User Tools

Site Tools


hostapd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

hostapd [2018/05/22 10:33] (current)
Line 1: Line 1:
 +====== hostapd'​s howto'​s ======
  
 +===== Howto create a WPA-EAP-protected network =====
 +
 +Prevent NetworkManager from trying to configure/​use the network interface you want to use for the AP network:
 +<file ini /​etc/​NetworkManager/​NetworkManager.conf>​
 +...
 +[keyfile]
 +unmanaged-devices=mac:<​interface_mac_addr>​
 +...
 +</​file>​
 +
 +
 +Create hostapd'​s configuration for an WPA-EAP-protected access point, using the internal RADIUS server:
 +<file ini /​etc/​hostapd/​hostapd.conf>​
 +interface=<​interface_name>​
 +ssid=<​ssid>​
 +channel=1
 +
 +# IEEE 802.11 specifies two authentication algorithms. hostapd can be
 +# configured to allow both of these or only one. Open system authentication
 +# should be used with IEEE 802.1X.
 +# Bit fields of allowed authentication algorithms:
 +# bit 0 = Open System Authentication
 +# bit 1 = Shared Key Authentication (requires WEP)
 +auth_algs=3
 +wpa=3
 +wpa_key_mgmt=WPA-EAP
 +
 +# Require IEEE 802.1X authorization
 +ieee8021x=1
 +eapol_version=2
 +eap_message=ping-from-hostapd
 +eap_server=1
 +server_cert=/​etc/​hostapd/​hostapd.cert.pem
 +private_key=/​etc/​hostapd/​hostapd.key.pem
 +eap_user_file=/​etc/​hostapd/​hostapd.eap_user
 +</​file>​
 +
 +and configure the accepted credentials:​
 +<file ini /​etc/​hostapd/​hostapd.eap_user>​
 +# Phase 1 users
 +# Wildcard for all other identities
 +* PEAP
 +
 +# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
 +"<​user_name>" ​     MSCHAPV2 ​       "<​user_password>"​ [2]
 +</​file>​
 +
 +If not already existing, create your hostapd'​s certificates:​
 +<​code>​
 +$ cd /​etc/​hostapd
 +$ sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout hostapd.key.pem -out hostapd.cert.pem
 +</​code>​
 +
 +Now, you can restart hostapd'​s service, and it should accept a WPA-EAP connection with the provided creadentials:​
 +<​code>​
 +$ sudo service hostapd restart
 +</​code>​
hostapd.txt ยท Last modified: 2018/05/22 10:33 (external edit)