Page 51 of 66 FirstFirst ... 41495051525361 ... LastLast
Results 501 to 510 of 654

Thread: HOWTO: ipw2200 + wpa

  1. #501
    Join Date
    Feb 2005
    Beans
    122

    Re: HOWTO: ipw2200 + wpa

    Quote Originally Posted by luca_linux
    Hi!
    I've seen there are many requests about how to get ipw2200 and wpa to work. So, as I've managed to get them to work, I've decided to write a howto. It's also good if you just want to get ipw2200 without wpa; just follow the first part in this case.

    We have to compile and install the latest ipw2200 1.0.6 driver from http://ipw2200.sourceforge.net and we also have to install the firmware, as the ipw2200 0.19 included in the standard installation of Hoary doesn't support wpa.

    Since ipw2200 1.0.5, ipw2200 project does not include ieee80211 subsystem anymore, so we also have to compile and install them from http://ieee80211.sourceforge.net.

    Since we have to compile the driver from sources, we need the packages: build-essential, gcc, linux-headers-myOwnKernelVersion.
    So:
    Code:
    sudo apt-get update
    sudo apt-get install build-essential
    sudo apt-get install gcc
    sudo apt-get install linux-headers-$(uname -r)
    Note: if you have the kernel sources installed, you won't need the linux-headers. And if you're running a custom kernel compiled by you, you won't need to install the packages mentioned above.

    First of all, follow these instructions to add extra repositories, which are always handy to have.

    Here are the steps (for newbies: the following commands are supposed to be typed in the same console session):

    First of all, download the firmware from here.
    Then install it:
    Code:
    sudo tar xvzf ipw2200-fw-2.3.tgz
    sudo cp ipw-2.3-*.fw /usr/lib/hotplug/firmware/
    Now download the latest ieee80211 subsystem from here.
    Then untar it and change your current directory into the driver's one:
    Code:
    sudo tar xvzf ieee80211-1.0.3.tgz
    cd ieee80211-1.0.3
    Now run the remove-old.sh script that comes with the driver package in order to make sure that any old module is deleted:
    Code:
    sudo sh remove-old
    Now download the latest ipw22000 driver from here.
    Then untar it and change your current directory into the driver's one:
    Code:
    cd ..
    sudo tar xvzf ipw2200-1.0.6.tgz
    cd ipw2200-1.0.6
    Now run the remove-old.sh script that comes with the driver package in order to make sure that any old module is deleted:
    Code:
    sudo sh remove-old
    Now your system is clean and it's time to make and install ieee80211, so:
    Code:
    cd ..
    cd ieee80211-1.0.3
    make
    sudo make install
    Then make and install ipw2200 as well:
    Code:
    cd ..
    cd ipw2200-1.0.6
    make
    sudo make install
    Note: it seems there's currently a bug of remove-old script on some systems; if you get errors when compiling ieee80211 about the presence of old modules, you'll have to delete them manually, after having unloded all ieee80211* modules through "modprobe -r module_name" (type "lsmod" to see the current loaded modules).


    Now we have to download and install the wpa_supplicant package:
    Code:
    sudo apt-get install wpasupplicant
    Then you have to create a wpa_supplicant.conf in /etc, so:
    Code:
    sudo gedit /etc/wpa_supplicant.conf
    And paste the following lines in the text editor:
    Code:
    ctrl_interface=/var/run/wpa_supplicant
    
    network={
           ssid="your_network_name"
           scan_ssid=1
           proto=WPA
           key_mgmt=WPA-PSK
           psk="your_secret_key"
    }
    Anyway there are further configuration examples in /usr/share/doc/wpasupplicant/examples/wpa_supplicant.conf.gz.

    Then reboot to make sure that the new modules are loaded successfully and type:
    Code:
    dmesg | grep ipw
    to see if there are errors.
    Then type the following command to configurate wpa_supplicant:
    Code:
    sudo wpa_supplicant -B -i eth1 -c /etc/wpa_supplicant.conf -D ipw -w -dd
    Note: "eth1" is your wireless device.
    If you get troubles establishing the connection with the AP, try to take the "-w" flag out.

    Some systems may have problems in finding the AP; so, if you get troubles finding your AP, add the "ap_scan=2" option to let wpa_supplicant performing the scan instead of the wireless card driver. So your /etc/wpa_supplicant.conf will look like the following:
    Code:
    ctrl_interface=/var/run/wpa_supplicant
    ap_scan=2
    
    network={
           ssid="your_network_name"
           scan_ssid=1
           proto=WPA
           key_mgmt=WPA-PSK
           psk="your_secret_key"
    }
    Some systems may have problems in connecting to the AP; if you get this issue, try to add the directive "pairwise=TKIP" in the relative network section of /etc/wpa_supplicant.conf, so that it looks like this:
    Code:
    ctrl_interface=/var/run/wpa_supplicant
    
    network={
           ssid="your_network_name"
           scan_ssid=1
           proto=WPA
           key_mgmt=WPA-PSK
           pairwise=TKIP
           psk="your_secret_key"
    }
    Of course, if you have problems both findind the AP and connecting to it, you have to add both "ap_scan=2" and "pairwise=TKIP", like the following:
    Code:
    ctrl_interface=/var/run/wpa_supplicant
    ap_scan=2
    
    network={
           ssid="your_network_name"
           scan_ssid=1
           proto=WPA
           key_mgmt=WPA-PSK
           pairwise=TKIP
           psk="your_secret_key"
    }
    Now we have to create a small script (first provided by fulco and edited by me) in order to get wpa starting automatically at boot:
    Code:
    sudo gedit /etc/init.d/wifi_wpa.sh
    Here's the script:
    Code:
    #! /bin/sh
    # wifi: wpa_supplicant init
    echo " * [Wifi]: Enabling WPA supplicant..."
    if [ -x /usr/sbin/wpa_supplicant ]; then
        /usr/sbin/wpa_supplicant -B -i eth1 -c /etc/wpa_supplicant.conf -D ipw -w
    fi
    
    exit 0
    Change the script's permissions to allow it to be executed:
    Code:
    sudo chmod +x /etc/init.d/wifi_wpa.sh
    And create a symlink to define the relative service:
    Code:
    sudo ln -s /etc/init.d/wifi_wpa.sh /etc/rcS.d/S40netwifiwpa
    Ok, that's all!
    I hope this howto will be helpful.

    thanks for this. can it be added to the wiki

  2. #502
    Join Date
    Jul 2005
    Beans
    4

    Re: HOWTO: ipw2200 + wpa

    Excellent HowTo, TY luca_linux GJ!

    WPA great running on my Toshiba Qosmio F20.

  3. #503
    Join Date
    Feb 2005
    Beans
    46

    Smile Re: HOWTO: ipw2200 + wpa

    Luca_linux's excelent HOW-TO worked great for me, until I upgraded to Kubuntu-5.10 that is. Wireless broke when I upgraded, and I've spent days trying to get it back. I've finally succeeded. I have wifi working with WPA-TKIP security and a dhcp assigned IP address on Kubuntu-5.10. Here's what to do...

    Get the latest ipw2200, firmaware and ieee80211 packages and put them in a new folder. I used /home/share/ipw2200. We'll call this the "base directory"...

    http://prdownloads.sourceforge.net/i...0.tgz?download
    http://ipw2200.sourceforge.net/firmware.php?fid=6
    http://prdownloads.sourceforge.net/i...8.tgz?download

    While you're at it, grab this "no cast" patch
    http://ieee80211.sourceforge.net/pat...8-nocast.patch

    Also get wpa_supplicant source
    http://hostap.epitest.fi/releases/wp...t-0.4.7.tar.gz

    OK. extract all of the packages...
    Code:
    cd /home/share/ipw2200
    tar zxpvf ieee80211-1.1.8.tgz
    tar zxpvf ipw2200-1.0.10.tgz
    tar zxpvf ipw2200-fw-2.4.tgz
    Copy the firmware to the porper directory...
    Code:
    sudo cp ipw-2.4-fw* /usr/lib/hotplug/firmware
    Install the ieee80211 modules
    Code:
    cd ieee80211-1.1.8
    sudo sh remove-old
    sudo make install
    Move on to the ipw2200 module
    Code:
    cd ../ipw2200-1.0.10
    sudo sh remove-old
    sudo make install
    If you have trouble with 'make' on the ipw2200 module, then you will probably need to apply the "no cast" patch. to do this, cd to the "base directory" and apply the patch...
    Code:
    cd /home/share/ipw2200
    patch -p0 < ieee80211-1.1.8-nocast.patch
    If the patch completes successfully, continue with the ipw2200 module install.

    After you have successfully installed ieee80211-1.1.8 and ipw2200-1.0.10, move on to install the wpa_supplicant. The first step here is to use Kynaptic to remove the Kubuntu/Debian wpasupplicant.

    Go to K Menu ->System ->(Package Manager) Kynaptic.
    Enter the password for sudo.
    Select Edit ->Find (or Ctrl-F) and search for wpasupplicant.
    Right click anywhere on wpasupplicant and check Remove. While you're in Kynaptic ->Find, search for ipw2200 and ieee80211 and check Remove for both of them. CLose the Find dialog and commit the changes, by clicking on the "Commit Changes to the System" icon.

