|
Size: 15202
Comment:
|
Size: 15205
Comment: typo
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 241: | Line 241: |
| logger "WiFi: Disconnecting `$IFNAME'" | logger "WiFi: Disconnecting `$IFNAME`' " |
Brief WPA Introduction
Wi-Fi Protected Access (WPA) is a family of encryption methods used when connecting to a wireless access point. It is based on the technology that is used in Wired Equivalent Privacy (WEP) but provides stronger security. For more information on the subject you can see the [http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access WPA] entry on Wikipedia.
These instructions are targeted toward Ubuntu 5.10 (Breezy). For Ubuntu 6.06 LTS (Dapper) this is a lot easier: If you do not see a network icon near your power information, or if WEP is your only encryption choice for network configuration, you'll need to install Network Manager. For Ubuntu users:
sudo apt-get install network-manager-gnome
Kubuntu users should install the KDE version:
sudo apt-get install network-manager-kde
In Kubuntu 6.06
sudo apt-get install knetworkmanager
After installing the package, logout and log back in (or re-start) and Network Manager should appear. Right click the Network Manager icon to enable network if necessary. Next, left click on the Network Manager icon and choose "Connect to other wireless network". Then, enter "YOUR-SSID" for the network name and choose your type "WPA ENTERPRISE" or "WPA PERSONAL" etc, etc ... for wireless security. Enter the password in the password text entry box. Click connect to attempt a connection.
gnome network manager bugs for the keyring password on login so install pam-keyring to get around that
either using the unofficial debian package found at: ubuntuforums.org http://ubuntuforums.org/attachment.php?attachmentid=11818&d=1151394726 (warning be careful about install from unauthenticated sources ... it's a little safer to build from source see instructions below)
Here is the link to get the source package http://www.hekanetworks.com/pam_keyring/ http://www.hekanetworks.com/opensource/pam_keyring/
You may need to get a few packages in addition to build-essential to complete the build.
Using Synaptic get:
libpam0g-dev libgnome-keyring-dev libglib2.0-dev autotools-dev libtool
Here are the steps to install: 1.) Download 2.) Unzip to folder (i.e. ~/pam_keyring_tmp) 3.) In Terminal: cd ~/pam_keyring_tmp ./configure --prefix=/usr --libdir=/lib make sudo make install cd /etc/pam.d sudo gedit gdm To look like:
=================================================================================
#%PAM-1.0 auth requisite pam_nologin.so auth required pam_env.so @include common-auth @include common-account session required pam_limits.so @include common-session @include common-password
auth optional pam_keyring.so try_first_pass session optional pam_keyring.so
================================================================================
reboot your computer or hit: ctl-alt-backspace to restart X
As I mentioned in the comments in gdm file, this relies on having the password of the default keyring the same as your login password. ENJOY!
Original instructions from: http://ubuntuforums.org/showthread.php?t=187874 and http://ubuntuforums.org/showthread.php?p=1619571 and http://ubuntuforums.org/showthread.php?t=192281
If you need a network connection to be active before you're logged into Gnome/KDE on Dapper or you're fed up of retyping your keyring password then an alternative is to create /etc/wpa_supplicant.conf as below and to add a stanza to your /etc/network/interfaces file like the following:
iface wlan0 inet dhcp
pre-up wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -Dwext -w -Bwhich assumes wlan0 is the wireless LAN card and that wext is appropriate for the card in question. Don't forget to add wlan0 to the auto line as well so that the interface is started at boot. See "man interfaces" for more info. (The instructions below seem to fail as the /etc/init.d/wpasupplicant script has been removed)
If your wireless card is based on the rt2500 chipset, do not follow these instructions, as WPA has to be configured as described in ["WifiDocs/Driver/RalinkRT2500"]
The WPA supplicant
Before proceeding any further, it might be worthwhile to check whether your Wi-Fi Card is supported. [http://hostap.epitest.fi/wpa_supplicant/ wpa_supplicant website] This will save you lots of time and frustration - 20060303 casualprogrammer
The WPA functionality is provided by wpasupplicant. This package can be found in universe (see UniversePackages). You can install it with apt-get, aptitude, Synaptic, or Adept.
