Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
setting up wpa_supplicant.conf
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dufeu
l33t
l33t


Joined: 30 Aug 2002
Posts: 924
Location: US-FL-EST

PostPosted: Sun Apr 14, 2013 7:29 pm    Post subject: setting up wpa_supplicant.conf Reply with quote

I found and have followed the instructions in the Gentoo Org Wiki regarding setting up wpa_supplicant.

Because the current ebuild does not set up:
Code:
/etc/wpa_supplicant/wpa_supplicant.conf
the instructions call for uncompressing the sample conf file and loading that:
Code:
bzcat /usr/share/doc/wpa_supplicant-*/wpa_supplicant.conf.bz2 > /etc/wpa_supplicant/wpa_supplicant.conf

The wiki page is relatively current but perhaps is already dated. If you try to start wpa_supplicant with the sample configuration file:
Code:
/etc/init.d/wpa_supplicant start
you'll get the following messages.
Code:
 * Starting WPA Supplicant Daemon ...
Successfully initialized wpa_supplicant
Line 1000: unknown EAP method 'SIM'
You may need to add support for this EAP method during wpa_supplicant
build time configuration.
See README for more information.
Line 1000: failed to parse eap 'SIM'.
Line 1003: failed to parse network block.
Line 1046: unknown EAP method 'IKEV2'
You may need to add support for this EAP method during wpa_supplicant
build time configuration.
See README for more information.
Line 1046: failed to parse eap 'IKEV2'.
Line 1049: failed to parse network block.
Line 1055: unknown EAP method 'FAST'
You may need to add support for this EAP method during wpa_supplicant
build time configuration.
See README for more information.
Line 1055: failed to parse eap 'FAST'.
Line 1061: failed to parse network block.
Line 1066: unknown EAP method 'FAST'
You may need to add support for this EAP method during wpa_supplicant
build time configuration.
See README for more information.
Line 1066: failed to parse eap 'FAST'.
Line 1072: failed to parse network block.
Failed to read or parse configuration '/etc/wpa_supplicant/wpa_supplicant.conf'.
 * start-stop-daemon: failed to start `/usr/sbin/wpa_supplicant'
 * Failed to start wpa_supplicant                                                                                 [ !! ]
 * ERROR: wpa_supplicant failed to start

Now, I get that these messages are because I used only the default USE flags. However, if I add USE="eap-sim fasteap", it appears that "fasteap" conflicts with both "gnutls" and "ssl". i.e.:
Code:
# echo ">=net-wireless/wpa_supplicant-2.0 eap-sim fasteap" >> /etc/portage/package.use
# emerge -pv wpa_supplicant
 * Last emerge --sync was 74d 21h 53m 20s ago.

These are the packages that would be merged, in order:

Calculating dependencies \

!!! Problem resolving dependencies for net-wireless/wpa_supplicant
... done!

!!! The ebuild selected to satisfy "wpa_supplicant" has unmet requirements.
- net-wireless/wpa_supplicant-2.0::gentoo USE="dbus eap-sim fasteap gnutls (multilib) p2p qt4 readline ssl -ap (-ps3) (-selinux) -wimax -wps"

  The following REQUIRED_USE flag constraints are unsatisfied:
    fasteap? ( !gnutls !ssl )

I have some questions.
  • Does someone have a good example wpa_supplicant.conf file they can post which works with the default USE flags for wpa_supplicant?
  • Could someone give some guidance regarding fasteap versus ssl versus gnutls? I understand for several packages that gnutls and ssl are mutually exclusive. The implication in this case is that fasteap provides it's own encryption module. Is this true?
  • Also, what USE flag might IKEV2 be associated with?

Some guidance on when eap-sim and/or fasteap should be used would be appreciated as well.

Thanks! ;)
_________________
People whom think M$ is mediocre, don't know the half of it.
Back to top
View user's profile Send private message
DONAHUE
Watchman
Watchman


Joined: 09 Dec 2006
Posts: 7651
Location: Goose Creek SC

PostPosted: Sun Apr 14, 2013 9:01 pm    Post subject: Reply with quote

/etc/wpa_supplicant/wpa_supplicant.conf:
Quote:
DIR=/var/run/wpa_supplicant GROUP=wheel
ap_scan=1
update_config=1
then run wpa_gui to configure and save your network
wpa_gui requires USE="qt4" for the emerge of wpa_supplicant and a gui

neither dhcpcd nor wpa_supplicant should be in a run level. put net.{your interface's name} in the default run level for automatic start at boot. use /etc/init.d/net.{your interface's name} start/stop/restart for manual control.
_________________
Defund the FCC.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Apr 15, 2013 9:50 am    Post subject: Re: setting up wpa_supplicant.conf Reply with quote

dufeu wrote:
Code:
bzcat /usr/share/doc/wpa_supplicant-*/wpa_supplicant.conf.bz2 > /etc/wpa_supplicant/wpa_supplicant.conf

dufeu ... thats just a bad idea, and really should be corrected in the wiki. The example conf contains various network blocks for various authentication senarios most of which you'll either never need or won't have the support for with the default useflags.

dufeu wrote:
Now, I get that these messages are because I used only the default USE flags. However, if I add USE="eap-sim fasteap", it appears that "fasteap" conflicts with both "gnutls" and "ssl".

Yes, you can't use both openssl and gnutls with wpa_supplicant, one or other should be selected, and you can't have fasteap with either openssl or gnutls ... they are all mutually exclusive. But the question really is what form of authentication is needed, because unless you need EAP-FAST (unlikely, unless your in some corportate/cisco environment) then there is no reason for enabling EAP-FAST.

dufeu wrote:
Does someone have a good example wpa_supplicant.conf file they can post which works with the default USE flags for wpa_supplicant?

The conf DONAHUE posted is more than adequite, but here is a further example (and please note some of the definitions are unnecessary and are simply there to provide an example of what *might* be defined.)

Code:
ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel
update_config=1
eapol_version=2
filter_ssids=1
ap_scan=1 # (default)

network={
    ssid="APAPAP"
    bssid=A1:74:BB:94:02:B1
    id_str="APAPAP"
    scan_freq=2422
    scan_ssid=0
    proto=RSN
    auth_alg=OPEN
    key_mgmt=WPA-PSK
    group=TKIP
    pairwise=CCMP
    psk=
    priority=90
    disabled=0
}

The above is actually a network stanza I have defined (with some name changes of course), but again most of this is uneeded.

dufeu wrote:
Could someone give some guidance regarding fasteap versus ssl versus gnutls? I understand for several packages that gnutls and ssl are mutually exclusive. The implication in this case is that fasteap provides it's own encryption module. Is this true?

As your asking I can only assume you don't need EAP-FAST, if you did you would probably frame the question like this: "at work/university the cisco network requires me to authenticate with EAP-FAST for 802.11x ..." you see its really a vendor specific authentication.

dufeu wrote:
Also, what USE flag might IKEV2 be associated with?

IKEV2 is used in ipsec and uses 802.11x (as I remember) for authentication ... so it is handled by openswan/racoon or what-have-you, I am not that familiar with it but if wpa_supplicant, or xsupplicant, is used then this may be a config option thats not currently enabled. You should look at the wpa_supplicant sources.

dufeu wrote:
Some guidance on when eap-sim and/or fasteap should be used would be appreciated as well.

If your running gentoo on a GSM phone, or are in an corporate/cisco environment where EAP-FAST is used then you might need these ... otherwise forget about it :)

best ... khay

edit: I just thought, I should change my name to FAST-khayyam its sure to have people thinking ... mmmmm, much better than not-FAST :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum