[dennis at kaarsemaker.net: Re: WPA (PSK) in Ubuntu]

Sivan Green sivan at piware.de
Mon Nov 8 12:12:23 UTC 2004


This looks like a Room101 material, as I am not sure within resonable
limits of userish touch...

Oppinions?


Sivan

On Mon, 2004-11-08 at 03:03, Matt Zimmerman wrote:
> Forwarding to the ubuntu-doc list...
> 
> -- 
>  - mdz
> 
> ______________________________________________________________________
> From: Dennis Kaarsemaker <dennis at kaarsemaker.net>
> To: ubuntu-users at lists.ubuntu.com
> Subject: Re: WPA (PSK) in Ubuntu
> Date: Sun, 07 Nov 2004 20:25:41 +0100
> 
> On Sat, 2004-11-06 at 05:23 -0500, Bryan Pizzuti wrote:
> > Ok, I finally got my new Thinkpad yesterday (Yay!). CPU scaling is working
> > fine, dumping a bunch of stuff onto it from Universe and Marillat right now
> > (Goody!), havn't played with getting software suspend to work yet.  One
> > problem....my home network is WPA, not WEP.  So the wireless interface
> > doesn't seem to be working.  Thinkpad T42.  I know someone else on here has
> > one, so I don't think it's a matter of a software switch not being
> > configured (Unless he's not using the IntelPro "Centrino" wireless chip?).
> > Anyway, how can I get this thing to go WPA/PSK?  I hate WEP...it's insecure
> > and I have a fileserver sitting on my network.  
> 
> First draft of the howto and involved scripts, comments please :)
> (Evolution f*c**d up wrapping, sorry)
> 
> How to get WPA working under linux
> 
> This small howto describes how to get wpa_supplicant running under
> linux. I
> assume that your wireless card already is working without WPA, i.e. the
> driver
> is installed properly.
> 
> PREREQUISITES
> =============
> 
> Because wpa_supplicant is not (yet?) available as a deb package, you
> need to
> compile it yourself. Fotunately this is not very difficult. First thing
> to do is
> get the neccessary tools:
> 
> $ sudo apt-get install gcc gmake
> 
> wpa_supplicant is also capable of providing 802.1x authentication. If
> you need
> that and use EAP-TTLS, EAP-PEAP or EAP-TLS, you also need the openssl
> library
> and headers.
> 
> $ sudo apt-get install openssl libssl-dev
> 
> DOWNLOADING
> ===========
> 
> Having installed the prerequisites, you have to download the
> wpa_supplicant. The
> latest stabel version can be found at
> http://hostap.epitest.fi/wpa_supplicant/.
> Unpack the tarball into a suitable directory (somewhere in your home is
> good)
> 
> $ wget http://hostap.epitest.fi/releases/wpa_supplicant-0.2.5.tar.gz
> $ tar -zxvf wpa_supplicant-0.2.5.tar.gz
> 
> COMPILING
> =========
> 
> Now, before you can compile the wpa_supplicant, you need to create a
> config file
> (see the README file for details). In this file you specify your driver
> and the
> functionality you need. It is also possible to use non-listed drivers,
> but only
> without WPA functionality.
> 
> When you have created the .config file, simply type make and the program
> will
> be compiled. If it does not: tough luck, send errors to the mailinglist
> and hope
> someone can help resolving them.
> 
> INSTALLING
> ==========
> Installing the binaries is fairly simple: just copy wpa_supplicant,
> wpa_cli and
> wpa_passphrase to a suitable location like /usr/sbin
> 
> $ sudo cp wpa_supplicant wpa_cli wpa_passphrase /usr/sbin
> 
> Making sure that the supplicant gets started is a little trickier. There
> are 2
> options here: either it has to be started always, or it has to be
> started when
> the device becomes available (for instance on laptops). In the readme
> file there
> is documentation fot the latter scheme, however I believe the proposed
> scheme to
> be incorrect since it starts the DHCP client (if applicable) before WPA
> negotiation is complete. Therefore I suggest the following:
> 
> If the wpa_supplicant has to be started automatically, create a script
> similar
> to the following in /etc/init.d and call it wpa_supplicant
> ------------------
> PATH=/sbin:/bin:/usr/sbin:/usr/bin
> DAEMON=/usr/sbin/wpa_supplicant
> NAME=wpa_supplicant
