ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 ap_scan=1 network={ ssid="simple" psk="very secret passphrase" priority=5 } network={ ssid="second ssid" scan_ssid=1 psk="very secret passphrase" priority=2 } network={ ssid="example" proto=WPA key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb priority=2 } network={ ssid="plaintext-test" key_mgmt=NONE } network={ ssid="static-wep-test" key_mgmt=NONE wep_key0="abcde" wep_key1=0102030405 wep_key2="1234567890123" wep_tx_keyidx=0 priority=5 } network={ ssid="static-wep-test2" key_mgmt=NONE wep_key0="abcde" wep_key1=0102030405 wep_key2="1234567890123" wep_tx_keyidx=0 priority=5 auth_alg=SHARED } network={ ssid="test adhoc" mode=1 proto=WPA key_mgmt=WPA-NONE pairwise=NONE group=TKIP psk="secret passphrase" } 命令执行例子:2ycLinux联盟 wpa_supplicant -B -ieth0 -c /etc/wpa_supplicant.conf2ycLinux联盟 获得地址:2ycLinux联盟 dhcpcd eth02ycLinux联盟 察看网卡状态以及参数:2ycLinux联盟 bt ~ # iwconfig eth02ycLinux联盟 eth0 IEEE 802.11g ESSID:"youssid"2ycLinux联盟 Mode:Managed Frequency:2.462 GHz Access Point: 00:00:00:00:00:002ycLinux联盟 Bit Rate:54 Mb/s Tx-Power:14 dBm2ycLinux联盟 Retry limit:15 RTS thr:off Fragment thr:off2ycLinux联盟 Encryption key:xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx Security mode:open2ycLinux联盟 Power Management:off2ycLinux联盟 Link Quality=74/100 Signal level=-57 dBm Noise level=-57 dBm2ycLinux联盟 Rx invalid nwid:0 Rx invalid crypt:1 Rx invalid frag:02ycLinux联盟 Tx excessive retries:0 Invalid misc:21 Missed beacon:02ycLinux联盟 2ycLinux联盟 bt ~ # ifconfig eth02ycLinux联盟 eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx2ycLinux联盟 inet addr:192.168.2.100 Bcast:192.168.2.255 Mask:255.255.255.02ycLinux联盟 inet6 addr: fe80::218:deff:feb0:38e5/64 Scope:Link2ycLinux联盟 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:12ycLinux联盟 RX packets:33 errors:2 dropped:31 overruns:0 frame:02ycLinux联盟 TX packets:12 errors:0 dropped:0 overruns:0 carrier:02ycLinux联盟 collisions:0 txqueuelen:10002ycLinux联盟 RX bytes:11177 (10.9 KiB) TX bytes:4324 (4.2 KiB)2ycLinux联盟 Interrupt:11 Base address:0x2000 Memory:edf00000-edf00fff2ycLinux联盟 2ycLinux联盟 这样linux就可以使用wpa 访问无线网络了. --------------------------------------------------- wpa_supplicant usage --------------------------------------------------- You will need to make a configuration file, e.g., /etc/wpa_supplicant.conf, with network configuration for the networks you are going to use. Configuration file section below includes explanation for the configuration file format and includes various examples. Once the configuration is ready, you can test whether the configuration work by first running wpa_supplicant with following command to start it on foreground with debugging enabled: wpa_supplicant -i wlan0 -c/etc/wpa_supplicant.conf -d Assuming everything goes fine, you can start using following command to start wpa_supplicant on background without debugging: wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B Please note that if you included more than one driver interface in the build time configuration (.config), you may need to specify which interface to use by including -D option on the command line. See following section for more details on command line options for wpa_supplicant. Command line options -------------------- usage: wpa_supplicant [-BddehLqqvw] -i -c [-D] \ [-N -i -c [-D] ...] options: -B = run daemon in the background -d = increase debugging verbosity (-dd even more) -K = include keys (passwords, etc.) in debug output -t = include timestamp in debug messages -h = show this help text -L = show license (GPL and BSD) -q = decrease debugging verbosity (-qq even less) -v = show version -w = wait for interface to be added, if needed -N = start describing new interface drivers: hostap = Host AP driver (Intersil Prism2/2.5/3) [default] (this can also be used with Linuxant DriverLoader) hermes = Agere Systems Inc. driver (Hermes-I/Hermes-II) madwifi = MADWIFI 802.11 support (Atheros, etc.) atmel = ATMEL AT76C5XXx (USB, PCMCIA) wext = Linux wireless extensions (generic) ndiswrapper = Linux ndiswrapper broadcom = Broadcom wl.o driver ipw = Intel ipw2100/2200 driver wired = wpa_supplicant wired Ethernet driver bsd = BSD 802.11 support (Atheros, etc.) ndis = Windows NDIS driver In most common cases, wpa_supplicant is started with wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -iwlan0 This makes the process fork into background and wait for the wlan0 interface if it is not available at startup time. The easiest way to debug problems, and to get debug log for bug reports, is to start wpa_supplicant on foreground with debugging enabled: wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d wpa_supplicant can control multiple interfaces (radios) either by running one process for each interface separately or by running just one process and list of options at command line. Each interface is separated with -N argument. As an example, following command would start wpa_supplicant for two interfaces: wpa_supplicant \ -c wpa1.conf -i wlan0 -D hostap -N \ -c wpa2.conf -i ath0 -D madwifi Configuration file ------------------ wpa_supplicant is configured using a text file that lists all accepted networks and security policies, including pre-shared keys. See example configuration file, wpa_supplicant.conf, for detailed information