Linux AP set up
jude anyiko
judeanyiko900
Tue Jun 28 08:15:26 PDT 2005
Hi i am new to host ap. i am tryting to set up a wep
AP authentication but when i view the log a station
associates but is disaccociated after some time due to
inactivity.As well there is no packet excahnge between
AP and client.I have only enabled wep related
settings.
hostap information
Received 30 bytes management frame
MGMT
mgmt::auth
authentication: STA=00:80:c8:cf:45:cb auth_alg=1
auth_transaction=1 status_code=0 wep=0
wlan0: STA 00:80:c8:cf:45:cb IEEE 802.11:
authentication (shared key, transaction 1)
authentication reply: STA=00:80:c8:cf:45:cb auth_alg=1
auth_transaction=2 resp=0 challenge
Received 160 bytes management frame
MGMT (TX callback) ACK
mgmt::auth cb
Received 30 bytes management frame
MGMT
mgmt::auth
authentication: STA=00:80:c8:cf:45:cb auth_alg=1
auth_transaction=1 status_code=0 wep=0
wlan0: STA 00:80:c8:cf:45:cb IEEE 802.11:
authentication (shared key, transaction 1)
authentication reply: STA=00:80:c8:cf:45:cb auth_alg=1
auth_transaction=2 resp=0 challenge
Received 160 bytes management frame
MGMT (TX callback) ACK
mgmt::auth cb
Received 30 bytes management frame
MGMT
mgmt::auth
conf file settings
# ##### hostapd configuration file
##############################################
# Empty lines and lines starting with # are ignored
# AP netdevice name (without 'ap' prefix, i.e., wlan0
uses wlan0ap for
# management frames)
interface=wlan0
# Driver interface type (hostap/wired/madwifi/prism54;
default: hostap)
driver=hostap
# hostapd event logger configuration
#
# Two output method: syslog and stdout (only usable if
not forking to
# background).
#
# Module bitfield (ORed bitfield of modules that will
be logged; -1 = all
# modules):
# bit 0 (1) = IEEE 802.11
# bit 1 (2) = IEEE 802.1X
# bit 2 (4) = RADIUS
# bit 3 (8) = WPA
# bit 4 (16) = driver interface
# bit 5 (32) = IAPP
#
# Levels (minimum value for logged events):
# 0 = verbose debugging
# 1 = debugging
# 2 = informational messages
# 3 = notification
# 4 = warning
#
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
# Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg
dumps, 4 = excessive
debug=0
# Dump file for state information (on SIGUSR1)
dump_file=/tmp/hostapd.dump
# Interface for separate control program. If this is
specified, wpa_supplicant
# will create this directory and a UNIX domain socket
for listening to requests
# from external programs (CLI/GUI, etc.) for status
information and
# configuration. The socket file will be named based
on the interface name, so
# multiple hostapd processes/interfaces can be run at
the same time if more
# than one interface is used.
# /var/run/hostapd is the recommended directory for
sockets and by default,
# hostapd_cli will use it when trying to connect with
hostapd.
ctrl_interface=/var/run/hostapd
# Access control for the control interface can be
configured by setting the
# directory to allow only members of a group to use
sockets. This way, it is
# possible to run wpa_supplicant as root (since it
needs to change network
# configuration and open raw sockets) and still allow
GUI/CLI components to be
# run as non-root users. However, since the control
interface can be used to
# change the network configuration, this access needs
to be protected in many
# cases. By default, wpa_supplicant is configured to
use gid 0 (root). If you
# want to allow non-root users to use the contron
interface, add a new group
# and change this value to match with that group. Add
users that should have
# control interface access to this group.
#
# This variable can be a group name or gid.
#ctrl_interface_group=wheel
ctrl_interface_group=0
##### IEEE 802.11 related configuration
#######################################
# SSID to be used in IEEE 802.11 management frames
ssid= icdci
# Station MAC address -based authentication
# 0 = accept unless in deny list
# 1 = deny unless in accept list
# 2 = use external RADIUS server (accept/deny lists
are searched first)