sudo apt-get install wpasupplicant
You will then have to edit the /etc/wpa_supplicant.conf and /etc/default/wpasupplicant configuration files.Edit /etc/wpa_supplicant.conf to include your network. The info to include can be generated with wpa_passphrase
(although this is optional, it saves the supplicant having to generate the preshared key (PSK) each time it is started):
attachment:IconsPage/IconExample48.png
dennis@mirage:~$ wpa_passphrase NetworkEssid TextPassphrase network={ ssid="NetworkEssid" #psk="TextPassphrase" psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c }
It's better to type: wpa_passphrase NetworkEssid, which will prompt you for a passphrase. This avoids entering your wireless passphrase into your shell history file. - 20060523 Kirby7
- Then add the following to the end of /etc/wpa_supplicant.conf:
network={ ssid="NetworkEssid" scan_ssid=1 # only needed if your access point uses a hidden ssid proto=WPA key_mgmt=WPA-PSK psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c }
Also, you may not need to specify the proto and key_mgmt directives, as wpa_supplicant defaults to autodetecting the right protocol. - 20060107 DaniloPiazzalunga
Testing
- Next we test the WPA supplicant. To do this you first determine which driver you have. The supported drivers* are visible by running 'wpa_supplicant -h'. In this example I assume the madwifi driver.
* prism54 is currently not supported - 20060107 NaamanCampbell
You also need to know the name of your card's interface. In this example I assume ath0.
- Now simply start wpa_supplicant for testing:
sudo wpa_supplicant -iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w
Substitute "madwifi" with your card driver
attachment:IconsPage/IconExample48.png
- You should see something like the following, but more verbose (if you get a different result, append -dd to the above command line and ask someone on #ubuntu for help):
Trying to associate with 00:ff:00:1e:a7:7d (SSID='NetworkEssid' freq=0 MHz) Associated with 00:ff:00:1e:a7:7d WPA: Key negotiation completed with 00:ff:00:1e:a7:7d [PTK=TKIP GTK=TKIP]
Now interrupt wpa_supplicant with <ctrl> C
Final installation
attachment:IconsPage/IconExample48.png
- Once wpa_supplicant works, you should edit /etc/network/interfaces to include wpa_supplicant. If prior to all of this, your /etc/network/interfaces looks like:
auto ath0 iface ath0 inet dhcp
Simply change it to look like:auto ath0 iface ath0 inet dhcp pre-up /etc/init.d/wpasupplicant start pre-up sleep 5
This looks like an optional step, too. As of 0.4.7-0ubuntu3, the /etc/network/if-pre-up.d/wpasupplicant script will take care of this step automatically. - 20060107 DaniloPiazzalunga
It is indeed optional and only relevant for Breezy systems. I made the change in Dapper's package. - 20060110 [DanielTChen]
For an alternative more detailed way to configure /etc/network/interfaces to work with wpa_supplicant 0.4.8-3ubuntu1.1 try [http://svn.debian.org/wsvn/pkg-wpa/trunk/wpasupplicant/debian/README.modes?op=file&rev=0&sc=0] - particularly if you want to set up a static IP address, which Network Manager doesn't currently support very well
- Finally, edit /etc/default/wpasupplicant to enable wpa_supplicant and provide its command line options. For our example setup, this would be:
# Useful flags: # -D <driver> Wireless drive, typically optional. # -i <ifname> Interface # -c <config file> Configuration file # -d Debugging (-dd for more) # -w Wait for interface to come up # See the manual page wpa_supplicant(1) for more options and information. ENABLED=1 OPTIONS="-iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w"
Note that in Dapper, because of a newer kernel (2.6.15) and a newer wpasupplicant package (0.4.7), your wireless driver may already support the kernel's wireless extensions interface. Please consult the README.Debian. - 20060110 [DanielTChen]
I placed the "ENABLED=1" setting directly above the "OPTIONS" setting; it was easy to miss that setting when it was above the comment section in the file. - 20060129 [Scott]
If you have an ipw2200 wirless card and a kernel 2.6.16 or newer, you maybe have to use "wext" driver instead of "ipw"
Integration with DHCP
Note that the instructions below are deprecated. The changes that I made in Dapper's wpasupplicant package already take care of this case. [DanielTChen]
If you want your wireless card to aquire a new IP address using DHCP when wpa_supplicant associates with an access point, use the wpa_cli utility as documented in the wpa_supplicant [http://hostap.epitest.fi/cgi-bin/viewcvs.cgi/*checkout*/hostap/wpa_supplicant/README?rev=HEAD&content-type=text/plain README]:
wpa_cli can used to run external programs whenever wpa_supplicant connects or disconnects from a network. This can be used, e.g., to update network configuration and/or trigget DHCP client to update IP addresses, etc.