    Now, build wpa_supplicant.
    Code:
    cd /home/share/ipw2200
    tar zxpvf wpa_supplicant-0.4.7.tar.gz
    cd wpa_supplicant-0.4.7
    Copy this code to .config in /home/share/ipw2200/wpa_supplicant-0.4.7/
    Code:
    CONFIG_IEEE8021X_EAPOL=y
    CONFIG_EAP_MD5=y
    CONFIG_EAP_MSCHAPV2=y
    CONFIG_EAP_TLS=y
    CONFIG_EAP_PEAP=y
    CONFIG_EAP_TTLS=y
    #CONFIG_EAP_GTC=y
    #CONFIG_EAP_OTP=y
    #CONFIG_EAP_SIM=y
    #CONFIG_EAP_AKA=y
    CONFIG_EAP_PSK=y
    #CONFIG_EAP_PAX=y
    CONFIG_EAP_LEAP=y
    CONFIG_WIRELESS_EXTENSION=y
    #CONFIG_DRIVER_HOSTAP=y
    #CONFIG_DRIVER_HERMES=y
    #CONFIG_DRIVER_MADWIFI=y
    #CFLAGS += -I../madwifi
    #CONFIG_DRIVER_ATMEL=y
    CONFIG_DRIVER_WEXT=y
    CONFIG_DRIVER_NDISWRAPPER=y
    #CONFIG_DRIVER_BROADCOM=y
    CONFIG_DRIVER_IPW=y
    CONFIG_CTRL_IFACE=y
    Enable additional drivers you may need, madwifi for example, by removing the # from the front of that particular line.
    Code:
    sudo make
    sudo make wpa_gui
    sudo cp wpa_supplicant /usr/local/bin
    sudo cp wpa_cli /usr/local/bin
    sudo cp wpa_gui/wpa_gui /usr/local/bin
    Set your interface to "Managed Mode"
    Code:
    sudo iwconfig eth0 mode managed
    Now reload the ieee80211 and ipw2200 modules
    Code:
    sudo modprobe -r ipw2200
    sudo modprobe -r ieee80211
    sudo modprobe -r ieee80211_crypt
    
    sudo modprobe ipw2200
    Make certain there are no remnants of the Kubuntu/Debian wpa_supplicant
    Code:
    which wpa_supplicant
    The only one you should have is /usr/local/bin/wpa_supplicant. If something els shows up, delete it.
    Now test wpa_supplicant.
    Code:
    sudo wpa_supplicant -ieth0 -c/etc/wpa-supplicant.conf -Dipw -w
    You should see something like the following
    Code:
    Trying to associate with 00:ff:00:1e:a7:7d (SSID='NetworkEssid' freq=0 MHz)
    Associated with 00:ff:00:1e:a7:7d
    WPA: Key negotiation completed with 00:ff:00:1e:a7:7d [PTK=TKIP GTK=TKIP]
    That's it. Just put the "wpa_supplicant" command in a startup script with dhcp
    Code:
    #! /bin/sh
    # wifi: wpa_supplicant init
    echo " * [Wifi]: Enabling WPA supplicant..."
    if [ -x /usr/local/bin/wpa_supplicant ]; then
     /usr/local/bin/wpa_supplicant -ieth0 -c/etc/wpa_supplicant.conf -Dipw -w &
    fi
    
    sleep 2
    
    #use dhcp to request a network address
    dhclient eth0
    
    exit 0
    and you're done.

    NOTE. This addition to the excelent HOWTO by Luca_Linux assumes you have been working with ipw2200 and have a wpa_supplicant.conf file in your /etc directory.

    If you need further help, post here and I will try to respond. I also have been known to frequent irc channels #ubuntu, #kubuntu and #ipw2100.

    Hope this helps someone,

    Rick Knight
    Last edited by RickKnight; January 15th, 2006 at 05:37 AM.

  4. #504
    Join Date
    Feb 2005
    Beans
    122

    Re: HOWTO: ipw2200 + wpa

    Please help this nOOb!!! (Part 1 of 2)

    I followed the How to instructions, substituting the newer versions of drivers and firmware. I got to the point where it asked me to reboot and then got the following after doing the HOWTO commands:

    bennettg@ubuntu:~$ dmesg | grep ipw
    [4294701.737000] ipw2100: Intel(R) PRO/Wireless 2100 Network Driver, 1.1.2
    [4294701.737000] ipw2100: Copyright(c) 2003-2005 Intel Corporation
    [4294701.742000] ipw2100: Detected Intel PRO/Wireless 2100 Network Connection
    bennettg@ubuntu:~$ sudo wpa_supplicant -B -i eth1 -c /etc/wpa_supplicant.conf -D ipw -w -dd
    Password:
    Initializing interface 'eth1' conf '/etc/wpa_supplicant.conf' driver 'ipw'
    Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
    Reading configuration file '/etc/wpa_supplicant.conf'
    ctrl_interface='/var/run/wpa_supplicant'
    ctrl_interface_group=0
    eapol_version=1
    ap_scan=1
    fast_reauth=1
    opensc_engine_path='/usr/lib/opensc/engine_opensc.so'
    pkcs11_engine_path='/usr/lib/opensc/engine_pkcs11.so'
    pkcs11_module_path='/usr/lib/pkcs11/opensc-pkcs11.so'
    Line: 327 - start of a new network block
    ssid - hexdump_ascii(len=6):
    73 69 6d 70 6c 65 simple
    PSK (ASCII passphrase) - hexdump_ascii(len=22): [REMOVED]
    priority=5 (0x5)
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line: 335 - start of a new network block
    ssid - hexdump_ascii(len=11):
    73 65 63 6f 6e 64 20 73 73 69 64 second ssid
    scan_ssid=1 (0x1)
    PSK (ASCII passphrase) - hexdump_ascii(len=22): [REMOVED]
    priority=2 (0x2)
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line: 343 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    proto: 0x1
    key_mgmt: 0x2
    pairwise: 0x18
    group: 0x1e
    PSK - hexdump(len=32): [REMOVED]
    priority=2 (0x2)
    Line: 355 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    proto: 0x2
    key_mgmt: 0x1
    pairwise: 0x18
    group: 0x18
    eap methods - hexdump(len=2): 0d 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    client_cert - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    65 6d em
    private_key - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    72 76 rv
    private_key_passwd - hexdump_ascii(len=8): [REMOVED]
    priority=1 (0x1)
    Line: 372 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 19 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    password - hexdump_ascii(len=6): [REMOVED]
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    phase1 - hexdump_ascii(len=11):
    70 65 61 70 6c 61 62 65 6c 3d 31 peaplabel=1
    phase2 - hexdump_ascii(len=13):
    61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2
    priority=10 (0xa)
    Line: 386 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 15 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    anonymous_identity - hexdump_ascii(len=21):
    61 6e 6f 6e 79 6d 6f 75 73 40 65 78 61 6d 70 6c anonymous@exampl
    65 2e 63 6f 6d e.com
    password - hexdump_ascii(len=6): [REMOVED]
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    priority=2 (0x2)
    Line: 399 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 15 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    anonymous_identity - hexdump_ascii(len=21):
    61 6e 6f 6e 79 6d 6f 75 73 40 65 78 61 6d 70 6c anonymous@exampl
    65 2e 63 6f 6d e.com
    password - hexdump_ascii(len=6): [REMOVED]
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    phase2 - hexdump_ascii(len=13):
    61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2
    Line: 412 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 15 00
    anonymous_identity - hexdump_ascii(len=21):
    61 6e 6f 6e 79 6d 6f 75 73 40 65 78 61 6d 70 6c anonymous@exampl
    65 2e 63 6f 6d e.com
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    phase2 - hexdump_ascii(len=11):
    61 75 74 68 65 61 70 3d 54 4c 53 autheap=TLS
    ca_cert2 - hexdump_ascii(len=17):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 32 2e 70 65 /etc/cert/ca2.pe
    6d m
    client_cert2 - hexdump_ascii(len=17):
    2f 65 74 63 2f 63 65 72 2f 75 73 65 72 2e 70 65 /etc/cer/user.pe
    6d m
    private_key2 - hexdump_ascii(len=17):
    2f 65 74 63 2f 63 65 72 2f 75 73 65 72 2e 70 72 /etc/cer/user.pr
    76 v
    private_key2_passwd - hexdump_ascii(len=8): [REMOVED]
    priority=2 (0x2)
    Line: 430 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    BSSID - hexdump(len=6): 00 11 22 33 44 55
    proto: 0x3
    key_mgmt: 0x3
    pairwise: 0x10
    group: 0x10
    PSK - hexdump(len=32): [REMOVED]
    Line: 442 - start of a new network block
    ssid - hexdump_ascii(len=4):
    00 01 02 03 ____
    PSK - hexdump(len=32): [REMOVED]
    Line: 449 - start of a new network block
    ssid - hexdump_ascii(len=12):
    65 61 70 2d 73 69 6d 2d 74 65 73 74 eap-sim-test
    key_mgmt: 0x1
    Line 452: unknown EAP method 'SIM'
    You may need to add support for this EAP method during wpa_supplicant
    build time configuration.
    See README for more information.
    eap methods - hexdump(len=2): 00 00
    Line 452: failed to parse eap 'SIM'.
    pin - hexdump_ascii(len=4): [REMOVED]
    pcsc - hexdump_ascii(len=0):
    Line 455: failed to parse network block.
    Line: 459 - start of a new network block
    ssid - hexdump_ascii(len=12):
    65 61 70 2d 70 73 6b 2d 74 65 73 74 eap-psk-test
    key_mgmt: 0x1
    eap methods - hexdump(len=2): ff 00
    identity - hexdump_ascii(len=12):
    65 61 70 5f 70 73 6b 5f 75 73 65 72 eap_psk_user
    eappsk - hexdump_ascii(len=16): [REMOVED]
    nai - hexdump_ascii(len=24):
    65 61 70 5f 70 73 6b 5f 75 73 65 72 40 65 78 61 eap_psk_user@exa
    6d 70 6c 65 2e 63 6f 6d mple.com
    Line: 472 - start of a new network block
    ssid - hexdump_ascii(len=7):
    31 78 2d 74 65 73 74 1x-test
    key_mgmt: 0x8
    eap methods - hexdump(len=2): 0d 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    client_cert - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    65 6d em
    private_key - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    72 76 rv
    private_key_passwd - hexdump_ascii(len=8): [REMOVED]
    eapol_flags=3 (0x3)
    Line: 486 - start of a new network block
    ssid - hexdump_ascii(len=12):
    6c 65 61 70 2d 65 78 61 6d 70 6c 65 leap-example
    key_mgmt: 0x8
    eap methods - hexdump(len=2): 11 00
    identity - hexdump_ascii(len=4):
    75 73 65 72 user
    password - hexdump_ascii(len=6): [REMOVED]
    Line: 495 - start of a new network block
    ssid - hexdump_ascii(len=13):
    65 61 70 2d 66 61 73 74 2d 74 65 73 74 eap-fast-test
    key_mgmt: 0x1
    Line 498: unknown EAP method 'FAST'
    You may need to add support for this EAP method during wpa_supplicant
    build time configuration.
    See README for more information.
    eap methods - hexdump(len=2): 00 00
    Line 498: failed to parse eap 'FAST'.
    anonymous_identity - hexdump_ascii(len=17):
    46 41 53 54 2d 30 30 30 31 30 32 30 33 30 34 30 FAST-00010203040
    35 5
    identity - hexdump_ascii(len=8):
    75 73 65 72 6e 61 6d 65 username
    password - hexdump_ascii(len=8): [REMOVED]
    phase1 - hexdump_ascii(len=19):
    66 61 73 74 5f 70 72 6f 76 69 73 69 6f 6e 69 6e fast_provisionin
    67 3d 31 g=1
    pac_file - hexdump_ascii(len=32):
    2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63 /etc/wpa_supplic
    61 6e 74 2e 65 61 70 2d 66 61 73 74 2d 70 61 63 ant.eap-fast-pac
    Line 504: failed to parse network block.
    Line: 507 - start of a new network block
    ssid - hexdump_ascii(len=14):
    70 6c 61 69 6e 74 65 78 74 2d 74 65 73 74 plaintext-test
    key_mgmt: 0x4
    Line: 514 - start of a new network block
    ssid - hexdump_ascii(len=15):
    73 74 61 74 69 63 2d 77 65 70 2d 74 65 73 74 static-wep-test
    key_mgmt: 0x4
    wep_key0 - hexdump(len=5): [REMOVED]
    wep_key1 - hexdump(len=5): [REMOVED]
    wep_key2 - hexdump(len=13): [REMOVED]
    wep_tx_keyidx=0 (0x0)
    priority=5 (0x5)
    Line: 527 - start of a new network block
    ssid - hexdump_ascii(len=16):
    73 74 61 74 69 63 2d 77 65 70 2d 74 65 73 74 32 static-wep-test2
    key_mgmt: 0x4
    wep_key0 - hexdump(len=5): [REMOVED]
    wep_key1 - hexdump(len=5): [REMOVED]
    wep_key2 - hexdump(len=13): [REMOVED]
    wep_tx_keyidx=0 (0x0)
    priority=5 (0x5)
    auth_alg: 0x2
    Line: 540 - start of a new network block
    ssid - hexdump_ascii(len=10):
    74 65 73 74 20 61 64 68 6f 63 test adhoc
    mode=1 (0x1)
    proto: 0x1
    key_mgmt: 0x10
    pairwise: 0x1
    group: 0x8
    PSK (ASCII passphrase) - hexdump_ascii(len=17): [REMOVED]
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line: 552 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    scan_ssid=1 (0x1)
    key_mgmt: 0xf
    pairwise: 0x18
    group: 0x1e
    PSK (ASCII passphrase) - hexdump_ascii(len=22): [REMOVED]
    eap methods - hexdump(len=4): 15 19 0d 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    password - hexdump_ascii(len=6): [REMOVED]
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    client_cert - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    65 6d em
    private_key - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    72 76 rv
    private_key_passwd - hexdump_ascii(len=8): [REMOVED]
    phase1 - hexdump_ascii(len=11):
    70 65 61 70 6c 61 62 65 6c 3d 30 peaplabel=0
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line: 570 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 0d 00
    proto: 0x2
    pairwise: 0x18
    group: 0x18
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    client_cert - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    65 6d em
    engine=1 (0x1)
    engine_id - hexdump_ascii(len=6):
    70 6b 63 73 31 31 pkcs11
    key_id - hexdump_ascii(len=5):
    69 64 5f 34 35 id_45
    pin - hexdump_ascii(len=4): [REMOVED]
    Line: 600 - start of a new network block
    ssid - hexdump_ascii(len=7):
    4e 65 74 77 6f 72 6b Network
    scan_ssid=1 (0x1)
    proto: 0x1
    key_mgmt: 0x2
    PSK - hexdump(len=32): [REMOVED]
    ctrl_interface='/var/run/wpa_supplicant'
    Line: 610 - start of a new network block
    ssid - hexdump_ascii(len=5):
    61 63 6f 72 6e acorn
    scan_ssid=1 (0x1)
    proto: 0x1
    key_mgmt: 0x2
    pairwise: 0x8
    PSK (ASCII passphrase) - hexdump_ascii(len=26): [REMOVED]
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line 617: removed CCMP from group cipher list since it was not allowed for pairwise cipher
    Priority group 10
    id=4 ssid='example'
    Priority group 5
    id=0 ssid='simple'
    id=16 ssid='static-wep-test'
    id=17 ssid='static-wep-test2'
    Priority group 2
    id=1 ssid='second ssid'
    id=2 ssid='example'
    id=5 ssid='example'
    id=7 ssid='example'
    Priority group 1
    id=3 ssid='example'
    Priority group 0
    id=6 ssid='example'
    id=8 ssid='example'
    id=9 ssid=''
    id=11 ssid='eap-psk-test'
    id=12 ssid='1x-test'
    id=13 ssid='leap-example'
    id=15 ssid='plaintext-test'
    id=18 ssid='test adhoc'
    id=19 ssid='example'
    id=20 ssid='example'
    id=21 ssid='Network'
    id=22 ssid='acorn'
    Failed to read configuration file '/etc/wpa_supplicant.conf'.
    bennettg@ubuntu:~

