Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
technical:pp-android [2025/07/07 20:01] – [MgmtTree XML] systemtechnical:pp-android [2025/07/07 20:17] (current) – [HomeSP] system
Line 267: Line 267:
 ------------- -------------
  
-==== Credential ====+=== Credential ===
   * The credential section are mostly straight forward.   * The credential section are mostly straight forward.
   * There are however some items to highlight.   * There are however some items to highlight.
 === Realm === === Realm ===
  
-  * The realm has nothing to do with the NAI Realm (or Domain) in Hotspot 2.0.+  * This Realm is used in EAP authentication and is RADIUS related. 
 +  * This realm has nothing to do with the NAI Realm (or Domain) in Hotspot 2.0. (HomeSP Section)
   * It might be the same value of the NAI Realm but it is not a requirement.   * It might be the same value of the NAI Realm but it is not a requirement.
   * When the authentication request to RADIUS starts, an anonymous identity is used.   * When the authentication request to RADIUS starts, an anonymous identity is used.
 +  * This is also referred to as the **Outer Identity**.
   * The convention Android uses is to formulate a username anonymouns@<value of realm>.   * The convention Android uses is to formulate a username anonymouns@<value of realm>.
   * In this case it will be anonymous@mesh-manager.com.   * In this case it will be anonymous@mesh-manager.com.
-  * The EAP protocol uses this recommended way in order to determine the destination of RADIUS proxy requests.+  * The EAP protocol uses this recommended convention in order to determine the destination of RADIUS proxy requests.
  
 === Password === === Password ===
Line 311: Line 313:
  
  
-=== Certificate FQDN Check (Domain Suffix Match) ===+===== Extension - Certificate FQDN Check (Domain Suffix Match) =====
   * In WPA Supplicant we have the following option: domain_suffix_match   * In WPA Supplicant we have the following option: domain_suffix_match
   * If this is specified then wpa_supplicant will make sure that when the client authenticates to RADIUS that the domain name of the certificate used with EAP matches one of the specified values.   * If this is specified then wpa_supplicant will make sure that when the client authenticates to RADIUS that the domain name of the certificate used with EAP matches one of the specified values.
   * If not it will reject the authentication.   * If not it will reject the authentication.
   * This is to protect against an Evil Twin scenario.   * This is to protect against an Evil Twin scenario.
-  * With the Android setup it will take the value of FQDN under the HomeSP section by default value for domain_suffix_match. +  * With the Android Hotspot 2.0 setup it will take the value of FQDN under the HomeSP section as the value value for domain_suffix_match. 
-  * This does is not always the case in real life. Somtimes the certificate RADIUS used has another domain/FQDN.+  * This is not always the case in real life. Sometimes the certificate RADIUS used has another domain/FQDN.
   * If you want to specify a different domain there is an **Extension** section.   * If you want to specify a different domain there is an **Extension** section.
-  * +
 <code xml> <code xml>
 <Node> <Node>
  • technical/pp-android.1751911267.txt.gz
  • Last modified: 2025/07/07 20:01
  • by system