I'm having problems with getting 802.1X working. I'm trying both EAP-TLS and EAP-PEAP.
For certificate (TLS) based security, the example (we're not doing server cert validation)
wlan.connect(ssid='mywifi', auth=(WLAN.WPA2_ENT,), identity='myidentity', keyfile='/flash/cert/client.key', certfile='/flash/cert/client.crt')
Question- the private key and client cert in the example point to the same file. Is this expected? I have known working certs and either combining them into a single file or separating them into two different files, the RADIUS server rejects with:
"EAP-TLS: fatal alert by client - bad_certificate. eap-tls: Error in establishing TLS session"
For password based 802.1X (EPA-PEAP), I'm using a statement like:
wlan.connect(ssid='myssid', auth=(WLAN.WPA2_ENT, 'myusername', 'passwd'), identity='myident')
This is failing for a different reason. RADIUS server says:
"EAP: Client doesn't support configured EAP methods"
And debugging on the wireless controller, I see this log message:
*Dot1x_NW_MsgTask_4: Nov 17 14:25:00.173: 24:0a:c4:02:48:f4 Received EAP Response from mobile 24:0a:c4:02:48:f4 (EAP Id 6, EAP Type 13)
EAP Type 13 is TLS, not PEAP
When the auth tuple has three elements (sec, username, password), the EAP type should change to 25, correct?