WPA-EAP (Enterprise) configuration for hostapd

hostapd.conf

interface=wlan0

# --------------------------------------
bss=wlan1
ssid=EAP
# IEEE 802.11 specifies two authentication algorithms. hostapd can be
# configured to allow both of these or only one. Open system authentication
# should be used with IEEE 802.1X.
# Bit fields of allowed authentication algorithms:
# bit 0 = Open System Authentication
# bit 1 = Shared Key Authentication (requires WEP)
auth_algs=3
wpa=3
wpa_key_mgmt=WPA-EAP
# Require IEEE 802.1X authorization
ieee8021x=1
eapol_version=2
eap_message=ping-from-hostapd
eap_server=1
ca_cert=/etc/hostapd/hostapd.ca.pem
dh_file=/etc/hostapd/hostapd.dh.pem
server_cert=/etc/hostapd/hostapd.cert.pem
private_key=/etc/hostapd/hostapd.key.pem
eap_user_file=/etc/hostapd/hostapd.eap_user
# Logging
logger_syslog=-1
logger_syslog_level=0

hostapd.eap_user

# Based on the example from
# http://rpc.one.pl/pliki/openwrt/backfire/10.03.x/atheros/hostapd/dokumentacja/hostapd.eap_user

# Outer (phase 1) identities
# Wildcard for all other identities
"peap"  PEAP
"ttls"          TTLS
*               PEAP,TTLS,TLS,SIM,AKA

# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
"md5"           MD5     "p"     [2]
"chap"  MSCHAPV2        "p"     [2]
#"t-gtc"                GTC     "p"     [2]
"peap"  MSCHAPV2        "p"     [2]
"user"          MD5,GTC,MSCHAPV2        "p"     [2]
"ttls"  TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2    "p"     [2]