#macaddr_acl=1
# Accept/deny lists are read from separate files
(containing list of
# MAC addresses, one per line). Use absolute path name
to make sure that the
# files can be read on SIGHUP configuration reloads.
accept_mac_file=/root/pwlanface/hostapd.accept
#deny_mac_file=/etc/hostapd.deny
# IEEE 802.11 specifies two authentication algorithms.
hostapd can be
# configured to allow both of these or only one. Open
system authentication
# should be used with IEEE 802.1X.
# Bit fields of allowed authentication algorithms:
# bit 0 = Open System Authentication
# bit 1 = Shared Key Authentication (requires WEP)
#auth_algs=1
# Associate as a station to another AP while still
acting as an AP on the same
# channel.
#assoc_ap_addr=00:12:34:56:78:9a
##### IEEE 802.1X (and IEEE 802.1aa/D4) related
configuration #################
# Require IEEE 802.1X authorization
#ieee8021x=1
# Use integrated EAP authenticator instead of external
RADIUS authentication
# server
#eap_authenticator=0
# Path for EAP authenticator user database
#eap_user_file=/etc/hostapd.eap_user
# CA certificate (PEM or DER file) for
EAP-TLS/PEAP/TTLS
#ca_cert=/etc/hostapd.ca.pem
# Server certificate (PEM or DER file) for
EAP-TLS/PEAP/TTLS
#server_cert=/etc/hostapd.server.pem
# Private key matching with the server certificate for
EAP-TLS/PEAP/TTLS
# This may point to the same file as server_cert if
both certificate and key
# are included in a single file. PKCS#12 (PFX) file
(.p12/.pfx) can also be
# used by commenting out server_cert and specifying
the PFX file as the
# private_key.
#private_key=/etc/hostapd.server.prv
# Passphrase for private key
#private_key_passwd=secret passphrase
# Configuration data for EAP-SIM
database/authentication gateway interface.
# This is a text string in implementation specific
format. The example
# implementation in eap_sim_db.c uses this as the file
name for the GSM
# authentication triplets.
#eap_sim_db=/etc/hostapd.sim_db
#Optional displayable message sent with EAP
Request-Identity
#eap_message=hello
# WEP rekeying (disabled if key lengths are not set or
are set to 0)
# Key lengths for default/broadcast and
individual/unicast keys:
# 5 = 40-bit WEP (also known as 64-bit WEP with 40
secret bits)
# 13 = 104-bit WEP (also known as 128-bit WEP with 104
secret bits)
#wep_key0=0123456789
#wep_default_key=0
#wep_key_len_broadcast=5
#wep_key_len_unicast=5
# Rekeying period in seconds. 0 = do not rekey (i.e.,
set keys only once)
#wep_rekey_period=300
# EAPOL-Key index workaround (set bit7) for WinXP
Supplicant (needed only if
# only broadcast keys are used)
#eapol_key_index_workaround=0
# EAP reauthentication period in seconds (default:
3600 seconds; 0 = disable
# reauthentication).
#eap_reauth_period=3600
##### IEEE 802.11f - Inter-Access Point Protocol
(IAPP) #######################
# Interface to be used for IAPP broadcast packets
#iapp_interface=wlan0
##### RADIUS configuration
####################################################
# for IEEE 802.1X with external Authentication Server,
IEEE 802.11
# authentication with external ACL for MAC addresses,
and accounting
# The own IP address of the access point (used as
NAS-IP-Address)
own_ip_addr=10.2.28.245
# Optional NAS-Identifier string for RADIUS messages.
When used, this should be
# a unique to the NAS within the scope of the RADIUS
server. For example, a
# fully qualified domain name can be used here.
#nas_identifier=ap.example.com
# RADIUS authentication server
#auth_server_addr=127.0.0.1
#auth_server_port=1812
#auth_server_shared_secret=secret
# RADIUS accounting server
#acct_server_addr=127.0.0.1
#acct_server_port=1813
#acct_server_shared_secret=secret
# Secondary RADIUS servers; to be used if primary one
does not reply to
# RADIUS packets. These are optional and there can be
more than one secondary
# server listed.
#auth_server_addr=127.0.0.2
#auth_server_port=1812
#auth_server_shared_secret=secret2
#
#acct_server_addr=127.0.0.2
#acct_server_port=1813
#acct_server_shared_secret=secret2
# Retry interval for trying to return to the primary
RADIUS server (in
# seconds). RADIUS client code will automatically try
to use the next server
# when the current server is not replying to requests.
If this interval is set,
# primary server will be retried after configured
amount of time even if the
# currently used secondary server is still working.
#radius_retry_primary_interval=600
# Interim accounting update interval
# If this is set (larger than 0) and acct_server is
configured, hostapd will
# send interim accounting updates every N seconds.
Note: if set, this overrides
# possible Acct-Interim-Interval attribute in
Access-Accept message. Thus, this
# value should not be configured in hostapd.conf, if
RADIUS server is used to
# control the interim interval.
# This value should not be less 600 (10 minutes) and
must not be less than
# 60 (1 minute).
#radius_acct_interim_interval=600
# hostapd can be used as a RADIUS authentication
server for other hosts. This
# requires that the integrated EAP authenticator is
also enabled and both
# authentication services are sharing the same
configuration.