    In the post below, I will put the /etc/wpa_supplicant.conf file (the board says it is too long if i put it here)
    Last edited by bennettg; January 14th, 2006 at 06:40 PM.

  5. #505
    Join Date
    Feb 2005
    Beans
    122

    Re: HOWTO: ipw2200 + wpa

    Part 2 of 2 (see above post. had to split becuase of size limitations)

    Here is my file /etc/wpa_supplicant.conf:

    ##### Example wpa_supplicant configuration file ###############################
    # Empty lines and lines starting with # are ignored

    # NOTE! This file may contain password information and should probably be made
    # readable only by root user on multiuser systems.

    # Whether to allow wpa_supplicant to update (overwrite) configuration
    #
    # This option can be used to allow wpa_supplicant to overwrite configuration
    # file whenever configuration is changed (e.g., new network block is added with
    # wpa_cli or wpa_gui, or a password is changed). This is required for
    # wpa_cli/wpa_gui to be able to store the configuration changes permanently.
    # Please note that overwriting configuration file will remove the comments from
    # it.
    #update_config=1

    # global configuration (shared by all network blocks)
    #
    # Interface for separate control program. If this is specified, wpa_supplicant
    # will create this directory and a UNIX domain socket for listening to requests
    # from external programs (CLI/GUI, etc.) for status information and
    # configuration. The socket file will be named based on the interface name, so
    # multiple wpa_supplicant processes can be run at the same time if more than
    # one interface is used.
    # /var/run/wpa_supplicant is the recommended directory for sockets and by
    # default, wpa_cli will use it when trying to connect with wpa_supplicant.
    ctrl_interface=/var/run/wpa_supplicant

    # Access control for the control interface can be configured by setting the
    # directory to allow only members of a group to use sockets. This way, it is
    # possible to run wpa_supplicant as root (since it needs to change network
    # configuration and open raw sockets) and still allow GUI/CLI components to be
    # run as non-root users. However, since the control interface can be used to
    # change the network configuration, this access needs to be protected in many
    # cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
    # want to allow non-root users to use the control interface, add a new group
    # and change this value to match with that group. Add users that should have
    # control interface access to this group. If this variable is commented out or
    # not included in the configuration file, group will not be changed from the
    # value it got by default when the directory or socket was created.
    #
    # This variable can be a group name or gid.
    #ctrl_interface_group=wheel
    ctrl_interface_group=0

    # IEEE 802.1X/EAPOL version
    # wpa_supplicant was implemented based on IEEE 802-1X-REV-d8 which defines
    # EAPOL version 2. However, there are many APs that do not handle the new
    # version number correctly (they seem to drop the frames completely). In order
    # to make wpa_supplicant interoperate with these APs, the version number is set
    # to 1 by default. This configuration value can be used to set it to the new
    # version (2).
    eapol_version=1

    # AP scanning/selection
    # By default, wpa_supplicant requests driver to perform AP scanning and then
    # uses the scan results to select a suitable AP. Another alternative is to
    # allow the driver to take care of AP scanning and selection and use
    # wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
    # information from the driver.
    # 1: wpa_supplicant initiates scanning and AP selection
    # 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
    # parameters (e.g., WPA IE generation); this mode can also be used with
    # non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
    # APs (i.e., external program needs to control association). This mode must
    # also be used when using wired Ethernet drivers.
    # 2: like 0, but associate with APs using security policy and SSID (but not
    # BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
    # enable operation with hidden SSIDs and optimized roaming; in this mode,
    # the network blocks in the configuration file are tried one by one until
    # the driver reports successful association; each network block should have
    # explicit security policy (i.e., only one option in the lists) for
    # key_mgmt, pairwise, group, proto variables
    ap_scan=1

    # EAP fast re-authentication
    # By default, fast re-authentication is enabled for all EAP methods that
    # support it. This variable can be used to disable fast re-authentication.
    # Normally, there is no need to disable this.
    fast_reauth=1

    # OpenSSL Engine support
    # These options can be used to load OpenSSL engines.
    # The two engines that are supported currently are shown below:
    # They are both from the opensc project (http://www.opensc.org/)
    # By default no engines are loaded.
    # make the opensc engine available
    opensc_engine_path=/usr/lib/opensc/engine_opensc.so
    # make the pkcs11 engine available
    pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
    # configure the path to the pkcs11 module required by the pkcs11 engine
    pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so

    # Driver interface parameters
    # This field can be used to configure arbitrary driver interace parameters. The
    # format is specific to the selected driver interface. This field is not used
    # in most cases.
    #driver_param="field=value"

    # Maximum lifetime for PMKSA in seconds; default 43200
    #dot11RSNAConfigPMKLifetime=43200
    # Threshold for reauthentication (percentage of PMK lifetime); default 70
    #dot11RSNAConfigPMKReauthThreshold=70
    # Timeout for security association negotiation in seconds; default 60
    #dot11RSNAConfigSATimeout=60

