mirror of
https://github.com/pentoo/pentoo-overlay
synced 2025-12-12 03:15:06 +01:00
97 lines
3.4 KiB
Text
97 lines
3.4 KiB
Text
#This is example of using hostapd with an external radius server
|
|
|
|
#enable_karma=0
|
|
#karma_black_white=1
|
|
#karma_ssid_file=/etc/hostapd/hostapd_karma_ssid
|
|
|
|
interface=wlan1
|
|
ssid=PentooTest
|
|
|
|
driver=nl80211
|
|
hw_mode=g
|
|
wmm_enabled=1
|
|
logger_stdout=-1
|
|
logger_stdout_level=0
|
|
dump_file=/tmp/hostapd.dump
|
|
ctrl_interface=/var/run/hostapd
|
|
ieee8021x=1
|
|
eapol_key_index_workaround=0
|
|
own_ip_addr=127.0.0.1
|
|
|
|
#We use net-dialup/freeradius by default
|
|
auth_server_addr=127.0.0.1
|
|
auth_server_port=1812
|
|
auth_server_shared_secret=testing123
|
|
wpa=3
|
|
wpa_key_mgmt=WPA-EAP
|
|
channel=6
|
|
wpa_pairwise=TKIP CCMP
|
|
rsn_pairwise=TKIP CCMP
|
|
|
|
# Use integrated EAP server instead of external RADIUS authentication
|
|
# server. This is also needed if hostapd is configured to act as a RADIUS
|
|
# authentication server.
|
|
eap_server=0
|
|
|
|
#eap_user_file=/etc/hostapd/hostapd.eap_user
|
|
|
|
#ca_cert=/etc/hostapd/hostapd/ca.pem
|
|
#server_cert=/etc/hostapd/hostapd/server.pem
|
|
#private_key=/etc/hostapd/hostapd/privkey.pem
|
|
#private_key_passwd=MyPassword
|
|
|
|
# Enable CRL verification.
|
|
# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
|
|
# valid CRL signed by the CA is required to be included in the ca_cert file.
|
|
# This can be done by using PEM format for CA certificate and CRL and
|
|
# concatenating these into one file. Whenever CRL changes, hostapd needs to be
|
|
# restarted to take the new CRL into use.
|
|
# 0 = do not verify CRLs (default)
|
|
# 1 = check the CRL of the user certificate
|
|
# 2 = check all CRLs in the certificate path
|
|
check_crl=0
|
|
|
|
# Encryption key for EAP-FAST PAC-Opaque values. This key must be a secret,
|
|
# random value. It is configured as a 16-octet value in hex format. It can be
|
|
# generated, e.g., with the following command:
|
|
# od -tx1 -v -N16 /dev/random | colrm 1 8 | tr -d ' '
|
|
#pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
|
|
|
|
# EAP-FAST authority identity (A-ID)
|
|
# A-ID indicates the identity of the authority that issues PACs. The A-ID
|
|
# should be unique across all issuing servers. In theory, this is a variable
|
|
# length field, but due to some existing implementations requiring A-ID to be
|
|
# 16 octets in length, it is strongly recommended to use that length for the
|
|
# field to provid interoperability with deployed peer implementations. This
|
|
# field is configured in hex format.
|
|
#eap_fast_a_id=101112131415161718191a1b1c1d1e1f
|
|
|
|
# EAP-FAST authority identifier information (A-ID-Info)
|
|
# This is a user-friendly name for the A-ID. For example, the enterprise name
|
|
# and server name in a human-readable format. This field is encoded as UTF-8.
|
|
#eap_fast_a_id_info=test server
|
|
|
|
# Enable/disable different EAP-FAST provisioning modes:
|
|
#0 = provisioning disabled
|
|
#1 = only anonymous provisioning allowed
|
|
#2 = only authenticated provisioning allowed
|
|
#3 = both provisioning modes allowed (default)
|
|
#eap_fast_prov=3
|
|
|
|
# EAP-FAST PAC-Key lifetime in seconds (hard limit)
|
|
#pac_key_lifetime=604800
|
|
|
|
# EAP-FAST PAC-Key refresh time in seconds (soft limit on remaining hard
|
|
# limit). The server will generate a new PAC-Key when this number of seconds
|
|
# (or fewer) of the lifetime remains.
|
|
#pac_key_refresh_time=86400
|
|
|
|
# EAP-SIM and EAP-AKA protected success/failure indication using AT_RESULT_IND
|
|
# (default: 0 = disabled).
|
|
#eap_sim_aka_result_ind=1
|
|
|
|
# Trusted Network Connect (TNC)
|
|
# If enabled, TNC validation will be required before the peer is allowed to
|
|
# connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other
|
|
# EAP method is enabled, the peer will be allowed to connect without TNC.
|
|
#tnc=1
|