> DESC="WPA supplicant"
> CONF=/etc/wpa_supplicant.conf
> DEVICE=wlan0
> 
> test -x $DAEMON || exit 0
> 
> set -e
> 
> case "$1" in
>   start)
>         echo -n "Starting $DESC: "
>         if [[ -z `pidof $DAEMON` ]]
>         then
>             $DAEMON -i $DEVICE -c $CONF -Bw
>         fi
>         ;;
>   stop)
>         echo -n "Stopping $DESC: "
>         if [[ ! -z `pidof $DAEMON` ]]
>         then
>             killall $DAEMON 
>         fi
>         ;;
>   restart|force-reload)
>         echo -n "Restarting $DESC: "
>         killall $DAEMON 2>/dev/null
>         $DAEMON -i $DEVICE -c $CONF -Bw
>         ;;
>   *)
>         N=/etc/init.d/$NAME
>         echo "Usage: $N {start|stop|restart|force-reload}" >&2
>         exit 1
>         ;;
> esac
> 
> exit 0
> ------------------
> 
> Then create a symlink to this script in the appropriate rc directories.
> 
> $ ln -s /etc/init.d/wpa_supplicant /etc/rc0.d/K20wpa_supplicant
> $ ln -s /etc/init.d/wpa_supplicant /etc/rc1.d/K20wpa_supplicant
> $ ln -s /etc/init.d/wpa_supplicant /etc/rc2.d/S20wpa_supplicant
> $ ln -s /etc/init.d/wpa_supplicant /etc/rc3.d/S20wpa_supplicant
> $ ln -s /etc/init.d/wpa_supplicant /etc/rc4.d/S20wpa_supplicant
> $ ln -s /etc/init.d/wpa_supplicant /etc/rc5.d/S20wpa_supplicant
> $ ln -s /etc/init.d/wpa_supplicant /etc/rc6.d/K20wpa_supplicant
> 
> If the device is a PCMCIA card, and thus wpa_supplicant has to be
> started when
> the card is inserted, add the following lines to /etc/pcmcia/wireless
> 
> At the end of the start action
> ------------------
> if [[ -x /usr/sbin/wpa_supplicant ]]
> then
>     /usr/sbin/wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -i$DEVICE
> fi
> ------------------
> 
> At the end of the stop action:
> ------------------
> if [[ -x /usr/sbin/wpa_supplicant ]]
> then
>     killall wpa_suplicant 2>/dev/null
> fi
> ------------------
> 
> If your network is configured to use static ip adresses, installation
> now is
> finished. If you use dhcp there is one last step: since WPA negotiotion
> can take
> an unspecified amount of time it is unreasonable to expect that it would
> be done
> within the timeout of the dhcp client. So you cannot set the network to
> dhcp.
> 
> I use the following instead:
> ------------------
> iface wlan0 inet manual
> pre-up ifconfig wlan0 up
> up /root/wpa_dhcp
> post-down ifconfig wlan0 down
> ------------------
> 
> The wpa_dhcp script checks if authentication has already succeded and
> will start
> the DHCP client after succesful authentication. The contents of this
> script are
> as follows:
> ------------------
> #!/bin/bash
> 
> TIMEOUT=25
> INTERVAL=5
> STATUS=1
> 
> TIME=0
> 
> # Try to authenticate for 25 secs
> while [[ $STATUS == 1 && $TIME -lt $TIMEOUT ]]
> do
>   wpa_cli status | grep AUTHENTICATED > /dev/null
>   STATUS=$?
>   TIME=$(($TIME + $INTERVAL))
>   sleep $INTERVAL
> done
> 
> # If authenticated, start dhclient
> if [[ $STATUS -ne 1 ]]
> then
>   dhlient3 -pf /var/run/dhclient.wlan0.pid
> -lf /var/run/dhclient.wlan0.leases wlan0
> fi
> ------------------
> 
> Of course this script can also be started in the background to speed up
> booting.
> If you want to do this, you might also want to suppress the output from
> dhclient
> by adding >/dev/null 2>/dev/null to the dhclient3 command
> 
> CONFIGURING
> ===========
> After installing the WPA supplicant, you need to configure it. This is
> done by
> copying the sample wpa_supplicant.conf to /etc and editing it. The
> sample
> configuration file is well documented, so configuration should be easy.
> A sample
> configuration for a WPA-PSK network is as follows:
> 
> ------------------
> network={
>         ssid="Network"
>         proto=WPA
>         scan_ssid=1
>         key_mgmt=WPA-PSK
>         psk="secretkey"
> }
> ------------------
> 
> It is best to comment out all examples in the example configuration file
> before
> using it.
> 
> 
> -- 
> Dennis K.
>   And that's the way the cookie crumbles!
> 
> 





More information about the ubuntu-doc mailing list