目前您可以使用我們提供的wireless-tools 或wpa_supplicant工具來配置無線網絡。請記住重要的一點是,您對無線網絡的配置是全局性的,而非針對具體的接口。
wpa_supplicant是一個最好的選擇,但缺點是它不支持所有的驅動。請瀏覽wpa_supplicant網站獲得它所支持的驅動列表。另外,wpa_supplicant目前只能連接到那些你已經配置好ESSID的無線網絡。
wireless-tools支持幾乎所有的無線網卡和驅動,但它不能連接到那些只支持WPA的AP。
WPASupplicant工具包可以讓您連接到那些使用WPA的AP。因爲還只是beta版,所以它的配置方法仍會常常變化——儘管如此,在大部分情況下它已經能很好的工作。
代碼 2.3:一個/etc/wpa_supplicant/wpa_supplicant.conf的例子 |
# 請不要修改下面這一行內容,否則將不能正常工作 ctrl_interface=/var/run/wpa_supplicant # 確保只有root用戶能讀取WPA的配置 ctrl_interface_group=0 # 使用wpa_supplicant來掃描和選擇AP ap_scan=1 # 簡單的情形:WPA-PSk密碼驗證方式,PSK是ASCII密碼短語,所有合法的加密方式都允許連接 network={ ssid="simple" psk="very secret passphrase" # 優先級越高,就能越早匹配到。 priority=5 } # 與前面的設置相同,但要求對特定的SSID進行掃描(針對那些拒絕廣播SSID的AP) network={ ssid="second ssid" scan_ssid=1 psk="very secret passphrase" priority=2 } # 僅使用WPA-PSK方式。允許使用任何合法的加密方式的組合 network={ ssid="example" proto=WPA key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb priority=2 } # 明文連接方式(不使用WPA和IEEE802.1X) network={ ssid="plaintext-test" key_mgmt=NONE } # 共享WEP祕鑰連接方式(不使用WPA和IEEE802.1X) network={ ssid="static-wep-test" key_mgmt=NONE wep_key0="abcde" wep_key1=0102030405 wep_key2="1234567890123" wep_tx_keyidx=0 priority=5 } # 共享WEP祕鑰連接方式(無WPA和IEEE802.1X),使用共享祕鑰IEEE802.11驗證方式 network={ ssid="static-wep-test2" key_mgmt=NONE wep_key0="abcde" wep_key1=0102030405 wep_key2="1234567890123" wep_tx_keyidx=0 priority=5 auth_alg=SHARED } # 在IBSS/ad-hoc網絡中使用WPA-None/TKIP network={ ssid="test adhoc" mode=1 proto=WPA key_mgmt=WPA-NONE pairwise=NONE group=TKIP psk="secret passphrase" } 命令執行例子: wpa_supplicant -B -ieth0 -c /etc/wpa_supplicant.conf 獲得地址: dhcpcd eth0 察看網卡狀態以及參數: bt ~ # iwconfig eth0 eth0 IEEE 802.11g ESSID:"youssid" Mode:Managed Frequency:2.462 GHz Access Point: 00:00:00:00:00:00 Bit Rate:54 Mb/s Tx-Power:14 dBm Retry limit:15 RTS thr:off Fragment thr:off Encryption key:xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx Security mode:open Power Management:off Link Quality=74/100 Signal level=-57 dBm Noise level=-57 dBm Rx invalid nwid:0 Rx invalid crypt:1 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:21 Missed beacon:0 bt ~ # ifconfig eth0 eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx inet addr:192.168.2.100 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::218:deff:feb0:38e5/64 Scope:Link UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:33 errors:2 dropped:31 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11177 (10.9 KiB) TX bytes:4324 (4.2 KiB) Interrupt:11 Base address:0x2000 Memory:edf00000-edf00fff 這樣linux就可以使用wpa 訪問無線網絡了. --------------------------------------------------- wpa_supplicant usage --------------------------------------------------- You will need to make a configuration file, e.g., /etc/wpa_supplicant.conf, with network configuration for the networks you are going to use. Configuration file section below includes explanation for the configuration file format and includes various examples. Once the configuration is ready, you can test whether the configuration work by first running wpa_supplicant with following command to start it on foreground with debugging enabled: wpa_supplicant -i wlan0 -c/etc/wpa_supplicant.conf -d Assuming everything goes fine, you can start using following command to start wpa_supplicant on background without debugging: wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B Please note that if you included more than one driver interface in the build time configuration (.config), you may need to specify which interface to use by including -D<driver name> option on the command line. See following section for more details on command line options for wpa_supplicant. Command line options -------------------- usage: wpa_supplicant [-BddehLqqvw] -i<ifname> -c<config file> [-D<driver>] \ [-N -i<ifname> -c<conf> [-D<driver>] ...] options: -B = run daemon in the background -d = increase debugging verbosity (-dd even more) -K = include keys (passwords, etc.) in debug output -t = include timestamp in debug messages -h = show this help text -L = show license (GPL and BSD) -q = decrease debugging verbosity (-qq even less) -v = show version -w = wait for interface to be added, if needed -N = start describing new interface drivers: hostap = Host AP driver (Intersil Prism2/2.5/3) [default] (this can also be used with Linuxant DriverLoader) hermes = Agere Systems Inc. driver (Hermes-I/Hermes-II) madwifi = MADWIFI 802.11 support (Atheros, etc.) atmel = ATMEL AT76C5XXx (USB, PCMCIA) wext = Linux wireless extensions (generic) ndiswrapper = Linux ndiswrapper broadcom = Broadcom wl.o driver ipw = Intel ipw2100/2200 driver wired = wpa_supplicant wired Ethernet driver bsd = BSD 802.11 support (Atheros, etc.) ndis = Windows NDIS driver In most common cases, wpa_supplicant is started with wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -iwlan0 This makes the process fork into background and wait for the wlan0 interface if it is not available at startup time. The easiest way to debug problems, and to get debug log for bug reports, is to start wpa_supplicant on foreground with debugging enabled: wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d wpa_supplicant can control multiple interfaces (radios) either by running one process for each interface separately or by running just one process and list of options at command line. Each interface is separated with -N argument. As an example, following command would start wpa_supplicant for two interfaces: wpa_supplicant \ -c wpa1.conf -i wlan0 -D hostap -N \ -c wpa2.conf -i ath0 -D madwifi Configuration file ------------------ wpa_supplicant is configured using a text file that lists all accepted networks and security policies, including pre-shared