4 pages

English

Linux Tutorial

Enno - Dean De Beer

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

4 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

WPA – EAP-TTLS on Linux | Dean De Beer | 03.10.2006 Introduction With security becoming more of an issue, especially with the weaknesses in WEP and WPA-PSK, more and more organizations are implementing 802.1x as part of their security solutions. This is a short guide on how to configure the wireless supplicant, wpa_supplicant, for linux. It makes certain assumptions about the network environment but it should not be too difficult to tailor the installation steps to your own environment. This guide assumes the following environment: WPA/EAP-TTLS using RADIUS. This document is intended to be a complete set of instructions on how to get, install and use the Linux WPA/WPA2/IEEE 802.1X Supplicant from: http://hostap.epitest.fi/wpa_supplicant/. This document assumes previous experience of wireless networking under Linux and assumes that wireless networking is already configured under Linux. “wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. wpa_supplicant is designed to be a "daemon" program that runs in the background and acts as the backend component controlling the wireless connection. ...

Informations

Publié par	Enno
Nombre de lectures	17
Langue	English

Extrait

WPA – EAP-TTLS on Linux | Dean De Beer | 03.10.2006

Introduction

With security becoming more of an issue, especially with the weaknesses in WEP and WPA-PSK, more

and more organizations are implementing 802.1x as part of their security solutions. This is a short guide

on how to configure the wireless supplicant, wpa_supplicant, for linux. It makes certain assumptions

about the network environment but it should not be too difficult to tailor the installation steps to your

own environment. This guide assumes the following environment: WPA/EAP-TTLS using RADIUS.

This document is intended to be a complete set of instructions on how to get, install and use

the Linux WPA/WPA2/IEEE 802.1X Supplicant from:

http://hostap.epitest.fi/wpa_supplicant/.

This document assumes previous experience of wireless networking under Linux and

assumes that wireless networking is already configured under Linux.

“wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support

for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both desktop/laptop

computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component

that is used in the client stations. It implements key negotiation with a WPA

Authenticator and it controls the roaming and IEEE 802.11

authentication/association of the wlan driver.

wpa_supplicant is designed to be a "daemon" program that runs in the

background and acts as the backend component controlling the wireless

connection. wpa_supplicant supports separate frontend programs and a text-

based frontend (wpa_cli) and a GUI (wpa_gui) are included with

wpa_supplicant.”

description from http://hostap.epitest.fi/wpa_supplicant/

Due to the various distributions of Linux and the various chipsets in use for wireless cards today, detailed

steps on how to install and configure your Wireless Network Card to work under Linux is beyond the

scope of this document. The wpa_supplicant has support for the following wireless card/drivers:

Linux drivers that support Linux Wireless Extensions v19 or newer with WPA/WPA2

extensions

Host AP driver for Prism2/2.5/3 (WPA and WPA2)

Linuxant DriverLoader with Windows NDIS driver supporting WPA/WPA2

Agere Systems Inc. Linux Driver (Hermes-I/Hermes-II chipset) (WPA, but not WPA2)

madwifi (Atheros ar521x)

ATMEL AT76C5XXx

Linux ndiswrapper

Broadcom wl.o driver

Intel ipw2100

Intel ipw2200

Wired Ethernet drivers

BSD net80211 layer (e.g., Atheros driver) (FreeBSD 6-CURRENT and NetBSD current)

Windows NDIS drivers (Windows; at least XP and 2000, others not tested)

(

)

Configuration

This document used the following setup to install, configure and test the wpa_supplicant for Linux:

IBM/Lenovo x41 Thinkpad

Redhat Enterprise Workstation v4

Madwifi-NG Wireless drivers for Atheros-based Wireless NIC card

Wpa_supplicant -0.4.9 Stable Release.

OpenSSL – libraries are required for WPA/EAP-TTLS (This is the authentication and encryption method

used by my wireless network.)

For additional system requirements for running the wpa_supplicant please visit http://hostap.epitest.fi

and view the README.txt file.

