hostapd
hostapd's howto's
Howto create a WPA-EAP-protected network
Prevent NetworkManager from trying to configure/use the network interface you want to use for the AP network:
- /etc/NetworkManager/NetworkManager.conf
... [keyfile] unmanaged-devices=mac:<interface_mac_addr> ...
Create hostapd's configuration for an WPA-EAP-protected access point, using the internal RADIUS server:
- /etc/hostapd/hostapd.conf
interface=<interface_name> ssid=<ssid> channel=1 # IEEE 802.11 specifies two authentication algorithms. hostapd can be # configured to allow both of these or only one. Open system authentication # should be used with IEEE 802.1X. # Bit fields of allowed authentication algorithms: # bit 0 = Open System Authentication # bit 1 = Shared Key Authentication (requires WEP) auth_algs=3 wpa=3 wpa_key_mgmt=WPA-EAP # Require IEEE 802.1X authorization ieee8021x=1 eapol_version=2 eap_message=ping-from-hostapd eap_server=1 server_cert=/etc/hostapd/hostapd.cert.pem private_key=/etc/hostapd/hostapd.key.pem eap_user_file=/etc/hostapd/hostapd.eap_user
and configure the accepted credentials:
- /etc/hostapd/hostapd.eap_user
# Phase 1 users # Wildcard for all other identities * PEAP # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users "<user_name>" MSCHAPV2 "<user_password>" [2]
If not already existing, create your hostapd's certificates:
$ cd /etc/hostapd $ sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout hostapd.key.pem -out hostapd.cert.pem
Now, you can restart hostapd's service, and it should accept a WPA-EAP connection with the provided creadentials:
$ sudo service hostapd restart
hostapd.txt · Last modified: 2018/05/22 10:33 by 127.0.0.1