Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # This is an example configuration file for xsupplicant versions after 0.8b.
- ### GLOBAL SECTION
- # network_list: defines all of the networks in this file which
- # should be kept in memory and used.Comma delimited list or "all"
- # for keeping all defined configurations in memory. For efficiency,
- # keep only the networks you might roam to in memory.
- # To avoid errors, make sure your default network is always
- # in the network_list. In general, you will want to leave this set to
- # "all".
- network_list = all
- #network_list = default, test1, test2
- # default_netname: some users may actually have a network named "default".
- # since "default" is a keyword in the network section below, you can
- # change which is to be used as the replacement for this keyword
- #
- # As of Xsupplicant 1.2.2, wireless interfaces will no longer use the default
- # network name if they are unable to find a valid config. If you have
- # auto association turned on, Xsupplicant will find a new network to connect
- # to. Otherwise, it will do nothing.
- default_netname = default
- #default_netname = my_defaults
- # destination: defines how Xsupplicant should determine the destination address
- # that should be used for the 802.1X conversation.
- #
- # Valid Options are :
- # Auto - respond to source address from the last packet we saw.
- # Source - same as Auto
- # BSSID - Always answer to the BSSID of the AP we are associated to.
- # Multicast - always use the multicast address defined in 802.1X-2001.
- #
- #destination = auto
- # Do we want xsupplicant to pick the best AP to connect to? Or should the
- # 'firmware' be allowed to select the AP? (In most cases, letting Xsupplicant
- # make the decision for you is currently better.)
- #roaming = xsupplicant
- # Should we do passive scanning while associated/authenticated with an AP?
- # In order to support preauthentication, this *MUST* be enabled. However,
- # some wireless cards don't do passive scanning correctly, and will end up
- # disconnecting you from the network while a scan is completed.
- #passive_scanning = yes
- # The amount of time (in seconds) that should pass between passive scan
- # attempts. When the scan is commplete, Xsupplicant will make a decision
- # about which AP is the best. If a better AP is found, Xsupplicant will
- # jump to it. If 'passive_scanning' is set to 'no', then this setting does
- # nothing.
- #passive_timer = 300
- # EAP request identity messages may contain a network id field in it. This
- # network ID can be useful for determining a network name on wired networks.
- # For wireless networks, this ID usually matches the SSID so leaving it
- # enabled is a good idea unless you have a reason not to.
- # use_eap_hints = yes
- # When running in daemon, or non-foreground mode, you may want to have the
- # output of the program. So, define a log file here. Each time XSupplicant
- # is started, this file will be replaced. So, there is no need to roll the
- # log file. If the logfile name is set to "syslog", then all messages will
- # be sent to the syslog. If syslog is defined, you should also define
- # "log_facility" to specify which logging facility will be used.
- logfile = syslog
- # If you have set the logfile option to "syslog", then you should define
- # log_facility in order to tell Xsupplicant where to send log messages.
- # Valid settings are cron, daemon, ftp, kern, local0, local1, local2,
- # local3, local4, local5, local6, local7, lpr, news, user, and uucp
- log_facility = daemon
- # If we want Xsupplicant to control the associations for networks, we need
- # to set the following setting to "auto". If you want to control the network
- # you connect to via iwconfig (or other SSID setting utility) you should set
- # this option to manual. The default is auto.
- #association = auto
- # This value should be changed to reflect how long it takes your card to
- # determine if it is associated. (Basically, the value should be the number
- # of seconds it takes for your card to scan every possible frequency and
- # speed it is aware of.) For most cards, 30 seconds is enough time. However
- # if your card is capable of doing 802.11a/b/g, you may need to set this
- # value higher.
- #association_timeout = 30
- # The auth_period, held_period, and max_starts modify the timers in the state
- # machine. (Please reference the 802.1x spec for info on how they are used.)
- # For most people, there is no reason to define these values, as the defaults
- # should work.
- #auth_period = 30
- #held_period = 30
- #max_starts = 3
- # The "default_interface" is the interface that will be used if one is not
- # specified on the command line.
- #default_interface = eth1
- # Enable or disable friendly warnings. The default setting is "yes".
- # friendly_warnings = no
- # The stale key timeout is how long a unicast key should be in use before a
- # warning is issued. It doesn't actually change the way the program functions
- # and should be considered cosmetic. However, it may be useful to put this
- # to a lower value if you believe that WEP keys can be broken quicker than the
- # default setting of 10 minutes. If friendly_warnings is set to no, then
- # this does nothing.