Installation

Download and unpack the latest stable release of wpa_supplicant at

http://hostap.epitest.fi/wpa_supplicant/. The latest stable release is wpa_supplicant-0.4.9.tar.gz.

Unpack the downloaded package to your default source directory. This document will assume the

package was unpacked to

/usr/src/wpa_supplicant-0.4.9

Before continuing the configuration file needs to be created. Create the following file, name it .config and

save it to the wpa_supplicant-0.4.9 directory.

CONFIG_DRIVER_MADWIFI=y

CFLAGS += -I/usr/src/madwifi-ng

CONFIG_CTRL_IFACE=y

CFLAGS += -I/usr/include/openssl/include

LIBS += -L/usr/lib

CFLAGS += -I/usr/include/kerberos

CONFIG_IEEE8021X_EAPOL=y

CONFIG_MD5=y

CONFIG_EAP_TTLS=y

The first line specifying the wireless network card’s driver can be set to any of the following lines to

match the driver interface that is installed:

CONFIG_DRIVER_HOSTAP=y

CONFIG_DRIVER_HERMES=y

CONFIG_DRIVER_MADWIFI=y

CONFIG_DRIVER_ATMEL=y

CONFIG_DRIVER_WEXT=y

CONFIG_DRIVER_NDISWRAPPER=y

CONFIG_DRIVER_BROADCOM=y

CONFIG_DRIVER_IPW=y

CONFIG_DRIVER_BSD=y

CONFIG_DRIVER_NDIS=y

The second line should point to the directory where the wireless drivers are installed if it is different to

what is shown. Also, check and make sure that your openssl installation directory is correct.

(

)

Now run the following commands to compile the source and build the wpa_supplicant:

cd /usr/src/wpa_supplicant-0.4.7

make clean

make

make install

If you receive any errors make sure that you have all the required libraries installed and that the paths in

your .config file are correct.

Next copy the files

wpa_cli

and

wpa_supplicant

into an appropriate directory e.g. /usr/local/sbin

The wpa_supplicant is configured using a text file, wpa_supplicant.conf. This file lists the accepted

networks and security policices. The default wpa_supplicant.conf file shows the various options and

configuration settings available and can be found in the wpa_supplicant-0.4.9 directory.

Create a new file called

wpa_supplicant.conf

in the

/etc

directory and copy and paste the following

into it:

#WPA/EAP-TTLS with Radius Authentication

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=0

network={

ssid="SSID"

scan_ssid=1

key_mgmt=WPA-EAP

eap=TTLS

anonymous_identity="anonymous"

identity="your user id here"

password="your password here"

priority=4

phase2="auth=PAP"

}

Next change the permissions on the file with the following:

chmod 640 /etc/wpa_supplicant.conf

In order to connect using your wireless network card do the following:

NOTE: the above commands are for the may be different for your wireless drivers. Replace

ath0

with the

name of your wireless device. For example: wlan0, eth1, etc…

modprobe ath_pci

modprobe wlan_scan_sta

ifconfig ath0 up

iwconfig ath0 mode managed essid <SSID>

Now run the following to connect:

wpa_supplicant -Bw -Dmadwifi -iath0 -c/etc/wpa_supplicant.conf

(

)

After a few moments you should start to see traffic between your wireless card and the Access Point.

Before you can connect to the internet you need to request an IP address by running the following

command:

dhclient ath0

Rather than manually running the above commands each time you want to connect to the wireless

network you can create a shell script to automate the process for you.

#!/bin/sh

modprobe ath_pci

modprobe wlan_scan_sta

ifconfig ath0 up

iwconfig ath0 mode managed essid <SSID>

wpa_supplicant -Bw -Dmadwifi -iath0 -c/etc/wpa_supplicant.conf

dhclient ath0

Additional Resources

http://www.linux.com/howtos/8021X-HOWTO/

References

http://madwifi.org/

http://hostap.epitest.fi/wpa_supplicant/

http://www.openssl.org/

(

)

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Linux Tutorial

YouScribe

Le catalogue

Le service

Les conditions