    # network block
    #
    # Each network (usually AP's sharing the same SSID) is configured as a separate
    # block in this configuration file. The network blocks are in preference order
    # (the first match is used).
    #
    # network block fields:
    #
    # disabled:
    # 0 = this network can be used (default)
    # 1 = this network block is disabled (can be enabled through ctrl_iface,
    # e.g., with wpa_cli or wpa_gui)
    #
    # ssid: SSID (mandatory); either as an ASCII string with double quotation or
    # as hex string; network name
    #
    # scan_ssid:
    # 0 = do not scan this SSID with specific Probe Request frames (default)
    # 1 = scan with SSID-specific Probe Request frames (this can be used to
    # find APs that do not accept broadcast SSID or use multiple SSIDs;
    # this will add latency to scanning, so enable this only when needed)
    #
    # bssid: BSSID (optional); if set, this network block is used only when
    # associating with the AP using the configured BSSID
    #
    # priority: priority group (integer)
    # By default, all networks will get same priority group (0). If some of the
    # networks are more desirable, this field can be used to change the order in
    # which wpa_supplicant goes through the networks when selecting a BSS. The
    # priority groups will be iterated in decreasing priority (i.e., the larger the
    # priority value, the sooner the network is matched against the scan results).
    # Within each priority group, networks will be selected based on security
    # policy, signal strength, etc.
    # Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
    # using this priority to select the order for scanning. Instead, they try the
    # networks in the order that used in the configuration file.
    #
    # mode: IEEE 802.11 operation mode
    # 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
    # 1 = IBSS (ad-hoc, peer-to-peer)
    # Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
    # and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
    # to be set to 2 for IBSS. WPA-None requires following network block options:
    # proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
    # both), and psk must also be set.
    #
    # proto: list of accepted protocols
    # WPA = WPA/IEEE 802.11i/D3.0
    # RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
    # If not set, this defaults to: WPA RSN
    #
    # key_mgmt: list of accepted authenticated key management protocols
    # WPA-PSK = WPA pre-shared key (this requires 'psk' field)
    # WPA-EAP = WPA using EAP authentication (this can use an external
    # program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
    # IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
    # generated WEP keys
    # NONE = WPA is not used; plaintext or static WEP could be used
    # If not set, this defaults to: WPA-PSK WPA-EAP
    #
    # auth_alg: list of allowed IEEE 802.11 authentication algorithms
    # OPEN = Open System authentication (required for WPA/WPA2)
    # SHARED = Shared Key authentication (requires static WEP keys)
    # LEAP = LEAP/Network EAP (only used with LEAP)
    # If not set, automatic selection is used (Open System with LEAP enabled if
    # LEAP is allowed as one of the EAP methods).
    #
    # pairwise: list of accepted pairwise (unicast) ciphers for WPA
    # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
    # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
    # NONE = Use only Group Keys (deprecated, should not be included if APs support
    # pairwise keys)
    # If not set, this defaults to: CCMP TKIP
    #
    # group: list of accepted group (broadcast/multicast) ciphers for WPA
    # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
    # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
    # WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
    # WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
    # If not set, this defaults to: CCMP TKIP WEP104 WEP40
    #
    # psk: WPA preshared key; 256-bit pre-shared key
    # The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
    # 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
    # generated using the passphrase and SSID). ASCII passphrase must be between
    # 8 and 63 characters (inclusive).
    # This field is not needed, if WPA-EAP is used.
    # Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
    # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
    # startup and reconfiguration time can be optimized by generating the PSK only
    # only when the passphrase or SSID has actually changed.
    #
    # eapol_flags: IEEE 802.1X/EAPOL options (bit field)
    # Dynamic WEP key required for non-WPA mode
    # bit0 (1): require dynamically generated unicast WEP key
    # bit1 (2): require dynamically generated broadcast WEP key
    # (3 = require both keys; default)
    # Note: When using wired authentication, eapol_flags must be set to 0 for the
    # authentication to be completed successfully.
    #
    # proactive_key_caching:
    # Enable/disable opportunistic PMKSA caching for WPA2.
    # 0 = disabled (default)
    # 1 = enabled
    #
    # Following fields are only used with internal EAP implementation.
    # eap: space-separated list of accepted EAP methods
    # MD5 = EAP-MD5 (unsecure and does not generate keying material ->
    # cannot be used with WPA; to be used as a Phase 2 method
    # with EAP-PEAP or EAP-TTLS)
    # MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
    # as a Phase 2 method with EAP-PEAP or EAP-TTLS)
    # OTP = EAP-OTP (cannot be used separately with WPA; to be used
    # as a Phase 2 method with EAP-PEAP or EAP-TTLS)
    # GTC = EAP-GTC (cannot be used separately with WPA; to be used
    # as a Phase 2 method with EAP-PEAP or EAP-TTLS)
    # TLS = EAP-TLS (client and server certificate)
    # PEAP = EAP-PEAP (with tunnelled EAP authentication)
    # TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
    # authentication)
    # If not set, all compiled in methods are allowed.
    #
    # identity: Identity string for EAP
    # anonymous_identity: Anonymous identity string for EAP (to be used as the
    # unencrypted identity with EAP types that support different tunnelled
    # identity, e.g., EAP-TTLS)
    # password: Password string for EAP
    # ca_cert: File path to CA certificate file (PEM/DER). This file can have one
    # or more trusted CA certificates. If ca_cert is not included, server
    # certificate will not be verified. This is insecure and the CA file
    # should always be configured when using EAP-TLS/TTLS/PEAP.
    # client_cert: File path to client certificate file (PEM/DER)
    # private_key: File path to client private key file (PEM/DER/PFX)
    # When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
    # commented out. Both the private key and certificate will be read from
    # the PKCS#12 file in this case.
    # Windows certificate store can be used by leaving client_cert out and
    # configuring private_key in one of the following formats:
    # cert://substring_to_match
    # hash://certificate_thumbprint_in_hex
    # for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
    # private_key_passwd: Password for private key file (if left out, this will be
    # asked through control interface)
    # dh_file: File path to DH/DSA parameters file (in PEM format)
    # This is an optional configuration file for setting parameters for an
    # ephemeral DH key exchange. In most cases, the default RSA
    # authentication does not use this configuration. However, it is possible
    # setup RSA to use ephemeral DH key exchange. In addition, ciphers with
    # DSA keys always use ephemeral DH keys. This can be used to achieve
    # forward secrecy. If the file is in DSA parameters format, it will be
    # automatically converted into DH params.
    # subject_match: Substring to be matched against the subject of the
    # authentication server certificate. If this string is set, the server
    # sertificate is only accepted if it contains this string in the subject.
    # The subject string is in following format:
    # /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
    # altsubject_match: Substring to be matched against the alternative subject
    # name of the authentication server certificate. If this string is set,
    # the server sertificate is only accepted if it contains this string in
    # an alternative subject name extension.
    # altSubjectName string is in following format: TYPE:VALUE
    # Example: DNS:server.example.com
    # Following types are supported: EMAIL, DNS, URI
    # phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
    # (string with field-value pairs, e.g., "peapver=0" or
    # "peapver=1 peaplabel=1")
    # 'peapver' can be used to force which PEAP version (0 or 1) is used.
    # 'peaplabel=1' can be used to force new label, "client PEAP encryption",
    # to be used during key derivation when PEAPv1 or newer. Most existing
    # PEAPv1 implementation seem to be using the old label, "client EAP
    # encryption", and wpa_supplicant is now using that as the default value.
    # Some servers, e.g., Radiator, may require peaplabel=1 configuration to
    # interoperate with PEAPv1; see eap_testing.txt for more details.
    # 'peap_outer_success=0' can be used to terminate PEAP authentication on
    # tunneled EAP-Success. This is required with some RADIUS servers that
    # implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
    # Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
    # include_tls_length=1 can be used to force wpa_supplicant to include
    # TLS Message Length field in all TLS messages even if they are not
    # fragmented.
    # sim_min_num_chal=3 can be used to configure EAP-SIM to require three
    # challenges (by default, it accepts 2 or 3)
    # phase2: Phase2 (inner authentication with TLS tunnel) parameters
    # (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
    # "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
    # Following certificate/private key fields are used in inner Phase2
    # authentication when using EAP-TTLS or EAP-PEAP.
    # ca_cert2: File path to CA certificate file. This file can have one or more
    # trusted CA certificates. If ca_cert2 is not included, server
    # certificate will not be verified. This is insecure and the CA file
    # should always be configured.
    # client_cert2: File path to client certificate file
    # private_key2: File path to client private key file
    # private_key2_passwd: Password for private key file
    # dh_file2: File path to DH/DSA parameters file (in PEM format)
    # subject_match2: Substring to be matched against the subject of the
    # authentication server certificate.
    # altsubject_match2: Substring to be matched against the alternative subject
    # name of the authentication server certificate.
    #
    # EAP-PSK variables:
    # eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
    # nai: user NAI
    #
    # EAP-FAST variables:
    # pac_file: File path for the PAC entries. wpa_supplicant will need to be able
    # to create this file and write updates to it when PAC is being
    # provisioned or refreshed.
    # phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
    # credentials (PAC)
    #
    # wpa_supplicant supports number of "EAP workarounds" to work around
    # interoperability issues with incorrectly behaving authentication servers.
    # These are enabled by default because some of the issues are present in large
    # number of authentication servers. Strict EAP conformance mode can be
    # configured by disabling workarounds with eap_workaround=0.

    # Example blocks:

    # Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
    network={
    ssid="simple"
    psk="very secret passphrase"
    priority=5
    }

    # Same as previous, but request SSID-specific scanning (for APs that reject
    # broadcast SSID)
    network={
    ssid="second ssid"
    scan_ssid=1
    psk="very secret passphrase"
    priority=2
    }

    # Only WPA-PSK is used. Any valid cipher combination is accepted.
    network={
    ssid="example"
    proto=WPA
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP WEP104 WEP40
    psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee9 2382eb0106c72ac7bb
    priority=2
    }

    # Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
    # or WEP40 as the group cipher will not be accepted.
    network={
    ssid="example"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP TKIP
    group=CCMP TKIP
    eap=TLS
    identity="user@example.com"
    ca_cert="/etc/cert/ca.pem"
    client_cert="/etc/cert/user.pem"
    private_key="/etc/cert/user.prv"
    private_key_passwd="password"
    priority=1
    }

    # EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
    # (e.g., Radiator)
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=PEAP
    identity="user@example.com"
    password="foobar"
    ca_cert="/etc/cert/ca.pem"
    phase1="peaplabel=1"
    phase2="auth=MSCHAPV2"
    priority=10
    }

    # EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
    # unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="user@example.com"
    anonymous_identity="anonymous@example.com"
    password="foobar"
    ca_cert="/etc/cert/ca.pem"
    priority=2
    }

    # EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
    # use. Real identity is sent only within an encrypted TLS tunnel.
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="user@example.com"
    anonymous_identity="anonymous@example.com"
    password="foobar"
    ca_cert="/etc/cert/ca.pem"
    phase2="auth=MSCHAPV2"
    }

    # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
    # authentication.
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TTLS
    # Phase1 / outer authentication
    anonymous_identity="anonymous@example.com"
    ca_cert="/etc/cert/ca.pem"
    # Phase 2 / inner authentication
    phase2="autheap=TLS"
    ca_cert2="/etc/cert/ca2.pem"
    client_cert2="/etc/cer/user.pem"
    private_key2="/etc/cer/user.prv"
    private_key2_passwd="password"
    priority=2
    }

    # Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
    # group cipher.
    network={
    ssid="example"
    bssid=00:11:22:33:44:55
    proto=WPA RSN
    key_mgmt=WPA-PSK WPA-EAP
    pairwise=CCMP
    group=CCMP
    psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee9 2382eb0106c72ac7bb
    }

    # Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
    # and all valid ciphers.
    network={
    ssid=00010203
    psk=000102030405060708090a0b0c0d0e0f10111213141516 1718191a1b1c1d1e1f
    }


    # EAP-SIM with a GSM SIM or USIM
    network={
    ssid="eap-sim-test"
    key_mgmt=WPA-EAP
    eap=SIM
    pin="1234"
    pcsc=""
    }