- #stale_key_timeout = 600
- # For most people, the default setting for "allmulti" will work just fine. In
- # some cases, wireless cards have been known to not work when ALLMULTI is
- # enabled. (Such as certain Orinoco cards, with older drivers.) If "allmulti"
- # is set to "no", XSupplicant will not attempt to change the state of the
- # setting in the driver. So, you should make sure to do an "ifconfig ethX
- # -allmulti".
- #allmulti = no
- ### NETWORK SECTION
- # The general format of the network section is a network name followed
- # by a group of variables.
- # Network names may contain the following characters: a-z, A-Z, 0-9, '-',
- # '_', '\', '/'
- # Those interested in having an SSID with ANY character in it can use
- # the ssid tag within the network clause. Otherwise, your ssid will
- # be the name of the network.
- ## Default Network Section
- # This is the network configuration that will be used in the event that
- # no valid network configuration can be found. If you are going to leave
- # Xsupplicant running all the time, it is recommended that you leave this
- # section blank. A blank network definition will result in Xsupplicant
- # turning off encryption and turning control over to iwconfig.
- default
- {
- }
- my_network
- {
- # type: the type of this network. wired or wireless, if this value is not
- # set, xsupplicant will attempt to determine if the interface is wired or
- # wireless. In general, you should only need to define this when
- # xsupplicant incorrectly identifies your network interface.
- #type = wireless
- # wireless_control: If this profile is forced to wired, this will not do
- # anything. However, if the interface is forced, or detected to be wireless
- # XSupplicant will take control of re/setting WEP keys when the machine
- # first starts, and when it jumps to a different AP. In general, you won't
- # need to define, or set this value.
- # wireless_control = yes
- # allow_types: describes which EAP types this network will allow. The
- # first type listed will be requested if the server tries to use something
- # not in this list.
- # allow_types = eap_tls, eap_md5, eap_gtc, eap-otp
- allow_types = all
- # force_eapol_ver: force the EAPOL version used in frames to be a
- # specific value. Allowed values are 1, and 2. (Default : Auto) If you
- # are having problems authenticating, set this value to 1 and see if that
- # helps. (In general, it won't be needed.)
- # force_eapol_ver = 1
- # identity: what to respond with when presented with an EAP Id Request
- # Typically, this is the username for this network. If this is a string
- # that does not contain any spaces, or unusual characters, it can be listed
- # plain. Otherwise, it should be enclosed in quotes.
- identity = myid@mynet.net
- # wpa_pairwise_cipher, and wpa_group_cipher : Both options need to be set
- # in order to get WPA working correctly. Valid options for this setting
- # are WEP40, TKIP, WRAP, CCMP, and WEP104. However, the only settings that
- # currently work are WEP40, WEP104, and TKIP. (And those depend on having
- # a driver that works with WPA.)
- #wpa_pairwise_cipher = tkip
- #wpa_group_cipher = tkip
- # Force xsupplicant to send it's packets to this destination MAC address.
- # In most cases, this isn't needed, and shouldn't be defined.
- #dest_mac = 00:aA:bB:cC:dD:eE
- # The initial_wep option allows you to set WEP keys that may be required
- # to associate to the network and start an 802.1X connection. This should
- # not be confused with the static_wep option which doesn't do 802.1X, but
- # only associates to a network with static WEP.
- initial_wep {
- # The keys must either be 10, or 26 characters long. They should
- # *ALWAYS* be quoted!!
- key1 = "2222222222"
- key2 = "2222222222"
- key3 = "2222222222"
- key4 = "2222222222"
- # This is the key that will be used to transmit data. It needs to
- # match the index that is configured on your AP.
- tx_key = 1
- }
- ## This option allows you to configure static WEP, so that when you
- # associate with a network that uses static WEP you don't need to do
- # anything. If "static_wep" is used, it must be the only option available
- # in that SSID def!
- static_wep {
- # The keys must either be 10, or 26 characters long. They should
- # *ALWAYS* be quoted!!
- key1 = "2222222222"
- key2 = "2222222222"
- key3 = "2222222222"
- key4 = "2222222222"
- # This is the key that will be used to transmit data. It needs to
- # match the index that is configured on your AP.