The wpa_cli utility can automatically execute a script whenever wpa_supplicant connects or disconnects from an access point. For this, use the -a switch like so:wpa_cli -a<my-script>
The script will be invoked like this:my-script $IF $CONN
Where $IF is the interface (eth0, ath0, etc), and $CONN is the event - either "CONNECTED" or "DISCONNECTED".
attachment:IconsPage/IconExample48.png
- The simplest thing to do is write a script that invokes ifup or ifdown. I've put it in /sbin/wpa_action:
#! /bin/bash IFNAME=$1 CMD=$2 if [ "$CMD" == "CONNECTED" ]; then SSID=`wpa_cli -i$IFNAME status | grep ^ssid= | cut -f2- -d=` logger "WiFi: Connecting `$IFNAME' to network `$SSID'" ifup $IFNAME elif [ "$CMD" == "DISCONNECTED" ]; then logger "WiFi: Disconnecting `$IFNAME`' " ifdown $IFNAME fiThen, edit /etc/init.d/wpasupplicant to run wpa_cli appropriately. Look for these lines:case "$1" in start) echo -n "Starting wpa_supplicant: " start-stop-daemon --start --name $PNAME --oknodo --startas $DAEMON -- -B $OPTIONS echo "done." ;; stop)Insert a sleep and wpa_cli call below the start-stop-daemon call:case "$1" in start) echo -n "Starting wpa_supplicant: " start-stop-daemon --start --name $PNAME --oknodo --startas $DAEMON -- -B $OPTIONS sleep 1 wpa_cli -a/sbin/wpa_action -B echo "done." ;; stop)If you are using DHCP exclusively to configure your wireless interface, then make sure you have this line for your wireless interface in /etc/network/interfaces:iface eth0 inet dhcp
Where "eth0" is your wireless interface. And you'll want to make sure that your computer doesn't try to automatically start the interface up without an associated AP, so remove your wireless interface from the 'auto' line in /etc/network/interfaces:auto lo eth0 eth1
So it becomesauto lo eth1
Listing only those interfaces that you want to configure on startup. (Obviously, your 'auto' line will look different, depending on what network interfaces you have on your system.) Now, whenever you associate with a new wireless access point, your wireless interface will have an IP automatically configured and you'll be fully connected to the network. (YAY!)
GUI for WPA_Supplicant
A Qt-based application is available that might make configuration easier. [http://packages.ubuntu.com/dapper/net/wpagui]
Troubleshooting
Connects, Disconnects, ...
- This can be caused by Network Manager. Apparently when Network Manager scans for APs, wpa_supplicant will disconnect. Disabling Network Manager allows WPA to work, but you loose the NM function of automatic connections.
Links and Resources
[http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access WPA] [http://hostap.epitest.fi/wpa_supplicant/ wpa_supplicant website]
Pretty sure "network management framework (GNOME Frontend)" is what made WPA "just work" - the problem is I have followed 3 or 4 sets of instructions, so I can't be sure that the one package is all you need - but it sure seems it is a good place to start. If someone can confirm this, fix this entry (or e-mail CarlKarsten and I'll fix it.) So try this: First disable the System, Administration, Networking - select the/all interface - Properties, uncheck "Enable this connection" (so that the next step can take over managing it.), OK, OK.
sudo apt-get install network-manager-gnome
look for a new icon in the upper left - click it - you should see a list of ESSID's (wireless network names)
Using /etc/rcS.d for boot
This is for launching wpa_supplicant as a background daemon on boot in Ubuntu 6.06 LTS (Dapper)
You need to have wpa_supplicant.conf created and know how to launch wpa_supplicant from the command line
- I tried the examples above and the man 8 page for wpa_supplicant examples, but could not get it to launch automatically on boot. This approach seems very straightforward. If you can run your launch script manually, it will run on boot just the same. The other methods seem very difficult editing the system files.
Work around for booting with /etc/init.d and /etc/rcS.d
Create a simple shell script in /etc/init.d that launches the wpa_supplicant as a background daemon:
/etc/init.d/wpa_launch.sh
#!/bin/bash
/sbin/wpa_supplicant -Bw -iath1 -Dmadwifi -c/etc/wpa_supplicant/wpa_supplicant.confCreate a symbolic link in /etc/rcS.d that points to the launch script:
ln -s /etc/rcS.d/S42wpa_launch -> /etc/init.d/wpa_launch.sh
Are there potential disadvantages of this method? Please post comments here.