HEADS UP: new wpa_supplicant and hostapd
Daniel Dvorák
dandee at hellteam.net
Thu Apr 16 22:17:36 UTC 2009
Hi Sam,
I would like to inform you about just successfully tested wired driver with
wpa_supplicant in startting process of OS. 802.1x configuration with PEAP.
Version of wpa_supplicant is lower than last imported.
server# egrep em0 /etc/rc.conf
ifconfig_em0="WPA DHCP"
server# uname -a
FreeBSD server 7.1-RELEASE-p4 FreeBSD 7.1-RELEASE-p4 #0: Sun Mar 22 12:35:36
UTC 2009 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
i386
server# cat /etc/wpa_supplicant.conf
update_config=1
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
eapol_version=1
ap_scan=0
fast_reauth=1
network={
eapol_flags=0
key_mgmt=IEEE8021X
eap=PEAP
identity="SERVER$"
password="!--- Output suppressed"
# ca_cert=""
phase1="peaplabel=0 peapver=1 include_tls_length=1"
phase2="auth=MSCHAPV2"
}
server# wpa_supplicant -v
wpa_supplicant v0.5.10
Copyright (c) 2003-2008, Jouni Malinen <j at w1.fi> and contributors
server# wpa_cli status
Selected interface 'em0'
bssid=01:80:c2:00:00:03
ssid=
id=0
pairwise_cipher=NONE
group_cipher=NONE
key_mgmt=IEEE 802.1X (no WPA)
wpa_state=COMPLETED
ip_address=W.X.Y.Z
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
selectedMethod=25 (EAP-PEAP)
EAP TLS cipher=AES256-SHA
EAP-PEAPv1 Phase2 method=MSCHAPV2
GREATCISCOSWITCH6500#sh dot1x interface gigabitEthernet 7/3 details
Dot1x Info for GigabitEthernet7/3
-----------------------------------
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
ReAuthentication = Enabled
QuietPeriod = 10
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 1
MaxReq = 1
TxPeriod = 20
Mac-Auth-Bypass = Enabled
Dot1x Authenticator Client List
-------------------------------
Supplicant = 00c0.wxyz.2c1f
Auth SM State = AUTHENTICATED
Auth BEND SM Stat = IDLE
Port Status = AUTHORIZED
ReAuthPeriod = 3600
ReAuthAction = Reauthenticate
TimeToNextReauth = 2367
Authentication Method = Dot1x
User-Name = SERVER$
Authorized By = Authentication Server
Vlan Policy = 437
Starting wpa_supplicant.
em0: no link ...
.
.
got link
DHCPREQUEST on em0 to 255.255.255.255 port 67
DHCPDISCOVER on em0 to 255.255.255.255 port 67 interval 7
DHCPOFFER from W.X.Y.Z
DHCPREQUEST on em0 to 255.255.255.255 port 67
DHCPACK from W.X.Y.Z
bound to W.X.Y.Z -- renewal in 345600 seconds.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:c0:wx:yz:2c:1f
inet W.X.Y.Z netmask 0xffffff00 broadcast W.X.Y.Z
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
I had to add em* definition to /etc/rc.d/wpa_supplicant script to execute
wpa_supplicant with -Dwired, because fbsd 7.1 does not support it by
default. And I would like to ask you to change it in fbsd 7.2, becuase it
works and newer version 0.6.8 is not needed.
ifn="$2"
if [ -z "$ifn" ]; then
return 1
fi
case ${ifn} in
ndis*)
driver="ndis"
;;
em*)
driver="wired"
;;
*)
driver="bsd"
;;
esac
Bye
Daniel
-----Original Message-----
From: owner-freebsd-current at freebsd.org
[mailto:owner-freebsd-current at freebsd.org] On Behalf Of Sam Leffler
Sent: Monday, March 02, 2009 3:33 AM
To: freebsd-current at freebsd.org
Subject: HEADS UP: new wpa_supplicant and hostapd
I've imported v0.6.8 which is now the tip of the stable branch in Jouni's
repository. One side effect is there is now a combined tree in contrib.
You should see no regressions but this has been lightly tested so beware
(and -Dwired support in wpa_supplicant is not tested).
Not sure what new functionality comes with this code. If something is not
enabled in the build that should be please let me know.
Sam
_______________________________________________
freebsd-current at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
More information about the freebsd-current
mailing list