Linux Tutorial - PDF

Document Sample
Linux Tutorial - PDF Powered By Docstoc
					WPA – EAP-TTLS on Linux | Dean De Beer | 03.10.2006

Introduction

With security becoming more of an issue, especially with the weaknesses in WEP and WPA-PSK, more
and more organizations are implementing 802.1x as part of their security solutions. This is a short guide
on how to configure the wireless supplicant, wpa_supplicant, for linux. It makes certain assumptions
about the network environment but it should not be too difficult to tailor the installation steps to your
own environment. This guide assumes the following environment: WPA/EAP-TTLS using RADIUS.

This document is intended to be a complete set of instructions on how to get, install and use
the Linux WPA/WPA2/IEEE 802.1X Supplicant from:




                                                                   ns
http://hostap.epitest.fi/wpa_supplicant/.
This document assumes previous experience of wireless networking under Linux and
assumes that wireless networking is already configured under Linux.




                                                                tio
“wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both desktop/laptop
computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component
that is used in the client stations. It implements key negotiation with a WPA




                                                       lu
Authenticator and it controls the roaming and IEEE 802.11
authentication/association of the wlan driver.

wpa_supplicant is designed to be a "daemon" program that runs in the
                                         o
background and acts as the backend component controlling the wireless
connection. wpa_supplicant supports separate frontend programs and a text-
                                      )s
based frontend (wpa_cli) and a GUI (wpa_gui) are included with
wpa_supplicant.”
      - description from http://hostap.epitest.fi/wpa_supplicant/
         ay

Due to the various distributions of Linux and the various chipsets in use for wireless cards today, detailed
steps on how to install and configure your Wireless Network Card to work under Linux is beyond the
scope of this document. The wpa_supplicant has support for the following wireless card/drivers:
       (d


        -   Linux drivers that support Linux Wireless Extensions v19 or newer with WPA/WPA2
            extensions
        -   Host AP driver for Prism2/2.5/3 (WPA and WPA2)
        -   Linuxant DriverLoader with Windows NDIS driver supporting WPA/WPA2
     ro




        -   Agere Systems Inc. Linux Driver (Hermes-I/Hermes-II chipset) (WPA, but not WPA2)
        -   madwifi (Atheros ar521x)
        -   ATMEL AT76C5XXx
        -   Linux ndiswrapper
ze




        -   Broadcom wl.o driver
        -   Intel ipw2100
        -   Intel ipw2200
        -   Wired Ethernet drivers
        -   BSD net80211 layer (e.g., Atheros driver) (FreeBSD 6-CURRENT and NetBSD current)
        -   Windows NDIS drivers (Windows; at least XP and 2000, others not tested)
Configuration

This document used the following setup to install, configure and test the wpa_supplicant for Linux:

IBM/Lenovo x41 Thinkpad
Redhat Enterprise Workstation v4
Madwifi-NG Wireless drivers for Atheros-based Wireless NIC card
Wpa_supplicant -0.4.9 Stable Release.
OpenSSL – libraries are required for WPA/EAP-TTLS (This is the authentication and encryption method
used by my wireless network.)

For additional system requirements for running the wpa_supplicant please visit http://hostap.epitest.fi




                                                                    ns
and view the README.txt file.

Installation




                                                                 tio
Download and unpack the latest stable release of wpa_supplicant at
http://hostap.epitest.fi/wpa_supplicant/. The latest stable release is wpa_supplicant-0.4.9.tar.gz.
Unpack the downloaded package to your default source directory. This document will assume the
package was unpacked to /usr/src/wpa_supplicant-0.4.9




                                                        lu
Before continuing the configuration file needs to be created. Create the following file, name it .config and
save it to the wpa_supplicant-0.4.9 directory.
                                           o
 CONFIG_DRIVER_MADWIFI=y
 CFLAGS += -I/usr/src/madwifi-ng
                                        )s
 CONFIG_CTRL_IFACE=y
 CFLAGS += -I/usr/include/openssl/include
 LIBS += -L/usr/lib
          ay

 CFLAGS += -I/usr/include/kerberos
 CONFIG_IEEE8021X_EAPOL=y
 CONFIG_MD5=y
 CONFIG_EAP_TTLS=y
        (d


The first line specifying the wireless network card’s driver can be set to any of the following lines to
match the driver interface that is installed:
      ro




CONFIG_DRIVER_HOSTAP=y
CONFIG_DRIVER_HERMES=y
CONFIG_DRIVER_MADWIFI=y
CONFIG_DRIVER_ATMEL=y
ze




CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NDISWRAPPER=y
CONFIG_DRIVER_BROADCOM=y
CONFIG_DRIVER_IPW=y
CONFIG_DRIVER_BSD=y
CONFIG_DRIVER_NDIS=y

The second line should point to the directory where the wireless drivers are installed if it is different to
what is shown. Also, check and make sure that your openssl installation directory is correct.
Now run the following commands to compile the source and build the wpa_supplicant:

 cd /usr/src/wpa_supplicant-0.4.7
 make clean
 make
 make install

If you receive any errors make sure that you have all the required libraries installed and that the paths in
your .config file are correct.

Next copy the files wpa_cli and wpa_supplicant into an appropriate directory e.g. /usr/local/sbin




                                                                   ns
The wpa_supplicant is configured using a text file, wpa_supplicant.conf. This file lists the accepted
networks and security policices. The default wpa_supplicant.conf file shows the various options and
configuration settings available and can be found in the wpa_supplicant-0.4.9 directory.




                                                                tio
Create a new file called wpa_supplicant.conf in the /etc directory and copy and paste the following
into it:

 #WPA/EAP-TTLS with Radius Authentication




                                                       lu
 ctrl_interface=/var/run/wpa_supplicant
 ctrl_interface_group=0
 network={
             ssid="SSID"
             scan_ssid=1
             key_mgmt=WPA-EAP
                                         o
                                      )s
             eap=TTLS
             anonymous_identity="anonymous"
             identity="your user id here"
         ay

             password="your password here"
             priority=4
             phase2="auth=PAP"
 }
       (d


Next change the permissions on the file with the following:

 chmod 640 /etc/wpa_supplicant.conf
     ro




In order to connect using your wireless network card do the following:
ze




 modprobe ath_pci
 modprobe wlan_scan_sta
 ifconfig ath0 up
 iwconfig above commands are for <SSID>
NOTE: the ath0 mode managed essidthe may be different for your wireless drivers. Replace ath0 with the
name of your wireless device. For example: wlan0, eth1, etc…

Now run the following to connect:

 wpa_supplicant -Bw -Dmadwifi -iath0 -c/etc/wpa_supplicant.conf
After a few moments you should start to see traffic between your wireless card and the Access Point.
Before you can connect to the internet you need to request an IP address by running the following
command:

 dhclient ath0


Rather than manually running the above commands each time you want to connect to the wireless
network you can create a shell script to automate the process for you.

 #!/bin/sh
 modprobe ath_pci




                                                                ns
 modprobe wlan_scan_sta
 ifconfig ath0 up
 iwconfig ath0 mode managed essid <SSID>
 wpa_supplicant -Bw -Dmadwifi -iath0 -c/etc/wpa_supplicant.conf




                                                             tio
 dhclient ath0




                                                     lu
Additional Resources

http://www.linux.com/howtos/8021X-HOWTO/ o
References
                                      )s
http://madwifi.org/
http://hostap.epitest.fi/wpa_supplicant/
         ay

http://www.openssl.org/
       (d
     ro
ze

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:8
posted:9/4/2011
language:English
pages:4