    # EAP-PSK
    network={
    ssid="eap-psk-test"
    key_mgmt=WPA-EAP
    eap=PSK
    identity="eap_psk_user"
    eappsk=06b4be19da289f475aa46a33cb793029
    nai="eap_psk_user@example.com"
    }


    # IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
    # EAP-TLS for authentication and key generation; require both unicast and
    # broadcast WEP keys.
    network={
    ssid="1x-test"
    key_mgmt=IEEE8021X
    eap=TLS
    identity="user@example.com"
    ca_cert="/etc/cert/ca.pem"
    client_cert="/etc/cert/user.pem"
    private_key="/etc/cert/user.prv"
    private_key_passwd="password"
    eapol_flags=3
    }


    # LEAP with dynamic WEP keys
    network={
    ssid="leap-example"
    key_mgmt=IEEE8021X
    eap=LEAP
    identity="user"
    password="foobar"
    }

    # EAP-FAST with WPA (WPA or WPA2)
    network={
    ssid="eap-fast-test"
    key_mgmt=WPA-EAP
    eap=FAST
    anonymous_identity="FAST-000102030405"
    identity="username"
    password="password"
    phase1="fast_provisioning=1"
    pac_file="/etc/wpa_supplicant.eap-fast-pac"
    }

    # Plaintext connection (no WPA, no IEEE 802.1X)
    network={
    ssid="plaintext-test"
    key_mgmt=NONE
    }


    # Shared WEP key connection (no WPA, no IEEE 802.1X)
    network={
    ssid="static-wep-test"
    key_mgmt=NONE
    wep_key0="abcde"
    wep_key1=0102030405
    wep_key2="1234567890123"
    wep_tx_keyidx=0
    priority=5
    }


    # Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
    # IEEE 802.11 authentication
    network={
    ssid="static-wep-test2"
    key_mgmt=NONE
    wep_key0="abcde"
    wep_key1=0102030405
    wep_key2="1234567890123"
    wep_tx_keyidx=0
    priority=5
    auth_alg=SHARED
    }


    # IBSS/ad-hoc network with WPA-None/TKIP.
    network={
    ssid="test adhoc"
    mode=1
    proto=WPA
    key_mgmt=WPA-NONE
    pairwise=NONE
    group=TKIP
    psk="secret passphrase"
    }


    # Catch all example that allows more or less all configuration modes
    network={
    ssid="example"
    scan_ssid=1
    key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
    pairwise=CCMP TKIP
    group=CCMP TKIP WEP104 WEP40
    psk="very secret passphrase"
    eap=TTLS PEAP TLS
    identity="user@example.com"
    password="foobar"
    ca_cert="/etc/cert/ca.pem"
    client_cert="/etc/cert/user.pem"
    private_key="/etc/cert/user.prv"
    private_key_passwd="password"
    phase1="peaplabel=0"
    }

    # Example of EAP-TLS with smartcard (openssl engine)
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TLS
    proto=RSN
    pairwise=CCMP TKIP
    group=CCMP TKIP
    identity="user@example.com"
    ca_cert="/etc/cert/ca.pem"
    client_cert="/etc/cert/user.pem"

    engine=1

    # The engine configured here must be available. Look at
    # OpenSSL engine support in the global section.
    # The key available through the engine must be the private key
    # matching the client certificate configured above.

    # use the opensc engine
    #engine_id="opensc"
    #key_id="45"

    # use the pkcs11 engine
    engine_id="pkcs11"
    key_id="id_45"

    # Optional PIN configuration; this can be left out and PIN will be
    # asked through the control interface
    pin="1234"
    }
    network={
    ssid="Network"
    scan_ssid=1
    proto=WPA
    key_mgmt=WPA-PSK
    psk=0dc7ca9fe55776e6bda6b655c9ae04c3e3dba0718f08e3 a9c2d2f6d53c252830
    }

    ctrl_interface=/var/run/wpa_supplicant

    network={
    ssid="acorn"
    scan_ssid=1
    proto=WPA
    key_mgmt=WPA-PSK
    pairwise=TKIP
    psk="24334B4A44412423486A736B61"
    }

    I also tried without the "pairwise=TKIP" without success.

    Can someone help me what am I doing worng.

    Thanks in advance.
    Last edited by bennettg; January 14th, 2006 at 06:41 PM.

  6. #506
    Join Date
    Feb 2005
    Beans
    46

    Re: HOWTO: ipw2200 + wpa

    Bennettg,

    One more thing I had to do, but forgot to mention in my addition to the HOW-TO, was to edit the wpa_supplicant.conf and comment out the "ctrl_interface" and ctrl_interface_group" entries.

    Code:
    #ctrl_interface=/var/run/wpa_supplicant
    #ctrl_interface_group=sudo
    
    eapol_version=1
    ap_scan=1
    fast_reauth=1
    
    network={
     ssid="mynetworkname"
     scan_ssid=1
     proto=WPA
     key_mgmt=WPA-PSK
     psk="my26charpassphrase"
    }
    
    network={
     ssid="mynetworkname"
     scan_ssid=1
     proto=WPA
     key_mgmt=WPA-PSK
     psk="my26charpassphrase"
    }
    This is my wpa_supplicant.conf. Notice the 2 top lines are remarked out. I had to do this in order for wpa_supplicant to read the file. I was getting the same error you're seeing and this solved that problem.

    Hope this helps,
    Rick Knight

  7. #507
    Join Date
    Feb 2005
    Beans
    122

    Re: HOWTO: ipw2200 + wpa

    Part 1 of 2 for the post:

    Rich,

    Thanks. I commented out what lines I thought you were referring to, but my file didnt look exactley like yours. Did you post the entrire wpa_supplicant.conf or just a portion of it? Here is mine now after commenting the 3 lines:

    ##### Example wpa_supplicant configuration file ###############################
    # Empty lines and lines starting with # are ignored

    # NOTE! This file may contain password information and should probably be made
    # readable only by root user on multiuser systems.

    # Whether to allow wpa_supplicant to update (overwrite) configuration
    #
    # This option can be used to allow wpa_supplicant to overwrite configuration
    # file whenever configuration is changed (e.g., new network block is added with
    # wpa_cli or wpa_gui, or a password is changed). This is required for
    # wpa_cli/wpa_gui to be able to store the configuration changes permanently.
    # Please note that overwriting configuration file will remove the comments from
    # it.
    #update_config=1

    # global configuration (shared by all network blocks)
    #
    # Interface for separate control program. If this is specified, wpa_supplicant
    # will create this directory and a UNIX domain socket for listening to requests
    # from external programs (CLI/GUI, etc.) for status information and
    # configuration. The socket file will be named based on the interface name, so
    # multiple wpa_supplicant processes can be run at the same time if more than
    # one interface is used.
    # /var/run/wpa_supplicant is the recommended directory for sockets and by
    # default, wpa_cli will use it when trying to connect with wpa_supplicant.
    # ctrl_interface=/var/run/wpa_supplicant

    # Access control for the control interface can be configured by setting the
    # directory to allow only members of a group to use sockets. This way, it is
    # possible to run wpa_supplicant as root (since it needs to change network
    # configuration and open raw sockets) and still allow GUI/CLI components to be
    # run as non-root users. However, since the control interface can be used to
    # change the network configuration, this access needs to be protected in many
    # cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
    # want to allow non-root users to use the control interface, add a new group
    # and change this value to match with that group. Add users that should have
    # control interface access to this group. If this variable is commented out or
    # not included in the configuration file, group will not be changed from the
    # value it got by default when the directory or socket was created.
    #
    # This variable can be a group name or gid.
    #ctrl_interface_group=wheel
    #ctrl_interface_group=0


    # IEEE 802.1X/EAPOL version
    # wpa_supplicant was implemented based on IEEE 802-1X-REV-d8 which defines
    # EAPOL version 2. However, there are many APs that do not handle the new
    # version number correctly (they seem to drop the frames completely). In order
    # to make wpa_supplicant interoperate with these APs, the version number is set
    # to 1 by default. This configuration value can be used to set it to the new
    # version (2).
    eapol_version=1

    # AP scanning/selection
    # By default, wpa_supplicant requests driver to perform AP scanning and then
    # uses the scan results to select a suitable AP. Another alternative is to
    # allow the driver to take care of AP scanning and selection and use
    # wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
    # information from the driver.
    # 1: wpa_supplicant initiates scanning and AP selection
    # 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
    # parameters (e.g., WPA IE generation); this mode can also be used with
    # non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
    # APs (i.e., external program needs to control association). This mode must
    # also be used when using wired Ethernet drivers.
    # 2: like 0, but associate with APs using security policy and SSID (but not
    # BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
    # enable operation with hidden SSIDs and optimized roaming; in this mode,
    # the network blocks in the configuration file are tried one by one until
    # the driver reports successful association; each network block should have
    # explicit security policy (i.e., only one option in the lists) for
    # key_mgmt, pairwise, group, proto variables
    ap_scan=1

    # EAP fast re-authentication
    # By default, fast re-authentication is enabled for all EAP methods that
    # support it. This variable can be used to disable fast re-authentication.
    # Normally, there is no need to disable this.
    fast_reauth=1

    # OpenSSL Engine support
    # These options can be used to load OpenSSL engines.
    # The two engines that are supported currently are shown below:
    # They are both from the opensc project (http://www.opensc.org/)
    # By default no engines are loaded.
    # make the opensc engine available
    opensc_engine_path=/usr/lib/opensc/engine_opensc.so
    # make the pkcs11 engine available
    pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
    # configure the path to the pkcs11 module required by the pkcs11 engine
    pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so

    # Driver interface parameters
    # This field can be used to configure arbitrary driver interace parameters. The
    # format is specific to the selected driver interface. This field is not used
    # in most cases.
    #driver_param="field=value"

    # Maximum lifetime for PMKSA in seconds; default 43200
    #dot11RSNAConfigPMKLifetime=43200
    # Threshold for reauthentication (percentage of PMK lifetime); default 70
    #dot11RSNAConfigPMKReauthThreshold=70
    # Timeout for security association negotiation in seconds; default 60
    #dot11RSNAConfigSATimeout=60

