You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
128 lines
4.8 KiB
128 lines
4.8 KiB
3 years ago
|
.\" Manpage for hostapd.conf.
|
||
|
.\" Original scrape of https://www.daemon-systems.org/man/hostapd.conf.5.html
|
||
|
.\" Contact linville@redhat.com to correct errors or typos.
|
||
|
.TH hostapd.conf 5 "10 Feb 2021" "1.0" "hostapd.conf man page"
|
||
|
.SH NAME
|
||
|
hostapd.conf \- configuration file for hostapd(8) utility
|
||
|
.SH DESCRIPTION
|
||
|
The hostapd.conf utility is an authenticator for IEEE 802.11 networks.
|
||
|
It provides full support for WPA/IEEE 802.11i and can also act as an IEEE
|
||
|
802.1X Authenticator with a suitable backend Authentication Server
|
||
|
(typically FreeRADIUS).
|
||
|
The configuration file consists of global parameters and domain specific
|
||
|
configuration:
|
||
|
.P
|
||
|
\(bu IEEE 802.1X-2004
|
||
|
.P
|
||
|
\(bu RADIUS client
|
||
|
.P
|
||
|
\(bu RADIUS authentication server
|
||
|
.P
|
||
|
\(bu WPA/IEEE 802.11i
|
||
|
.SH GLOBAL PARAMETERS
|
||
|
The following parameters are recognized:
|
||
|
.SS interface
|
||
|
Interface name. Should be set in "hostap" mode.
|
||
|
.SS debug
|
||
|
Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps,
|
||
|
4 = excessive.
|
||
|
.SS dump_file
|
||
|
Dump file for state information (on SIGUSR1).
|
||
|
.SS ctrl_interface
|
||
|
The pathname of the directory in which hostapd(8) creates UNIX
|
||
|
domain socket files for communication with frontend programs such
|
||
|
as hostapd_cli(8).
|
||
|
.SS ctrl_interface_group
|
||
|
A group name or group ID to use in setting protection on the
|
||
|
control interface file. This can be set to allow non-root users
|
||
|
to access the control interface files. If no group is specified,
|
||
|
the group ID of the control interface is not modified and will,
|
||
|
typically, be the group ID of the directory in which the socket
|
||
|
is created.
|
||
|
.SH IEEE 802.1X-2004 PARAMETERS
|
||
|
The following parameters are recognized:
|
||
|
.SS ieee8021x
|
||
|
Require IEEE 802.1X authorization.
|
||
|
.SS eap_message
|
||
|
Optional displayable message sent with EAP Request-Identity.
|
||
|
.SS wep_key_len_broadcast
|
||
|
Key lengths for broadcast keys.
|
||
|
.SS wep_key_len_unicast
|
||
|
Key lengths for unicast keys.
|
||
|
.SS wep_rekey_period
|
||
|
Rekeying period in seconds.
|
||
|
.SS eapol_key_index_workaround
|
||
|
EAPOL-Key index workaround (set bit7) for WinXP Supplicant.
|
||
|
.SS eap_reauth_period
|
||
|
EAP reauthentication period in seconds. To disable
|
||
|
reauthentication, use "0".
|
||
|
.SH RADIUS CLIENT PARAMETERS
|
||
|
The following parameters are recognized:
|
||
|
.SS own_ip_addr
|
||
|
The own IP address of the access point (used as NAS-IP-Address).
|
||
|
.SS nas_identifier
|
||
|
Optional NAS-Identifier string for RADIUS messages.
|
||
|
.SS auth_server_addr, auth_server_port, auth_server_shared_secret
|
||
|
RADIUS authentication server parameters. Can be defined twice
|
||
|
for secondary servers to be used if primary one does not reply to
|
||
|
RADIUS packets.
|
||
|
.SS acct_server_addr, acct_server_port, acct_server_shared_secret
|
||
|
RADIUS accounting server parameters. Can be defined twice for
|
||
|
secondary servers to be used if primary one does not reply to
|
||
|
RADIUS packets.
|
||
|
.SS radius_retry_primary_interval
|
||
|
Retry interval for trying to return to the primary RADIUS server
|
||
|
(in seconds).
|
||
|
.SS radius_acct_interim_interval
|
||
|
Interim accounting update interval. If this is set (larger than
|
||
|
0) and acct_server is configured, hostapd(8) will send interim
|
||
|
accounting updates every N seconds.
|
||
|
.SH RADIUS AUTHENTICATION SERVER PARAMETERS
|
||
|
The following parameters are recognized:
|
||
|
.SS radius_server_clients
|
||
|
File name of the RADIUS clients configuration for the RADIUS
|
||
|
server. If this is commented out, RADIUS server is disabled.
|
||
|
.SS radius_server_auth_port
|
||
|
The UDP port number for the RADIUS authentication server.
|
||
|
.SS radius_server_ipv6
|
||
|
Use IPv6 with RADIUS server.
|
||
|
.SH WPA/IEEE 802.11i PARAMETERS
|
||
|
The following parameters are recognized:
|
||
|
.SS wpa
|
||
|
Enable WPA. Setting this variable configures the AP to require
|
||
|
WPA (either WPA-PSK or WPA-RADIUS/EAP based on other
|
||
|
configuration).
|
||
|
.SS wpa_psk, wpa_passphrase
|
||
|
WPA pre-shared keys for WPA-PSK. This can be either entered as a
|
||
|
256-bit secret in hex format (64 hex digits), wpa_psk, or as an
|
||
|
ASCII passphrase (8..63 characters) that will be converted to
|
||
|
PSK. This conversion uses SSID so the PSK changes when ASCII
|
||
|
passphrase is used and the SSID is changed.
|
||
|
.SS wpa_psk_file
|
||
|
Optionally, WPA PSKs can be read from a separate text file
|
||
|
(containing a list of (PSK,MAC address) pairs.
|
||
|
.SS wpa_key_mgmt
|
||
|
Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or
|
||
|
both).
|
||
|
.SS wpa_pairwise
|
||
|
Set of accepted cipher suites (encryption algorithms) for
|
||
|
pairwise keys (unicast packets). See the example file for more
|
||
|
information.
|
||
|
.SS wpa_group_rekey
|
||
|
Time interval for rekeying GTK (broadcast/multicast encryption
|
||
|
keys) in seconds.
|
||
|
.SS wpa_strict_rekey
|
||
|
Rekey GTK when any STA that possesses the current GTK is leaving
|
||
|
the BSS.
|
||
|
.SS wpa_gmk_rekey
|
||
|
Time interval for rekeying GMK (master key used internally to
|
||
|
generate GTKs (in seconds).
|
||
|
.SH SEE ALSO
|
||
|
hostapd(8), hostapd_cli(8), /usr/share/examples/hostapd/hostapd.conf
|
||
|
.SH HISTORY
|
||
|
The hostapd.conf manual page and hostapd(8) functionality first appeared
|
||
|
in NetBSD 4.0.
|
||
|
.SH AUTHORS
|
||
|
This manual page is derived from the README and hostapd.conf files in the
|
||
|
hostapd distribution provided by Jouni Malinen <jkmaline@cc.hut.fi>.
|