# File name of the RADIUS clients configuration for
the RADIUS server. If this
# commented out, RADIUS server is disabled.
#radius_server_clients=/etc/hostapd.radius_clients
# The UDP port number for the RADIUS authentication
server
#radius_server_auth_port=1812
##### WPA/IEEE 802.11i configuration
##########################################
# Enable WPA. Setting this variable configures the AP
to require WPA (either
# WPA-PSK or WPA-RADIUS/EAP based on other
configuration). For WPA-PSK, either
# wpa_psk or wpa_passphrase must be set and
wpa_key_mgmt must include WPA-PSK.
# For WPA-RADIUS/EAP, ieee8021x must be set (but
without dynamic WEP keys),
# RADIUS authentication server must be configured, and
WPA-EAP must be included
# in wpa_key_mgmt.
# This field is a bit field that can be used to enable
WPA (IEEE 802.11i/D3.0)
# and/or WPA2 (full IEEE 802.11i/RSN):
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
wpa=1
# WPA pre-shared keys for WPA-PSK. This can be either
entered as a 256-bit
# secret in hex format (64 hex digits), wpa_psk, or as
an ASCII passphrase
# (8..63 characters) that will be converted to PSK.
This conversion uses SSID
# so the PSK changes when ASCII passphrase is used and
the SSID is changed.
# wpa_psk (dot11RSNAConfigPSKValue)
# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
wpa_passphrase=secret passphrase
# Optionally, WPA PSKs can be read from a separate
text file (containing list
# of (PSK,MAC address) pairs. This allows more than
one PSK to be configured.
# Use absolute path name to make sure that the files
can be read on SIGHUP
# configuration reloads.
#wpa_psk_file=/etc/hostapd.wpa_psk
# Set of accepted key management algorithms (WPA-PSK,
WPA-EAP, or both). The
# entries are separated with a space.
# (dot11RSNAConfigAuthenticationSuitesTable)
wpa_key_mgmt=WPA-PSK
# Set of accepted cipher suites (encryption
algorithms) for pairwise keys
# (unicast packets). This is a space separated list of
algorithms:
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610,
IEEE 802.11i/D7.0]
# TKIP = Temporal Key Integrity Protocol [IEEE
802.11i/D7.0]
# Group cipher suite (encryption algorithm for
broadcast and multicast frames)
# is automatically selected based on this
configuration. If only CCMP is
# allowed as the pairwise cipher, group cipher will
also be CCMP. Otherwise,
# TKIP will be used as the group cipher.
# (dot11RSNAConfigPairwiseCiphersTable)
wpa_pairwise=TKIP
# Time interval for rekeying GTK (broadcast/multicast
encryption keys) in
# seconds. (dot11RSNAConfigGroupRekeyTime)
wpa_group_rekey=600
# Rekey GTK when any STA that possesses the current
GTK is leaving the BSS.
# (dot11RSNAConfigGroupRekeyStrict)
#wpa_strict_rekey=1
# Time interval for rekeying GMK (master key used
internally to generate GTKs
# (in seconds).
wpa_gmk_rekey=86400
# Enable IEEE 802.11i/RSN/WPA2 pre-authentication.
This is used to speed up
# roaming be pre-authenticating IEEE 802.1X/EAP part
of the full RSN
# authentication and key handshake before actually
associating with a new AP.
# (dot11RSNAPreauthenticationEnabled)
#rsn_preauth=1
#
# Space separated list of interfaces from which
pre-authentication frames are
# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This
list should include all
# interface that are used for connections to other
APs. This could include
# wired interfaces and WDS links. The normal wireless
data interface towards
# associated stations (e.g., wlan0) should not be
added, since
# pre-authentication is only used with APs other than
the currently associated
# one.
#rsn_preauth_interfaces=eth0
Thank you in advance.I am using a Windows XP client
and Suse Linux Enterprise Server with Dlink 650+ card.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Hostap
mailing list