keys. See example configuration file, wpa_supplicant.conf, for detailed information about the configuration format and supported fields. Changes to configuration file can be reloaded be sending SIGHUP signal to wpa_supplicant ('killall -HUP wpa_supplicant'). Similarly, reloading can be triggered with 'wpa_cli reconfigure' command. Configuration file can include one or more network blocks, e.g., one for each used SSID. wpa_supplicant will automatically select the best betwork based on the order of network blocks in the configuration file, network security level (WPA/WPA2 is prefered), and signal strength. Example configuration files for some common configurations: 1) WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work network # allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel # # home network; allow all valid ciphers network={ ssid="home" scan_ssid=1 key_mgmt=WPA-PSK psk="very secret passphrase" } # # work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers network={ ssid="work" scan_ssid=1 key_mgmt=WPA-EAP pairwise=CCMP TKIP group=CCMP TKIP eap=TLS identity="[email protected]" ca_cert="/etc/cert/ca.pem" client_cert="/etc/cert/user.pem" private_key="/etc/cert/user.prv" private_key_passwd="password" } 2) WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that use old peaplabel (e.g., Funk Odyssey and SBR, Meetinghouse Aegis, Interlink RAD-Series) ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="example" scan_ssid=1 key_mgmt=WPA-EAP eap=PEAP identity="[email protected]" password="foobar" ca_cert="/etc/cert/ca.pem" phase1="peaplabel=0" phase2="auth=MSCHAPV2" } 3) EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the unencrypted use. Real identity is sent only within an encrypted TLS tunnel. ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="example" scan_ssid=1 key_mgmt=WPA-EAP eap=TTLS identity="[email protected]" anonymous_identity="[email protected]" password="foobar" ca_cert="/etc/cert/ca.pem" phase2="auth=MD5" } 4) IEEE 802.1X (i.e., no WPA) with dynamic WEP keys (require both unicast and broadcast); use EAP-TLS for authentication ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="1x-test" scan_ssid=1 key_mgmt=IEEE8021X eap=TLS identity="[email protected]" ca_cert="/etc/cert/ca.pem" client_cert="/etc/cert/user.pem" private_key="/etc/cert/user.prv" private_key_passwd="password" eapol_flags=3 } 5) Catch all example that allows more or less all configuration modes. The configuration options are used based on what security policy is used in the selected SSID. This is mostly for testing and is not recommended for normal use. ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="example" scan_ssid=1 key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk="very secret passphrase" eap=TTLS PEAP TLS identity="[email protected]" password="foobar" ca_cert="/etc/cert/ca.pem" client_cert="/etc/cert/user.pem" private_key="/etc/cert/user.prv" private_key_passwd="password" phase1="peaplabel=0" ca_cert2="/etc/cert/ca2.pem" client_cert2="/etc/cer/user.pem" private_key2="/etc/cer/user.prv" private_key2_passwd="password" } 6) Authentication for wired Ethernet. This can be used with 'wired' interface (-Dwired on command line). ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel ap_scan=0 network={ key_mgmt=IEEE8021X eap=MD5 identity="user" password="password" eapol_flags=0 } --------------------------------------------------- wpa_cli usage --------------------------------------------------- wpa_cli commands status = get current WPA/EAPOL/EAP status mib = get MIB variables (dot1x, dot11) help = show this usage help interface [ifname] = show interfaces/select interface level <debug level> = change debug level license = show full wpa_cli license logoff = IEEE 802.1X EAPOL state machine logoff logon = IEEE 802.1X EAPOL state machine logon set = set variables (shows list of variables when run without arguments) pmksa = show PMKSA cache reassociate = force reassociation reconfigure = force wpa_supplicant to re-read its configuration file preauthenticate <BSSID> = force preauthentication identity <network id> <identity> = configure identity for an SSID password <network id> <password> = configure password for an SSID pin <network id> <pin> = configure pin for an SSID otp <network id> <password> = configure one-time-password for an SSID passphrase <network id> <passphrase> = configure private key passphrase for an SSID bssid <network id> <BSSID> = set preferred BSSID for an SSID list_networks = list configured networks select_network <network id> = select a network (disable others) enable_network <network id> = enable a network disable_network <network id> = disable a network add_network = add a network remove_network <network id> = remove a network set_network <network id> <variable> <value> = set network variables (shows list of variables when run without arguments) get_network <network id> <variable> = get network variables save_config = save the current configuration disconnect = disconnect and wait for reassociate command before connecting scan = request new BSS scan scan_results = get latest scan results get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg> = get capabilies terminate = terminate wpa_supplicant quit = exit wpa_cli wpa_cli command line options wpa_cli [-p<path to ctrl sockets>] [-i<ifname>] [-hvB] [-a<action file>] \ [-P<pid file>] [-g<global ctrl>] [command..] -h = help (show this usage text) -v = shown version information -a = run in daemon mode executing the action file based on events from wpa_supplicant -B = run a daemon in the background default path: /var/run/wpa_supplicant default interface: first interface found in socket path |