    # network block
    #
    # Each network (usually AP's sharing the same SSID) is configured as a separate
    # block in this configuration file. The network blocks are in preference order
    # (the first match is used).
    #
    # network block fields:
    #
    # disabled:
    # 0 = this network can be used (default)
    # 1 = this network block is disabled (can be enabled through ctrl_iface,
    # e.g., with wpa_cli or wpa_gui)
    #
    # ssid: SSID (mandatory); either as an ASCII string with double quotation or
    # as hex string; network name
    #
    # scan_ssid:
    # 0 = do not scan this SSID with specific Probe Request frames (default)
    # 1 = scan with SSID-specific Probe Request frames (this can be used to
    # find APs that do not accept broadcast SSID or use multiple SSIDs;
    # this will add latency to scanning, so enable this only when needed)
    #
    # bssid: BSSID (optional); if set, this network block is used only when
    # associating with the AP using the configured BSSID
    #
    # priority: priority group (integer)
    # By default, all networks will get same priority group (0). If some of the
    # networks are more desirable, this field can be used to change the order in
    # which wpa_supplicant goes through the networks when selecting a BSS. The
    # priority groups will be iterated in decreasing priority (i.e., the larger the
    # priority value, the sooner the network is matched against the scan results).
    # Within each priority group, networks will be selected based on security
    # policy, signal strength, etc.
    # Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
    # using this priority to select the order for scanning. Instead, they try the
    # networks in the order that used in the configuration file.
    #
    # mode: IEEE 802.11 operation mode
    # 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
    # 1 = IBSS (ad-hoc, peer-to-peer)
    # Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
    # and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
    # to be set to 2 for IBSS. WPA-None requires following network block options:
    # proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
    # both), and psk must also be set.
    #
    # proto: list of accepted protocols
    # WPA = WPA/IEEE 802.11i/D3.0
    # RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
    # If not set, this defaults to: WPA RSN
    #
    # key_mgmt: list of accepted authenticated key management protocols
    # WPA-PSK = WPA pre-shared key (this requires 'psk' field)
    # WPA-EAP = WPA using EAP authentication (this can use an external
    # program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
    # IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
    # generated WEP keys
    # NONE = WPA is not used; plaintext or static WEP could be used
    # If not set, this defaults to: WPA-PSK WPA-EAP
    #
    # auth_alg: list of allowed IEEE 802.11 authentication algorithms
    # OPEN = Open System authentication (required for WPA/WPA2)
    # SHARED = Shared Key authentication (requires static WEP keys)
    # LEAP = LEAP/Network EAP (only used with LEAP)
    # If not set, automatic selection is used (Open System with LEAP enabled if
    # LEAP is allowed as one of the EAP methods).
    #
    # pairwise: list of accepted pairwise (unicast) ciphers for WPA
    # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
    # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
    # NONE = Use only Group Keys (deprecated, should not be included if APs support
    # pairwise keys)
    # If not set, this defaults to: CCMP TKIP
    #
    # group: list of accepted group (broadcast/multicast) ciphers for WPA
    # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
    # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
    # WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
    # WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
    # If not set, this defaults to: CCMP TKIP WEP104 WEP40
    #
    # psk: WPA preshared key; 256-bit pre-shared key
    # The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
    # 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
    # generated using the passphrase and SSID). ASCII passphrase must be between
    # 8 and 63 characters (inclusive).
    # This field is not needed, if WPA-EAP is used.
    # Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
    # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
    # startup and reconfiguration time can be optimized by generating the PSK only
    # only when the passphrase or SSID has actually changed.
    #
    # eapol_flags: IEEE 802.1X/EAPOL options (bit field)
    # Dynamic WEP key required for non-WPA mode
    # bit0 (1): require dynamically generated unicast WEP key
    # bit1 (2): require dynamically generated broadcast WEP key
    # (3 = require both keys; default)
    # Note: When using wired authentication, eapol_flags must be set to 0 for the
    # authentication to be completed successfully.
    #
    # proactive_key_caching:
    # Enable/disable opportunistic PMKSA caching for WPA2.
    # 0 = disabled (default)
    # 1 = enabled
    #
    # Following fields are only used with internal EAP implementation.
    # eap: space-separated list of accepted EAP methods
    # MD5 = EAP-MD5 (unsecure and does not generate keying material ->
    # cannot be used with WPA; to be used as a Phase 2 method
    # with EAP-PEAP or EAP-TTLS)
    # MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
    # as a Phase 2 method with EAP-PEAP or EAP-TTLS)
    # OTP = EAP-OTP (cannot be used separately with WPA; to be used
    # as a Phase 2 method with EAP-PEAP or EAP-TTLS)
    # GTC = EAP-GTC (cannot be used separately with WPA; to be used
    # as a Phase 2 method with EAP-PEAP or EAP-TTLS)
    # TLS = EAP-TLS (client and server certificate)
    # PEAP = EAP-PEAP (with tunnelled EAP authentication)
    # TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
    # authentication)
    # If not set, all compiled in methods are allowed.
    #
    # identity: Identity string for EAP
    # anonymous_identity: Anonymous identity string for EAP (to be used as the
    # unencrypted identity with EAP types that support different tunnelled
    # identity, e.g., EAP-TTLS)
    # password: Password string for EAP
    # ca_cert: File path to CA certificate file (PEM/DER). This file can have one
    # or more trusted CA certificates. If ca_cert is not included, server
    # certificate will not be verified. This is insecure and the CA file
    # should always be configured when using EAP-TLS/TTLS/PEAP.
    # client_cert: File path to client certificate file (PEM/DER)
    # private_key: File path to client private key file (PEM/DER/PFX)
    # When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
    # commented out. Both the private key and certificate will be read from
    # the PKCS#12 file in this case.
    # Windows certificate store can be used by leaving client_cert out and
    # configuring private_key in one of the following formats:
    # cert://substring_to_match
    # hash://certificate_thumbprint_in_hex
    # for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
    # private_key_passwd: Password for private key file (if left out, this will be
    # asked through control interface)
    # dh_file: File path to DH/DSA parameters file (in PEM format)
    # This is an optional configuration file for setting parameters for an
    # ephemeral DH key exchange. In most cases, the default RSA
    # authentication does not use this configuration. However, it is possible
    # setup RSA to use ephemeral DH key exchange. In addition, ciphers with
    # DSA keys always use ephemeral DH keys. This can be used to achieve
    # forward secrecy. If the file is in DSA parameters format, it will be
    # automatically converted into DH params.
    # subject_match: Substring to be matched against the subject of the
    # authentication server certificate. If this string is set, the server
    # sertificate is only accepted if it contains this string in the subject.
    # The subject string is in following format:
    # /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
    # altsubject_match: Substring to be matched against the alternative subject
    # name of the authentication server certificate. If this string is set,
    # the server sertificate is only accepted if it contains this string in
    # an alternative subject name extension.
    # altSubjectName string is in following format: TYPE:VALUE
    # Example: DNS:server.example.com
    # Following types are supported: EMAIL, DNS, URI
    # phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
    # (string with field-value pairs, e.g., "peapver=0" or
    # "peapver=1 peaplabel=1")
    # 'peapver' can be used to force which PEAP version (0 or 1) is used.
    # 'peaplabel=1' can be used to force new label, "client PEAP encryption",
    # to be used during key derivation when PEAPv1 or newer. Most existing
    # PEAPv1 implementation seem to be using the old label, "client EAP
    # encryption", and wpa_supplicant is now using that as the default value.
    # Some servers, e.g., Radiator, may require peaplabel=1 configuration to
    # interoperate with PEAPv1; see eap_testing.txt for more details.
    # 'peap_outer_success=0' can be used to terminate PEAP authentication on
    # tunneled EAP-Success. This is required with some RADIUS servers that
    # implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
    # Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
    # include_tls_length=1 can be used to force wpa_supplicant to include
    # TLS Message Length field in all TLS messages even if they are not
    # fragmented.
    # sim_min_num_chal=3 can be used to configure EAP-SIM to require three
    # challenges (by default, it accepts 2 or 3)
    # phase2: Phase2 (inner authentication with TLS tunnel) parameters
    # (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
    # "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
    # Following certificate/private key fields are used in inner Phase2
    # authentication when using EAP-TTLS or EAP-PEAP.
    # ca_cert2: File path to CA certificate file. This file can have one or more
    # trusted CA certificates. If ca_cert2 is not included, server
    # certificate will not be verified. This is insecure and the CA file
    # should always be configured.
    # client_cert2: File path to client certificate file
    # private_key2: File path to client private key file
    # private_key2_passwd: Password for private key file
    # dh_file2: File path to DH/DSA parameters file (in PEM format)
    # subject_match2: Substring to be matched against the subject of the
    # authentication server certificate.
    # altsubject_match2: Substring to be matched against the alternative subject
    # name of the authentication server certificate.
    #
    # EAP-PSK variables:
    # eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
    # nai: user NAI
    #
    # EAP-FAST variables:
    # pac_file: File path for the PAC entries. wpa_supplicant will need to be able
    # to create this file and write updates to it when PAC is being
    # provisioned or refreshed.
    # phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
    # credentials (PAC)
    #
    # wpa_supplicant supports number of "EAP workarounds" to work around
    # interoperability issues with incorrectly behaving authentication servers.
    # These are enabled by default because some of the issues are present in large
    # number of authentication servers. Strict EAP conformance mode can be
    # configured by disabling workarounds with eap_workaround=0.

    # Example blocks:

    # Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
    network={
    ssid="simple"
    psk="very secret passphrase"
    priority=5
    }

    # Same as previous, but request SSID-specific scanning (for APs that reject
    # broadcast SSID)
    network={
    ssid="second ssid"
    scan_ssid=1
    psk="very secret passphrase"
    priority=2
    }

    # Only WPA-PSK is used. Any valid cipher combination is accepted.
    network={
    ssid="example"
    proto=WPA
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP WEP104 WEP40
    psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee9 2382eb0106c72ac7bb
    priority=2
    }

    # Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
    # or WEP40 as the group cipher will not be accepted.
    network={
    ssid="example"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP TKIP
    group=CCMP TKIP
    eap=TLS
    identity="user@example.com"
    ca_cert="/etc/cert/ca.pem"
    client_cert="/etc/cert/user.pem"
    private_key="/etc/cert/user.prv"
    private_key_passwd="password"
    priority=1
    }

    # EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
    # (e.g., Radiator)
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=PEAP
    identity="user@example.com"
    password="foobar"
    ca_cert="/etc/cert/ca.pem"
    phase1="peaplabel=1"
    phase2="auth=MSCHAPV2"
    priority=10
    }

    # EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
    # unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="user@example.com"
    anonymous_identity="anonymous@example.com"
    password="foobar"
    ca_cert="/etc/cert/ca.pem"
    priority=2
    }

    # EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
    # use. Real identity is sent only within an encrypted TLS tunnel.
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="user@example.com"
    anonymous_identity="anonymous@example.com"
    password="foobar"
    ca_cert="/etc/cert/ca.pem"
    phase2="auth=MSCHAPV2"
    }

    # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
    # authentication.
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TTLS
    # Phase1 / outer authentication
    anonymous_identity="anonymous@example.com"
    ca_cert="/etc/cert/ca.pem"
    # Phase 2 / inner authentication
    phase2="autheap=TLS"
    ca_cert2="/etc/cert/ca2.pem"
    client_cert2="/etc/cer/user.pem"
    private_key2="/etc/cer/user.prv"
    private_key2_passwd="password"
    priority=2
    }

    # Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
    # group cipher.
    network={
    ssid="example"
    bssid=00:11:22:33:44:55
    proto=WPA RSN
    key_mgmt=WPA-PSK WPA-EAP
    pairwise=CCMP
    group=CCMP
    psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee9 2382eb0106c72ac7bb
    }

    # Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
    # and all valid ciphers.
    network={
    ssid=00010203
    psk=000102030405060708090a0b0c0d0e0f10111213141516 1718191a1b1c1d1e1f
    }


    # EAP-SIM with a GSM SIM or USIM
    network={
    ssid="eap-sim-test"
    key_mgmt=WPA-EAP
    eap=SIM
    pin="1234"
    pcsc=""
    }


    # EAP-PSK
    network={
    ssid="eap-psk-test"
    key_mgmt=WPA-EAP
    eap=PSK
    identity="eap_psk_user"
    eappsk=06b4be19da289f475aa46a33cb793029
    nai="eap_psk_user@example.com"
    }


    # IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
    # EAP-TLS for authentication and key generation; require both unicast and
    # broadcast WEP keys.
    network={
    ssid="1x-test"
    key_mgmt=IEEE8021X
    eap=TLS
    identity="user@example.com"
    ca_cert="/etc/cert/ca.pem"
    client_cert="/etc/cert/user.pem"
    private_key="/etc/cert/user.prv"
    private_key_passwd="password"
    eapol_flags=3
    }


    # LEAP with dynamic WEP keys
    network={
    ssid="leap-example"
    key_mgmt=IEEE8021X
    eap=LEAP
    identity="user"
    password="foobar"
    }

    # EAP-FAST with WPA (WPA or WPA2)
    network={
    ssid="eap-fast-test"
    key_mgmt=WPA-EAP
    eap=FAST
    anonymous_identity="FAST-000102030405"
    identity="username"
    password="password"
    phase1="fast_provisioning=1"
    pac_file="/etc/wpa_supplicant.eap-fast-pac"
    }

    # Plaintext connection (no WPA, no IEEE 802.1X)
    network={
    ssid="plaintext-test"
    key_mgmt=NONE
    }


    # Shared WEP key connection (no WPA, no IEEE 802.1X)
    network={
    ssid="static-wep-test"
    key_mgmt=NONE
    wep_key0="abcde"
    wep_key1=0102030405
    wep_key2="1234567890123"
    wep_tx_keyidx=0
    priority=5
    }


    # Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
    # IEEE 802.11 authentication
    network={
    ssid="static-wep-test2"
    key_mgmt=NONE
    wep_key0="abcde"
    wep_key1=0102030405
    wep_key2="1234567890123"
    wep_tx_keyidx=0
    priority=5
    auth_alg=SHARED
    }


    # IBSS/ad-hoc network with WPA-None/TKIP.
    network={
    ssid="test adhoc"
    mode=1
    proto=WPA
    key_mgmt=WPA-NONE
    pairwise=NONE
    group=TKIP
    psk="secret passphrase"
    }


    # Catch all example that allows more or less all configuration modes
    network={
    ssid="example"
    scan_ssid=1
    key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
    pairwise=CCMP TKIP
    group=CCMP TKIP WEP104 WEP40
    psk="very secret passphrase"
    eap=TTLS PEAP TLS
    identity="user@example.com"
    password="foobar"
    ca_cert="/etc/cert/ca.pem"
    client_cert="/etc/cert/user.pem"
    private_key="/etc/cert/user.prv"
    private_key_passwd="password"
    phase1="peaplabel=0"
    }

    # Example of EAP-TLS with smartcard (openssl engine)
    network={
    ssid="example"
    key_mgmt=WPA-EAP
    eap=TLS
    proto=RSN
    pairwise=CCMP TKIP
    group=CCMP TKIP
    identity="user@example.com"
    ca_cert="/etc/cert/ca.pem"
    client_cert="/etc/cert/user.pem"

    engine=1

    # The engine configured here must be available. Look at
    # OpenSSL engine support in the global section.
    # The key available through the engine must be the private key
    # matching the client certificate configured above.

    # use the opensc engine
    #engine_id="opensc"
    #key_id="45"

    # use the pkcs11 engine
    engine_id="pkcs11"
    key_id="id_45"

    # Optional PIN configuration; this can be left out and PIN will be
    # asked through the control interface
    pin="1234"
    }
    network={
    ssid="Network"
    scan_ssid=1
    proto=WPA
    key_mgmt=WPA-PSK
    psk=0dc7ca9fe55776e6bda6b655c9ae04c3e3dba0718f08e3 a9c2d2f6d53c252830
    }

    #ctrl_interface=/var/run/wpa_supplicant


    network={
    ssid="acorn"
    scan_ssid=1
    proto=WPA
    key_mgmt=WPA-PSK
    pairwise=TKIP
    psk="24334B4A44412423486A736B61"
    }

    In the file above, I underlined and increased the font size to show you were I made the changes you suggested.

    After changing the /etc/wpa.supplicant.conf file, here is the outpur I got from the terminal:

    See post 2 of 2 below

  8. #508
    Join Date
    Feb 2005
    Beans
    122

    Re: HOWTO: ipw2200 + wpa

    post 2 of 2 from above:



