Differences

This shows you the differences between two versions of the page.

--- hostapd [2018/02/26 20:29] – created damien
+++ hostapd [2018/05/22 10:33] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
+====== hostapd's howto's ======
+===== Howto create a WPA-EAP-protected network =====
+Prevent NetworkManager from trying to configure/use the network interface you want to use for the AP network:
+<file ini /etc/NetworkManager/NetworkManager.conf>
+...
+[keyfile]
+unmanaged-devices=mac:<interface_mac_addr>
+...
+</file>
+Create hostapd's configuration for an WPA-EAP-protected access point, using the internal RADIUS server:
+<file ini /etc/hostapd/hostapd.conf>
+interface=<interface_name>
+ssid=<ssid>
+channel=1
+# IEEE 802.11 specifies two authentication algorithms. hostapd can be
+# configured to allow both of these or only one. Open system authentication
+# should be used with IEEE 802.1X.
+# Bit fields of allowed authentication algorithms:
+# bit 0 = Open System Authentication
+# bit 1 = Shared Key Authentication (requires WEP)
+auth_algs=3
+wpa=3
+wpa_key_mgmt=WPA-EAP
+# Require IEEE 802.1X authorization
+ieee8021x=1
+eapol_version=2
+eap_message=ping-from-hostapd
+eap_server=1
+server_cert=/etc/hostapd/hostapd.cert.pem
+private_key=/etc/hostapd/hostapd.key.pem
+eap_user_file=/etc/hostapd/hostapd.eap_user
+</file>
+and configure the accepted credentials:
+<file ini /etc/hostapd/hostapd.eap_user>
+# Phase 1 users
+# Wildcard for all other identities
+* PEAP
+# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
+"<user_name>"      MSCHAPV2        "<user_password>" [2]
+</file>
+If not already existing, create your hostapd's certificates:
+<code>
+$ cd /etc/hostapd
+$ sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout hostapd.key.pem -out hostapd.cert.pem
+</code>
+Now, you can restart hostapd's service, and it should accept a WPA-EAP connection with the provided creadentials:
+<code>
+$ sudo service hostapd restart
+</code>