group can be either group name or gid)

#

# For UDP connections (default on Windows): The value will be ignored. This

# variable is just used to select that the control interface is to be created.

# The value can be set to, e.g., udp (ctrl_interface=udp)

#

# For Windows Named Pipe: This value can be used to set the security descriptor

# for controlling access to the control interface. Security descriptor can be

# set using Security Descriptor String Format (see http://msdn.microsoft.com/

# library/default.asp?url=/library/en-us/secauthz/security/

# security_descriptor_string_format.asp). The descriptor string needs to be

# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty

# DACL (which will reject all connections). See README-Windows.txt for more

# information about SDDL string format.

#

ctrl_interface=/var/run/wpa_supplicant

# IEEE 802.1X/EAPOL version

# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines

# EAPOL version 2. However, there are many APs that do not handle the new

# version number correctly (they seem to drop the frames completely). In order

# to make wpa_supplicant interoperate with these APs, the version number is set

# to 1 by default. This configuration value can be used to set it to the new

# version (2).

eapol_version=1

# AP scanning/selection

# By default, wpa_supplicant requests driver to perform AP scanning and then

# uses the scan results to select a suitable AP. Another alternative is to

# allow the driver to take care of AP scanning and selection and use

# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association

# information from the driver.

# 1: wpa_supplicant initiates scanning and AP selection

# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association

#    parameters (e.g., WPA IE generation); this mode can also be used with

#    non-WPA drivers when using IEEE 802.1X mode; do not try to associate with

#    APs (i.e., external program needs to control association). This mode must

#    also be used when using wired Ethernet drivers.

# 2: like 0, but associate with APs using security policy and SSID (but not

#    BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to

#    enable operation with hidden SSIDs and optimized roaming; in this mode,

#    the network blocks in the configuration file are tried one by one until

#    the driver reports successful association; each network block should have

#    explicit security policy (i.e., only one option in the lists) for

#    key_mgmt, pairwise, group, proto variables

ap_scan=1

# EAP fast re-authentication

# By default, fast re-authentication is enabled for all EAP methods that

# support it. This variable can be used to disable fast re-authentication.

# Normally, there is no need to disable this.

fast_reauth=1

# EAP-FAST with WPA (WPA or WPA2)

network={

   ssid="VCSU"

   key_mgmt=WPA-EAP

   eap=FAST

   anonymous_identity="FAST-000102030405"

   identity="******"

   password="*******"

   phase1="fast_provisioning=1"

   pac_file="/etc/wpa_supplicant.eap-fast-pac"

}

```

Cameron

----------

## OPelerin

Did you find out how to do?

I have to authenticate to a Cisco Access point using EAP-FAST....

----------