    [4294702.071000] ipw2100: Intel(R) PRO/Wireless 2100 Network Driver, 1.1.2
    [4294702.071000] ipw2100: Copyright(c) 2003-2005 Intel Corporation
    [4294702.075000] ipw2100: Detected Intel PRO/Wireless 2100 Network Connection
    bennettg@ubuntu:~$ sudo wpa_supplicant -B -i eth1 -c /etc/wpa_supplicant.conf -D ipw -w -dd
    Initializing interface 'eth1' conf '/etc/wpa_supplicant.conf' driver 'ipw'
    Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
    Reading configuration file '/etc/wpa_supplicant.conf'
    eapol_version=1
    ap_scan=1
    fast_reauth=1
    opensc_engine_path='/usr/lib/opensc/engine_opensc.so'
    pkcs11_engine_path='/usr/lib/opensc/engine_pkcs11.so'
    pkcs11_module_path='/usr/lib/pkcs11/opensc-pkcs11.so'
    Line: 327 - start of a new network block
    ssid - hexdump_ascii(len=6):
    73 69 6d 70 6c 65 simple
    PSK (ASCII passphrase) - hexdump_ascii(len=22): [REMOVED]
    priority=5 (0x5)
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line: 335 - start of a new network block
    ssid - hexdump_ascii(len=11):
    73 65 63 6f 6e 64 20 73 73 69 64 second ssid
    scan_ssid=1 (0x1)
    PSK (ASCII passphrase) - hexdump_ascii(len=22): [REMOVED]
    priority=2 (0x2)
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line: 343 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    proto: 0x1
    key_mgmt: 0x2
    pairwise: 0x18
    group: 0x1e
    PSK - hexdump(len=32): [REMOVED]
    priority=2 (0x2)
    Line: 355 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    proto: 0x2
    key_mgmt: 0x1
    pairwise: 0x18
    group: 0x18
    eap methods - hexdump(len=2): 0d 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    client_cert - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    65 6d em
    private_key - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    72 76 rv
    private_key_passwd - hexdump_ascii(len=8): [REMOVED]
    priority=1 (0x1)
    Line: 372 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 19 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    password - hexdump_ascii(len=6): [REMOVED]
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    phase1 - hexdump_ascii(len=11):
    70 65 61 70 6c 61 62 65 6c 3d 31 peaplabel=1
    phase2 - hexdump_ascii(len=13):
    61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2
    priority=10 (0xa)
    Line: 386 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 15 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    anonymous_identity - hexdump_ascii(len=21):
    61 6e 6f 6e 79 6d 6f 75 73 40 65 78 61 6d 70 6c anonymous@exampl
    65 2e 63 6f 6d e.com
    password - hexdump_ascii(len=6): [REMOVED]
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    priority=2 (0x2)
    Line: 399 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 15 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    anonymous_identity - hexdump_ascii(len=21):
    61 6e 6f 6e 79 6d 6f 75 73 40 65 78 61 6d 70 6c anonymous@exampl
    65 2e 63 6f 6d e.com
    password - hexdump_ascii(len=6): [REMOVED]
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    phase2 - hexdump_ascii(len=13):
    61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2
    Line: 412 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 15 00
    anonymous_identity - hexdump_ascii(len=21):
    61 6e 6f 6e 79 6d 6f 75 73 40 65 78 61 6d 70 6c anonymous@exampl
    65 2e 63 6f 6d e.com
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    phase2 - hexdump_ascii(len=11):
    61 75 74 68 65 61 70 3d 54 4c 53 autheap=TLS
    ca_cert2 - hexdump_ascii(len=17):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 32 2e 70 65 /etc/cert/ca2.pe
    6d m
    client_cert2 - hexdump_ascii(len=17):
    2f 65 74 63 2f 63 65 72 2f 75 73 65 72 2e 70 65 /etc/cer/user.pe
    6d m
    private_key2 - hexdump_ascii(len=17):
    2f 65 74 63 2f 63 65 72 2f 75 73 65 72 2e 70 72 /etc/cer/user.pr
    76 v
    private_key2_passwd - hexdump_ascii(len=8): [REMOVED]
    priority=2 (0x2)
    Line: 430 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    BSSID - hexdump(len=6): 00 11 22 33 44 55
    proto: 0x3
    key_mgmt: 0x3
    pairwise: 0x10
    group: 0x10
    PSK - hexdump(len=32): [REMOVED]
    Line: 442 - start of a new network block
    ssid - hexdump_ascii(len=4):
    00 01 02 03 ____
    PSK - hexdump(len=32): [REMOVED]
    Line: 449 - start of a new network block
    ssid - hexdump_ascii(len=12):
    65 61 70 2d 73 69 6d 2d 74 65 73 74 eap-sim-test
    key_mgmt: 0x1
    Line 452: unknown EAP method 'SIM'
    You may need to add support for this EAP method during wpa_supplicant
    build time configuration.
    See README for more information.
    eap methods - hexdump(len=2): 00 00
    Line 452: failed to parse eap 'SIM'.
    pin - hexdump_ascii(len=4): [REMOVED]
    pcsc - hexdump_ascii(len=0):
    Line 455: failed to parse network block.
    Line: 459 - start of a new network block
    ssid - hexdump_ascii(len=12):
    65 61 70 2d 70 73 6b 2d 74 65 73 74 eap-psk-test
    key_mgmt: 0x1
    eap methods - hexdump(len=2): ff 00
    identity - hexdump_ascii(len=12):
    65 61 70 5f 70 73 6b 5f 75 73 65 72 eap_psk_user
    eappsk - hexdump_ascii(len=16): [REMOVED]
    nai - hexdump_ascii(len=24):
    65 61 70 5f 70 73 6b 5f 75 73 65 72 40 65 78 61 eap_psk_user@exa
    6d 70 6c 65 2e 63 6f 6d mple.com
    Line: 472 - start of a new network block
    ssid - hexdump_ascii(len=7):
    31 78 2d 74 65 73 74 1x-test
    key_mgmt: 0x8
    eap methods - hexdump(len=2): 0d 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    client_cert - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    65 6d em
    private_key - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    72 76 rv
    private_key_passwd - hexdump_ascii(len=8): [REMOVED]
    eapol_flags=3 (0x3)
    Line: 486 - start of a new network block
    ssid - hexdump_ascii(len=12):
    6c 65 61 70 2d 65 78 61 6d 70 6c 65 leap-example
    key_mgmt: 0x8
    eap methods - hexdump(len=2): 11 00
    identity - hexdump_ascii(len=4):
    75 73 65 72 user
    password - hexdump_ascii(len=6): [REMOVED]
    Line: 495 - start of a new network block
    ssid - hexdump_ascii(len=13):
    65 61 70 2d 66 61 73 74 2d 74 65 73 74 eap-fast-test
    key_mgmt: 0x1
    Line 498: unknown EAP method 'FAST'
    You may need to add support for this EAP method during wpa_supplicant
    build time configuration.
    See README for more information.
    eap methods - hexdump(len=2): 00 00
    Line 498: failed to parse eap 'FAST'.
    anonymous_identity - hexdump_ascii(len=17):
    46 41 53 54 2d 30 30 30 31 30 32 30 33 30 34 30 FAST-00010203040
    35 5
    identity - hexdump_ascii(len=8):
    75 73 65 72 6e 61 6d 65 username
    password - hexdump_ascii(len=8): [REMOVED]
    phase1 - hexdump_ascii(len=19):
    66 61 73 74 5f 70 72 6f 76 69 73 69 6f 6e 69 6e fast_provisionin
    67 3d 31 g=1
    pac_file - hexdump_ascii(len=32):
    2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63 /etc/wpa_supplic
    61 6e 74 2e 65 61 70 2d 66 61 73 74 2d 70 61 63 ant.eap-fast-pac
    Line 504: failed to parse network block.
    Line: 507 - start of a new network block
    ssid - hexdump_ascii(len=14):
    70 6c 61 69 6e 74 65 78 74 2d 74 65 73 74 plaintext-test
    key_mgmt: 0x4
    Line: 514 - start of a new network block
    ssid - hexdump_ascii(len=15):
    73 74 61 74 69 63 2d 77 65 70 2d 74 65 73 74 static-wep-test
    key_mgmt: 0x4
    wep_key0 - hexdump(len=5): [REMOVED]
    wep_key1 - hexdump(len=5): [REMOVED]
    wep_key2 - hexdump(len=13): [REMOVED]
    wep_tx_keyidx=0 (0x0)
    priority=5 (0x5)
    Line: 527 - start of a new network block
    ssid - hexdump_ascii(len=16):
    73 74 61 74 69 63 2d 77 65 70 2d 74 65 73 74 32 static-wep-test2
    key_mgmt: 0x4
    wep_key0 - hexdump(len=5): [REMOVED]
    wep_key1 - hexdump(len=5): [REMOVED]
    wep_key2 - hexdump(len=13): [REMOVED]
    wep_tx_keyidx=0 (0x0)
    priority=5 (0x5)
    auth_alg: 0x2
    Line: 540 - start of a new network block
    ssid - hexdump_ascii(len=10):
    74 65 73 74 20 61 64 68 6f 63 test adhoc
    mode=1 (0x1)
    proto: 0x1
    key_mgmt: 0x10
    pairwise: 0x1
    group: 0x8
    PSK (ASCII passphrase) - hexdump_ascii(len=17): [REMOVED]
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line: 552 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    scan_ssid=1 (0x1)
    key_mgmt: 0xf
    pairwise: 0x18
    group: 0x1e
    PSK (ASCII passphrase) - hexdump_ascii(len=22): [REMOVED]
    eap methods - hexdump(len=4): 15 19 0d 00
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    password - hexdump_ascii(len=6): [REMOVED]
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    client_cert - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    65 6d em
    private_key - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    72 76 rv
    private_key_passwd - hexdump_ascii(len=8): [REMOVED]
    phase1 - hexdump_ascii(len=11):
    70 65 61 70 6c 61 62 65 6c 3d 30 peaplabel=0
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line: 570 - start of a new network block
    ssid - hexdump_ascii(len=7):
    65 78 61 6d 70 6c 65 example
    key_mgmt: 0x1
    eap methods - hexdump(len=2): 0d 00
    proto: 0x2
    pairwise: 0x18
    group: 0x18
    identity - hexdump_ascii(len=16):
    75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user@example.com
    ca_cert - hexdump_ascii(len=16):
    2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
    client_cert - hexdump_ascii(len=18):
    2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
    65 6d em
    engine=1 (0x1)
    engine_id - hexdump_ascii(len=6):
    70 6b 63 73 31 31 pkcs11
    key_id - hexdump_ascii(len=5):
    69 64 5f 34 35 id_45
    pin - hexdump_ascii(len=4): [REMOVED]
    Line: 600 - start of a new network block
    ssid - hexdump_ascii(len=7):
    4e 65 74 77 6f 72 6b Network
    scan_ssid=1 (0x1)
    proto: 0x1
    key_mgmt: 0x2
    PSK - hexdump(len=32): [REMOVED]
    Line: 610 - start of a new network block
    ssid - hexdump_ascii(len=5):
    61 63 6f 72 6e acorn
    scan_ssid=1 (0x1)
    proto: 0x1
    key_mgmt: 0x2
    pairwise: 0x8
    PSK (ASCII passphrase) - hexdump_ascii(len=26): [REMOVED]
    PSK (from passphrase) - hexdump(len=32): [REMOVED]
    Line 617: removed CCMP from group cipher list since it was not allowed for pairwise cipher
    Priority group 10
    id=4 ssid='example'
    Priority group 5
    id=0 ssid='simple'
    id=16 ssid='static-wep-test'
    id=17 ssid='static-wep-test2'
    Priority group 2
    id=1 ssid='second ssid'
    id=2 ssid='example'
    id=5 ssid='example'
    id=7 ssid='example'
    Priority group 1
    id=3 ssid='example'
    Priority group 0
    id=6 ssid='example'
    id=8 ssid='example'
    id=9 ssid=''
    id=11 ssid='eap-psk-test'
    id=12 ssid='1x-test'
    id=13 ssid='leap-example'
    id=15 ssid='plaintext-test'
    id=18 ssid='test adhoc'
    id=19 ssid='example'
    id=20 ssid='example'
    id=21 ssid='Network'
    id=22 ssid='acorn'
    Failed to read configuration file '/etc/wpa_supplicant.conf'.
    bennettg@ubuntu:~$

    Any ideas as to what I am still doing wrong? thanks

  9. #509
    Join Date
    Feb 2005
    Beans
    46

    Re: HOWTO: ipw2200 + wpa

    Bennettg,

    You are using sudo to start wpa_supplicant?

    Try this. Move your .conf file out of the way and create a new, empty .conf file using your favorite text editor (I usually use kate)
    Code:
    cd /etc
    sudo mv wpa_supplicant.conf wpa_supplicant.conf.bak
    sduo touch wpa_supplicant.conf
    Now copy/paste the is code into your empty .conf file
    Code:
    eapol_version=1
    ap_scan=1
    fast_reauth=1
    
    network={
     ssid="acorn"
     scan_ssid=1
     proto=WPA
     key_mgmt=WPA-PSK
     psk="24334B4A44412423486A736B61"
    }
    Adjust the .conf for your network but don't add anything.
    Try the wpa_supplicant test.
    Code:
    sudo wpa_supplicant -ietho -c/etc/wpa_supplicnt.conf -Dipw -w
    If this still doesn't work, post just the output of the command. To capture it in a log file, try this
    Code:
    sudo wpa_supplicant -ietho -c/etc/wpa_supplicnt.conf -Dipw -w >& ~/wpa.log
    Then post the wpa.log in your home directory.

    Good Luck,
    Rick Knight

  10. #510
    Join Date
    Feb 2005
    Beans
    122

    Re: HOWTO: ipw2200 + wpa

    Still no luck. here is the output from the terminal command:sudo wpa_supplicant -ietho -c/etc/wpa_supplicnt.conf -Dipw -w


    w
    ioctl[SIOCSIWPMKSA]: No such device
    ioctl[SIOCSIWMODE]: No such device
    Could not configure driver to use managed mode
    ioctl[SIOCGIFFLAGS]: No such device
    Could not set interface 'etho' UP
    ioctl[SIOCGIWRANGE]: No such device
    ioctl[SIOCGIFINDEX]: No such device
    Waiting for interface..
    ioctl[SIOCGIFINDEX]: No such device
    Waiting for interface..
    ioctl[SIOCGIFINDEX]: No such device
    Waiting for interface..
    ioctl[SIOCGIFINDEX]: No such device
    Waiting for interface..
    ioctl[SIOCGIFINDEX]: No such device
    Waiting for interface..
    ioctl[SIOCGIFINDEX]: No such device
    Waiting for interface..
    ioctl[SIOCGIFINDEX]: No such device
    Waiting for interface..
    ioctl[SIOCGIFINDEX]: No such device
    Waiting for interface..
    ioctl[SIOCGIFINDEX]: No such device
    Waiting for interface..



    here is the log you asked me to post from the terminal command sudo wpa_supplicant -ietho -c/etc/wpa_supplicnt.conf -Dipw -w >& ~/wpa.log

    ioctl[SIOCSIWPMKSA]: No such device
    ioctl[SIOCSIWMODE]: No such device
    ioctl[SIOCGIFFLAGS]: No such device
    ioctl[SIOCGIWRANGE]: No such device
    ioctl[SIOCGIFINDEX]: No such device
    ioctl[SIOCGIFINDEX]: No such device
    Last edited by bennettg; January 14th, 2006 at 10:32 PM.

Page 51 of 66 FirstFirst ... 41495051525361 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •