Radius Dictionary

Michael Walter michael.walter
Wed Feb 9 05:52:56 PST 2005 

I run such a configuration on my debian machine. The configuration file
'/etc/hostapd.conf' points to a radius server which runs on the same box
and makes use of X.509 certificates of a CA to authenticate user access.

I run version 0.2.6 and my "hostapd.conf"-file looks like this: 

> ##### hostapd configuration file ####
> 
> # AP netdevice name (without 'ap' prefix, i.e., wlan0 uses wlan0ap for
> # management frames)
> interface=wlan0
> 
> # hostapd event logger configuration
> #
> # Two output method: syslog and stdout (only usable if not forking to
> # background).
> #
> # Module bitfield (ORed bitfield of modules that will be logged; -1 = all
> # modules):
> # bit 0 (1) = IEEE 802.11
> # bit 1 (2) = IEEE 802.1X
> # bit 2 (4) = RADIUS
> #
> # Levels (minimum value for logged events):
> #  0 = verbose debugging
> #  1 = debugging
> #  2 = informational messages
> #  3 = notification
> #  4 = warning
> #
> logger_syslog=-1
> logger_syslog_level=2
> logger_stdout=-1
> logger_stdout_level=2
> 
> # Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps
> debug=0
> 
> # Dump file for state information (on SIGUSR1)
> dump_file=/tmp/hostapd.dump
> 
> # Daemonize hostapd process (i.e., fork to background)
> daemonize=1
> 
> 
> ##### IEEE 802.11 related configuration ####
> 
> # SSID to be used in IEEE 802.11 management frames
> ssid=privat
> 
> # Station MAC address -based authentication
> # 0 = accept unless in deny list
> # 1 = deny unless in accept list
> # 2 = use external RADIUS server (accept/deny lists are searched first)
> macaddr_acl=0
> 
> # IEEE 802.11 specifies two authentication algorithms. hostapd can be
> # configured to allow both of these or only one. Open system 
> authentication
> # should be used with IEEE 802.1X.
> # Bit fields of allowed authentication algorithms:
> # bit 0 = Open System Authentication
> # bit 1 = Shared Key Authentication (requires WEP)
> auth_algs=3
> 
> ##### IEEE 802.1X (and IEEE 802.1aa/D4) related configuration ####
> 
> # Require IEEE 802.1X authorization
> ieee8021x=1
> 
> # Use internal minimal EAP Authentication Server for testing IEEE 802.1X.
> # This should only be used for testing since it authorizes all users that
> # suppot IEEE 802.1X without any keys or certificates.
> minimal_eap=0
> 
> # Optional displayable message sent with EAP Request-Identity
> eap_message=hello
> 
> # WEP rekeying (disabled if key lengths are not set or are set to 0)
> # Key lengths for default/broadcast and individual/unicast keys:
> # 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits)
> # 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits)
> wep_key_len_broadcast=13
> wep_key_len_unicast=13
> # Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
> wep_rekey_period=0
> 
> # EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed 
> only if
> # only broadcast keys are used)
> eapol_key_index_workaround=1
> 
> ##### RADIUS configuration ####
> # for IEEE 802.1X with external Authentication Server, IEEE 802.11
> # authentication with external ACL for MAC addresses, and accounting
> 
> # The own IP address of the access point (used as NAS-IP-Address)
> own_ip_addr=127.0.0.1
> 
> # RADIUS authentication server
> auth_server_addr=127.0.0.1
> auth_server_port=1812
> auth_server_shared_secret=mypassword


On Wed, 09 Feb 2005 14:04:53 +0100 "David Minodier" <forspam at david.wd107.tamaris.tm.fr> wrote:
>
> Hi all,
> has anyone thought of allowing hostapd to refer to  an external
> Radius Dictionary rather than hard-coding the minimum dictionary in
> ? If not, i'd be glad to help a bit in doing  that... David.
>

More information about the Hostap mailing list