about the configuration format and supported fields. Changes to configuration file can be reloaded be sending SIGHUP signal to wpa_supplicant (''killall -HUP wpa_supplicant''). Similarly, reloading can be triggered with ''wpa_cli reconfigure'' command. Configuration file can include one or more network blocks, e.g., one for each used SSID. wpa_supplicant will automatically select the best betwork based on the order of network blocks in the configuration file, network security level (WPA/WPA2 is prefered), and signal strength. Example configuration files for some common configurations: 1) WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work network # allow frontend (e.g., wpa_cli) to be used by all users in ''wheel'' group ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel # # home network; allow all valid ciphers network={ ssid="home" scan_ssid=1 key_mgmt=WPA-PSK psk="very secret passphrase" } # # work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers network={ ssid="work" scan_ssid=1 key_mgmt=WPA-EAP pairwise=CCMP TKIP group=CCMP TKIP eap=TLS identity="user@example.com" ca_cert="/etc/cert/ca.pem" client_cert="/etc/cert/user.pem" private_key="/etc/cert/user.prv" private_key_passwd="password" } 2) WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that use old peaplabel (e.g., Funk Odyssey and SBR, Meetinghouse Aegis, Interlink RAD-Series) ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="example" scan_ssid=1 key_mgmt=WPA-EAP eap=PEAP identity="user@example.com" password="foobar" ca_cert="/etc/cert/ca.pem" phase1="peaplabel=0" phase2="auth=MSCHAPV2" } 3) EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the unencrypted use. Real identity is sent only within an encrypted TLS tunnel. ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="example" scan_ssid=1 key_mgmt=WPA-EAP eap=TTLS identity="user@example.com" anonymous_identity="anonymous@example.com" password="foobar" ca_cert="/etc/cert/ca.pem" phase2="auth=MD5" } 4) IEEE 802.1X (i.e., no WPA) with dynamic WEP keys (require both unicast and broadcast); use EAP-TLS for authentication ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="1x-test" scan_ssid=1 key_mgmt=IEEE8021X eap=TLS identity="user@example.com" ca_cert="/etc/cert/ca.pem" client_cert="/etc/cert/user.pem" private_key="/etc/cert/user.prv" private_key_passwd="password" eapol_flags=3 } 5) Catch all example that allows more or less all configuration modes. The configuration options are used based on what security policy is used in the selected SSID. This is mostly for testing and is not recommended for normal use. ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="example" scan_ssid=1 key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk="very secret passphrase" eap=TTLS PEAP TLS identity="user@example.com" password="foobar" ca_cert="/etc/cert/ca.pem" client_cert="/etc/cert/user.pem" private_key="/etc/cert/user.prv" private_key_passwd="password" phase1="peaplabel=0" ca_cert2="/etc/cert/ca2.pem" client_cert2="/etc/cer/user.pem" private_key2="/etc/cer/user.prv" private_key2_passwd="password" } 6) Authentication for wired Ethernet. This can be used with ''wired'' interface (-Dwired on command line). ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel ap_scan=0 network={ key_mgmt=IEEE8021X eap=MD5 identity="user" password="password" eapol_flags=0 } --------------------------------------------------- wpa_cli usage --------------------------------------------------- wpa_cli commands status = get current WPA/EAPOL/EAP status mib = get MIB variables (dot1x, dot11) help = show this usage help interface [ifname] = show interfaces/select interface level = change debug level license = show full wpa_cli license logoff = IEEE 802.1X EAPOL state machine logoff logon = IEEE 802.1X EAPOL state machine logon set = set variables (shows list of variables when run without arguments) pmksa = show PMKSA cache reassociate = force reassociation reconfigure = force wpa_supplicant to re-read its configuration file preauthenticate = force preauthentication identity = configure identity for an SSID password = configure password for an SSID pin = configure pin for an SSID otp = configure one-time-password for an SSID passphrase = configure private key passphrase for an SSID bssid = set preferred BSSID for an SSID list_networks = list configured networks select_network = select a network (disable others) enable_network = enable a network disable_network = disable a network add_network = add a network remove_network = remove a network set_network = set network variables (shows list of variables when run without arguments) get_network = get network variables save_config = save the current configuration disconnect = disconnect and wait for reassociate command before connecting scan = request new BSS scan scan_results = get latest scan results get_capability = get capabilies terminate = terminate wpa_supplicant quit = exit wpa_cli wpa_cli command line options wpa_cli [-p] [-i] [-hvB] [-a] \ [-P] [-g] [command..] -h = help (show this usage text) -v = shown version information -a = run in daemon mode executing the action file based on events from wpa_supplicant -B = run a daemon in the background default path: /var/run/wpa_supplicant default interface: first interface found in socket path
|