]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - config/madwifi/madwifi.conf
Updated samba to latest stable
[people/teissler/ipfire-2.x.git] / config / madwifi / madwifi.conf
1 ##### hostapd configuration file ##############################################
2 # Empty lines and lines starting with # are ignored
3
4 # AP netdevice name (without 'ap' prefix, i.e., wlan0 uses wlan0ap for
5 # management frames)
6 interface=ath0
7
8 # Driver interface type (hostap/wired/madwifi/prism54; default: hostap)
9 driver=madwifi
10
11 # hostapd event logger configuration
12 #
13 # Two output method: syslog and stdout (only usable if not forking to
14 # background).
15 #
16 # Module bitfield (ORed bitfield of modules that will be logged; -1 = all
17 # modules):
18 # bit 0 (1) = IEEE 802.11
19 # bit 1 (2) = IEEE 802.1X
20 # bit 2 (4) = RADIUS
21 # bit 3 (8) = WPA
22 # bit 4 (16) = driver interface
23 # bit 5 (32) = IAPP
24 #
25 # Levels (minimum value for logged events):
26 # 0 = verbose debugging
27 # 1 = debugging
28 # 2 = informational messages
29 # 3 = notification
30 # 4 = warning
31 #
32 logger_syslog=-1
33 logger_syslog_level=2
34 logger_stdout=-1
35 logger_stdout_level=1
36
37 # Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = excessive
38 debug=0
39
40 # Dump file for state information (on SIGUSR1)
41 dump_file=/tmp/hostapd.dump
42
43 # Interface for separate control program. If this is specified, hostapd
44 # will create this directory and a UNIX domain socket for listening to requests
45 # from external programs (CLI/GUI, etc.) for status information and
46 # configuration. The socket file will be named based on the interface name, so
47 # multiple hostapd processes/interfaces can be run at the same time if more
48 # than one interface is used.
49 # /var/run/hostapd is the recommended directory for sockets and by default,
50 # hostapd_cli will use it when trying to connect with hostapd.
51 ctrl_interface=/var/run/hostapd
52
53 # Access control for the control interface can be configured by setting the
54 # directory to allow only members of a group to use sockets. This way, it is
55 # possible to run hostapd as root (since it needs to change network
56 # configuration and open raw sockets) and still allow GUI/CLI components to be
57 # run as non-root users. However, since the control interface can be used to
58 # change the network configuration, this access needs to be protected in many
59 # cases. By default, hostapd is configured to use gid 0 (root). If you
60 # want to allow non-root users to use the contron interface, add a new group
61 # and change this value to match with that group. Add users that should have
62 # control interface access to this group.
63 #
64 # This variable can be a group name or gid.
65 #ctrl_interface_group=wheel
66 ctrl_interface_group=0
67
68
69 ##### IEEE 802.11 related configuration #######################################
70
71 # SSID to be used in IEEE 802.11 management frames
72 ssid=IPFire
73
74 # Station MAC address -based authentication
75 # 0 = accept unless in deny list
76 # 1 = deny unless in accept list
77 # 2 = use external RADIUS server (accept/deny lists are searched first)
78 macaddr_acl=0
79
80 # Accept/deny lists are read from separate files (containing list of
81 # MAC addresses, one per line). Use absolute path name to make sure that the
82
83 # files can be read on SIGHUP configuration reloads.
84 #accept_mac_file=/etc/hostapd/hostapd.accept
85 #deny_mac_file=/etc/hostapd/hostapd.deny
86
87 # IEEE 802.11 specifies two authentication algorithms. hostapd can be
88 # configured to allow both of these or only one. Open system authentication
89 # should be used with IEEE 802.1X.
90 # Bit fields of allowed authentication algorithms:
91 # bit 0 = Open System Authentication
92 # bit 1 = Shared Key Authentication (requires WEP)
93 auth_algs=1
94
95 # Associate as a station to another AP while still acting as an AP on the same
96 # channel.
97 #assoc_ap_addr=00:12:34:56:78:9a
98
99
100 ##### IEEE 802.1X (and IEEE 802.1aa/D4) related configuration #################
101
102 # Require IEEE 802.1X authorization
103 #ieee8021x=0
104
105 # Use integrated EAP authenticator instead of external RADIUS authentication
106 # server
107 #eap_authenticator=0
108
109 # Path for EAP authenticator user database
110 #eap_user_file=/etc/hostapd/eap_user
111
112 # CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
113 #ca_cert=/etc/hostapd/ca.pem
114
115 # Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
116 #server_cert=/etc/hostapd/server.pem
117
118 # Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
119 # This may point to the same file as server_cert if both certificate and key
120 # are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be
121 # used by commenting out server_cert and specifying the PFX file as the
122 # private_key.
123 #private_key=/etc/hostapd/server.prv
124
125 # Passphrase for private key
126 #private_key_passwd=secret passphrase
127
128 # Configuration data for EAP-SIM database/authentication gateway interface.
129 # This is a text string in implementation specific format. The example
130 # implementation in eap_sim_db.c uses this as the file name for the GSM
131 # authentication triplets.
132 #eap_sim_db=/etc/hostapd/sim_db
133
134 # Optional displayable message sent with EAP Request-Identity
135 #eap_message=hello
136
137 # WEP rekeying (disabled if key lengths are not set or are set to 0)
138 # Key lengths for default/broadcast and individual/unicast keys:
139 # 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits)
140 # 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits)
141 #wep_key_len_broadcast=5
142 #wep_key_len_unicast=5
143 # Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
144 #wep_rekey_period=300
145
146 # EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only if
147 # only broadcast keys are used)
148 #eapol_key_index_workaround=0
149
150 # EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable
151 # reauthentication).
152 #eap_reauth_period=3600
153
154
155 ##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
156
157 # Interface to be used for IAPP broadcast packets
158 #iapp_interface=eth0
159
160
161 ##### RADIUS configuration ####################################################
162 # for IEEE 802.1X with external Authentication Server, IEEE 802.11
163 # authentication with external ACL for MAC addresses, and accounting
164
165 # The own IP address of the access point (used as NAS-IP-Address)
166 #own_ip_addr=127.0.0.1
167
168 # Optional NAS-Identifier string for RADIUS messages. When used, this should be
169 # a unique to the NAS within the scope of the RADIUS server. For example, a
170 # fully qualified domain name can be used here.
171 #nas_identifier=ap.example.com
172
173 # RADIUS authentication server
174 #auth_server_addr=127.0.0.1
175 #auth_server_port=1812
176 #auth_server_shared_secret=secret
177
178 # RADIUS accounting server
179 #acct_server_addr=127.0.0.1
180 #acct_server_port=1813
181 #acct_server_shared_secret=secret
182
183 # Secondary RADIUS servers; to be used if primary one does not reply to
184 # RADIUS packets. These are optional and there can be more than one secondary
185 # server listed.
186 #auth_server_addr=127.0.0.2
187 #auth_server_port=1812
188 #auth_server_shared_secret=secret2
189 #
190 #acct_server_addr=127.0.0.2
191 #acct_server_port=1813
192 #acct_server_shared_secret=secret2
193
194 # Retry interval for trying to return to the primary RADIUS server (in
195 # seconds). RADIUS client code will automatically try to use the next server
196 # when the current server is not replying to requests. If this interval is set,
197 # primary server will be retried after configured amount of time even if the
198 # currently used secondary server is still working.
199 #radius_retry_primary_interval=600
200
201 # Interim accounting update interval
202 # If this is set (larger than 0) and acct_server is configured, hostapd will
203 # send interim accounting updates every N seconds. Note: if set, this overrides
204 # possible Acct-Interim-Interval attribute in Access-Accept message. Thus, this
205 # value should not be configured in hostapd.conf, if RADIUS server is used to
206 # control the interim interval.
207 # This value should not be less 600 (10 minutes) and must not be less than
208 # 60 (1 minute).
209 #radius_acct_interim_interval=600
210
211 # hostapd can be used as a RADIUS authentication server for other hosts. This
212 # requires that the integrated EAP authenticator is also enabled and both
213 # authentication services are sharing the same configuration.
214
215 # File name of the RADIUS clients configuration for the RADIUS server. If this
216 # commented out, RADIUS server is disabled.
217 #radius_server_clients=/etc/hostapd/radius_clients
218
219 # The UDP port number for the RADIUS authentication server
220 #radius_server_auth_port=1812
221
222
223 ##### WPA/IEEE 802.11i configuration ##########################################
224
225 # Enable WPA. Setting this variable configures the AP to require WPA (either
226 # WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
227 # wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
228 # For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
229 # RADIUS authentication server must be configured, and WPA-EAP must be included
230 # in wpa_key_mgmt.
231 # This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
232 # and/or WPA2 (full IEEE 802.11i/RSN):
233 # bit0 = WPA
234 # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
235 wpa=1
236
237 # WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
238 # secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
239 # (8..63 characters) that will be converted to PSK. This conversion uses SSID
240 # so the PSK changes when ASCII passphrase is used and the SSID is changed.
241 # wpa_psk (dot11RSNAConfigPSKValue)
242 # wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
243 #wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
244 wpa_passphrase=yoursecretpassphrase
245
246 # Optionally, WPA PSKs can be read from a separate text file (containing list
247 # of (PSK,MAC address) pairs. This allows more than one PSK to be configured.
248 # Use absolute path name to make sure that the files can be read on SIGHUP
249 # configuration reloads.
250 #wpa_psk_file=/etc/hostapd/wpa_psk
251
252 # Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
253 # entries are separated with a space.
254 # (dot11RSNAConfigAuthenticationSuitesTable)
255 #wpa_key_mgmt=WPA-PSK WPA-EAP
256 wpa_key_mgmt=WPA-PSK
257
258 # Set of accepted cipher suites (encryption algorithms) for pairwise keys
259 # (unicast packets). This is a space separated list of algorithms:
260
261 # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
262 # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
263 # Group cipher suite (encryption algorithm for broadcast and multicast frames)
264 # is automatically selected based on this configuration. If only CCMP is
265 # allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
266 # TKIP will be used as the group cipher.
267 # (dot11RSNAConfigPairwiseCiphersTable)
268 wpa_pairwise=TKIP CCMP
269
270 # Time interval for rekeying GTK (broadcast/multicast encryption keys) in
271 # seconds. (dot11RSNAConfigGroupRekeyTime)
272 #wpa_group_rekey=600
273
274 # Rekey GTK when any STA that possesses the current GTK is leaving the BSS.
275 # (dot11RSNAConfigGroupRekeyStrict)
276 #wpa_strict_rekey=1
277
278 # Time interval for rekeying GMK (master key used internally to generate GTKs
279 # (in seconds).
280 #wpa_gmk_rekey=86400
281
282 # Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
283 # roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
284 # authentication and key handshake before actually associating with a new AP.
285 # (dot11RSNAPreauthenticationEnabled)
286 #rsn_preauth=1
287 #
288 # Space separated list of interfaces from which pre-authentication frames are
289 # accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
290 # interface that are used for connections to other APs. This could include
291 # wired interfaces and WDS links. The normal wireless data interface towards
292 # associated stations (e.g., wlan0) should not be added, since
293 # pre-authentication is only used with APs other than the currently associated
294 # one.
295 #rsn_preauth_interfaces=eth0