User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

hostapd [2018/05/22 10:33] (current)
Line 1: Line 1:
 +====== hostapd'​s howto'​s ======
 +===== Howto create a WPA-EAP-protected network =====
 +Prevent NetworkManager from trying to configure/​use the network interface you want to use for the AP network:
 +<file ini /​etc/​NetworkManager/​NetworkManager.conf>​
 +Create hostapd'​s configuration for an WPA-EAP-protected access point, using the internal RADIUS server:
 +<file ini /​etc/​hostapd/​hostapd.conf>​
 +# IEEE 802.11 specifies two authentication algorithms. hostapd can be
 +# configured to allow both of these or only one. Open system authentication
 +# should be used with IEEE 802.1X.
 +# Bit fields of allowed authentication algorithms:
 +# bit 0 = Open System Authentication
 +# bit 1 = Shared Key Authentication (requires WEP)
 +# Require IEEE 802.1X authorization
 +and configure the accepted credentials:​
 +<file ini /​etc/​hostapd/​hostapd.eap_user>​
 +# Phase 1 users
 +# Wildcard for all other identities
 +* PEAP
 +# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
 +"<​user_name>" ​     MSCHAPV2 ​       "<​user_password>"​ [2]
 +If not already existing, create your hostapd'​s certificates:​
 +$ cd /​etc/​hostapd
 +$ sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout hostapd.key.pem -out hostapd.cert.pem
 +Now, you can restart hostapd'​s service, and it should accept a WPA-EAP connection with the provided creadentials:​
 +$ sudo service hostapd restart
hostapd.txt ยท Last modified: 2018/05/22 10:33 (external edit)