- tx_key = 1
- }
- ## method-specific parameters are kept in the method
- eap_tls {
- # this section configures the smartcard used with eap-tls
- # for now the smartcard PIN is handled the same way as the
- # password for a private key
- smartcard {
- # this line actually enables the smartcard and makes xsupplicant use
- # the opensc engine
- engine_id = opensc
- # set the path to the engine
- opensc_so_path = "/usr/lib/opensc /engine_opensc.so"
- # set the key id on the smartcard
- key_id = 45
- }
- user_cert = /path/to/certificate
- user_key = /path/to/private/key
- user_key_pass = "password for key"
- root_cert = /path/to/root/cert
- root_dir = /path/to/valid/root/certs
- #crl_dir = /path/to/dir/with/crl
- chunk_size = 1398
- random_file = /path/to/random/source
- # To enable TLS session resumption, you need to set the following
- # value to "yes". By default, session resumption is disabled.
- #session_resume = yes
- }
- eap-md5 {
- username = testuser
- password = "test user pass!" # Since the password has spaces, quote it.
- }
- eap-ttls {
- #user_cert = /path/to/certificate
- #as in tls, define either a root certificate or a directory
- # containing root certificates
- root_cert = /path/to/root/certificate
- #root_dir = /path/to/root/certificate/dir
- #crl_dir = /path/to/dir/with/crl
- #user_key = /path/to/private/key
- #user_key_pass = "password for key"
- chunk_size = 1398
- random_file = /path/to/random/source
- #cncheck = myradius.radius.com # Verify the server certificate
- # has this value in it's CN field.
- #cnexact = yes # Should it be an exact match?
- #session_resume = yes
- # phase2_type defines which phase2 to actually DO. You
- # MUST define one of these.
- phase2_type = pap
- ## These are definitions for the different methods you might
- ## do at phase2. only the one specified above will be used
- ## but it is valid to leave more than one here for convenience
- ## and easy switching.
- pap {
- username = papuser
- password = "pap passwd"
- }
- chap {
- username = chapuser
- password = "chap passwd"
- }
- mschap {
- username = mschapuser
- password = "mschap passwd"
- }
- mschapv2 {
- username = mschapv2user
- password = "mschapv2 passwd"
- }
- }
- eap-leap {
- username = leapuser
- password = "leap user pass!"
- }
- eap-mschapv2 {
- username = eapmschapv2user
- password = eapmschapv2userpass!
- }
- eap-peap {
- inner_id = my_inner_id
- user_cert = /path/to/certificate
- # As in tls, define either a root certificate or a directory
- # containing root certificates.
- #root_cert = /path/to/root/certificate
- root_dir = /path/to/root/certificate/dir
- crl_dir = /path/to/dir/with/crl
- user_key = /path/to/private/key
- user_key_pass = "password for key"
- chunk_size = 1398
- random_file = /path/to/random/source
- cncheck = myradius.radius.com # Verify the server certificate
- # has this value in it's CN field.
- cnexact = yes # Should it be an exact match?
- session_resume = yes
- proper_peap_v1_keying = yes # Many RADIUS servers use the
- # wrong string constant to dervie
- # the keying material. Setting
- # this to 'yes' will cause
- # xsupplicant to use the value
- # defined in the internet draft
- # instead of the wrong one. The
- # default is to use the wrong
- # constant, since that is what
- # most RADIUS servers do.
- #Currently 'all' is just mschapv2
- #If no allow_types is defined, all is assumed
- allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM
- #allow_types = eap_mschapv2
- # When doing EAP MS-CHAPv2 you need a password, or an ntpwdhash. If you
- # have both, Xsupplicant will try to use the ntpwdhash.
- eap-mschapv2 {
- username = phase2mschapv2
- ntpwdhash = E653E6452753C97E46792567DFF599B6
- password = "phase2 mschapv2 pass"
- }
- }
- eap-sim {
- # In order to obtain the IMSI from the SIM card, the password
- # *MUST* be defined here! Otherwise, you need to specify your
- # IMSI as the username below.
- username = simuser
- password = simuserpin
- auto_realm = yes
- }
- eap-aka {
- # In order to obtain the IMSI from the SIM card, the password
- # *MUST* be defined here! Otherwise, you need to specify your
- # IMSI as the username below.
- username = akauser
- password = akauserpin
- auto_realm = yes
- }
- }
- # In this network definition, "test1" is the friendly name. It can match
- # the essid of the network, which means you won't have to set the "ssid"
- # variable. However, if it doesn't match, you need to set the "ssid"
- # variable in order for the network to be detected correctly.
- test1
- {
- type = wired
- allow_types = all
- identity = "Check this out- any char!#$" # Then a comment!
- }
- test2
- {
- identity = testuser@testnet.com
- allow_types = eap-tls
- type = wireless
- }
- test3
- {
- type = wired
- identity= "this will work too"
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement