特殊:Badtitle/NS100:WifiDocs/WPAHowTo:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Oneleaf留言 | 贡献
无编辑摘要
Wikibot留言 | 贡献
无编辑摘要
 
(未显示2个用户的11个中间版本)
第1行: 第1行:
{{From|https://help.ubuntu.com/community/WifiDocs/WPAHowTo}}
{{From|https://help.ubuntu.com/community/WifiDocs/WPAHowTo}}
{{Languages|UbuntuHelp:WifiDocs/WPAHowTo}}
{{Languages|UbuntuHelp:WifiDocs/WPAHowTo}}
 
<<Include(Tag/Unsupported)>>
 
<<Include(Tag/StyleCleanup)>>
== WPA howto ==
== WPA howto ==
 
WPA configuration is handled seamlessly by the "just works" [[UbuntuHelp:WifiDocs/NetworkManager|WifiDocs/NetworkManager]] and should be installed with recent versions of Ubuntu. If not you can go through the procedure to install it manually here or you can configure the daemon in charge of WPA encryption (wpasupplicant) manually.
WPA configuration is handled seamlessly by the "just works" [[UbuntuHelp:WifiDocs/NetworkManager]] and should be installed with recent versions of Ubuntu. If not you can go through the procedure to install it manually here or you can configure the daemon in charge of WPA encryption (wpasupplicant) manually.
The [[UbuntuHelp:NetworkManager|NetworkManager]] should be installed by default on recent versions of Ubuntu, see [[UbuntuHelp:WifiDocs/NetworkManager|WifiDocs/NetworkManager]] for more information on the [[UbuntuHelp:NetworkManager|NetworkManager]].
 
The NetworkManager should be installed by default on recent versions of Ubuntu, see [[UbuntuHelp:WifiDocs/NetworkManager]] for more information on the NetworkManager.
 
==== What is WPA? ====
==== What is WPA? ====
Wi-Fi Protected Access (WPA) is a family of encryption methods used when connecting to a wireless access point.  It is based on the technology that is used in Wired Equivalent Privacy (WEP) but provides stronger security.  For more information on the subject you can see the [http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access WPA] entry on Wikipedia.
Wi-Fi Protected Access (WPA) is a family of encryption methods used when connecting to a wireless access point.  It is based on the technology that is used in Wired Equivalent Privacy (WEP) but provides stronger security.  For more information on the subject you can see the [http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access WPA] entry on Wikipedia.
===== Kubuntu version =====
===== Kubuntu version =====
For instructions for Kubuntu, take a look at [[UbuntuHelp:WifiDocs/WPAHowTo/Kubuntu]]
For instructions for Kubuntu, take a look at [[UbuntuHelp:WifiDocs/WPAHowTo/Kubuntu|WifiDocs/WPAHowTo/Kubuntu]]
 
== Network Manager ==
== Network Manager ==
For '''Ubuntu 6.06 LTS''' (Dapper) or later (but not for Kubuntu 6.06 or 6.10), there should be a Network Manager icon in the GNOME panel, which looks like a couple of dots. Right click the Network Manager icon to enable the network if necessary. Next, left click on the Network Manager icon and choose "Connect to other wireless network". Then, enter "YOUR-SSID" for the network name and choose your type "WPA ENTERPRISE" or "WPA PERSONAL" etc, etc ... for wireless security.  Enter the password in the password text entry box.  Click connect to attempt a connection. It is unlikely that you will need the procedure described bellow.
For '''Ubuntu 6.06 LTS''' (Dapper) or later (but not for Kubuntu 6.06 or 6.10), there should be a Network Manager icon in the GNOME panel, which looks like a couple of dots. Right click the Network Manager icon to enable the network if necessary. Next, left click on the Network Manager icon and choose "Connect to other wireless network". Then, enter "YOUR-SSID" for the network name and choose your type "WPA ENTERPRISE" or "WPA PERSONAL" etc, etc ... for wireless security.  Enter the password in the password text entry box.  Click connect to attempt a connection. It is unlikely that you will need the procedure described bellow.
 
''Note: if you have altered the configuration of your network cards in <code><nowiki>/etc/network/interfaces</nowiki></code> it is likely that Network Manager will refuse to manage the non-standard interfaces (see <code><nowiki>/usr/share/doc/network-manager/README.Debian</nowiki></code> for more information). The easiest way to have [[UbuntuHelp:NetworkManager|NetworkManager]] configure your networking devices is to simply leave them out of <code><nowiki>/etc/network/interfaces</nowiki></code>.''
''Note: if you have altered the configuration of your network cards in <code><nowiki>/etc/network/interfaces</nowiki></code> it is likely that Network Manager will refuse to manage the non-standard interfaces (see <code><nowiki>/usr/share/doc/network-manager/README.Debian</nowiki></code> for more information). The easiest way to have NetworkManager configure your networking devices is to simply leave them out of <code><nowiki>/etc/network/interfaces</nowiki></code>.''
 
If you do not see a network icon near your power information, or if WEP is your only encryption choice for network configuration, you may need to install Network Manager.  For Ubuntu users:
If you do not see a network icon near your power information, or if WEP is your only encryption choice for network configuration, you may need to install Network Manager.  For Ubuntu users:
<pre><nowiki>
<pre><nowiki>
sudo apt-get install network-manager-gnome
sudo apt-get install network-manager-gnome
</nowiki></pre>
</nowiki></pre>
Restart dbus to make it awear of the new service
Restart dbus to make it aware of the new service
<pre><nowiki>
<pre><nowiki>
sudo /etc/init.d/dbus restart
sudo /etc/init.d/dbus restart
</nowiki></pre>
</nowiki></pre>
After installing the package, logout and log back in (or re-start) and Network Manager should appear.
After installing the package, logout and log back in (or re-start) and Network Manager should appear.
If the icon does not appear you can start it manually (Gnome):
If the icon does not appear you can start it manually (Gnome):
<pre><nowiki>
<pre><nowiki>
nm-applet
nm-applet
</nowiki></pre>
</nowiki></pre>
 
If WPA does not work, make sure that wpa-supplicant is installed. No further configuration is needed [[UbuntuHelp:NetworkManager|NetworkManager]] should handle the rest. If all else fails try the procedure bellow.
If WPA does not work, make sure that wpa-supplicant is installed. No further configuration is needed NetworkManager should handle the rest. If all else fails try the procedure bellow.
<pre><nowiki>
<pre><nowiki>
sudo apt-get install wpasupplicant
sudo apt-get install wpasupplicant
</nowiki></pre>
</nowiki></pre>
===== Kubuntu =====
===== Kubuntu =====
Note that for Kubuntu users, the Wireless Assistant Wireless LAN Manager, found in the KMenu/Internet menu, does not integrate with WPA, and should not be used.
Note that for Kubuntu users, the Wireless Assistant Wireless LAN Manager, found in the KMenu/Internet menu, does not integrate with WPA, and should not be used.
Kubuntu users should install the KDE version (from Kubuntu 6.0.6):
Kubuntu users should install the KDE version (from Kubuntu 6.0.6):
<pre><nowiki>
<pre><nowiki>
sudo apt-get install knetworkmanager
sudo apt-get install knetworkmanager
</nowiki></pre>
</nowiki></pre>
Kubuntu (still 6.0.6) users should also skip the section on editing of files and the section on password nagging, and activate kwalletmanager instead. This means you will only get WPA when logged into KDE, but hey ... (For instructions on how to do this, see [http://en.opensuse.org/Projects/KNetworkManager#How_can_I_store_passphrases_associated_with_encrypted_wireless_networks.3F this link]). Log out and back in, and start [[Verbatim(KNetworkManager)]] from the Internet menu. In some rare cases WPA needs special setup, perhaps for the RT2500 chipset [[UbuntuHelp:WifiDocs/Driver/RalinkRT2500]] (i have not tried this).
Kubuntu (still 6.0.6) users should also skip the section on editing of files and the section on password nagging, and activate kwalletmanager instead. This means you will only get WPA when logged into KDE, but hey ... (For instructions on how to do this, see [http://en.opensuse.org/Projects/KNetworkManager#How_can_I_store_passphrases_associated_with_encrypted_wireless_networks.3F this link]). Log out and back in, and start <<Verbatim(KNetworkManager)>> from the Internet menu. In some rare cases WPA needs special setup, perhaps for the RT2500 chipset [[UbuntuHelp:WifiDocs/Driver/RalinkRT2500|WifiDocs/Driver/RalinkRT2500]] (i have not tried this).
 
Or for earlier versions of Kubuntu:
Or for earlier versions of Kubuntu:
<pre><nowiki>
<pre><nowiki>
sudo apt-get install network-manager-kde
sudo apt-get install network-manager-kde
</nowiki></pre>
</nowiki></pre>
=== Avoiding password nagging ===
=== Avoiding password nagging ===
Gnome Network Manager bugs for the keyring password on login, so install pam-keyring to get around that.
Gnome Network Manager bugs for the keyring password on login, so install pam-keyring to get around that.
 
*** Can anyone help with Gutsy yet?? This fix was brilliant under Dapper & Fiesty, but breaks under Gutsy. It is an excellent addition to your wifi and you miss it badly when upgrading!!!
*** Why? You only need to install the libpam(-gnome)-keyring package in Gutsy. Then simply check the box saying "Automatically unlock this keyring when I log in." when being asked for the keyring password.
Either use the unofficial debian package found at: ubuntuforums.org http://ubuntuforums.org/attachment.php?attachmentid=11818&d=1151394726 , or install from source. (Warning: be careful about install from unauthenticated sources; it's a little safer to build from source---see the instructions below.)
Either use the unofficial debian package found at: ubuntuforums.org http://ubuntuforums.org/attachment.php?attachmentid=11818&d=1151394726 , or install from source. (Warning: be careful about install from unauthenticated sources; it's a little safer to build from source---see the instructions below.)
Here is the link to get the source package
Here is the link to get the source package
* http://www.hekanetworks.com/pam_keyring/
* http://www.hekanetworks.com/pam_keyring/
* http://www.hekanetworks.com/opensource/pam_keyring/
* http://www.hekanetworks.com/opensource/pam_keyring/
You may need to get a few packages in addition to build-essential to complete the build.
You may need to get a few packages in addition to build-essential to complete the build.
Using Synaptic get:
Using Synaptic get:
* libpam0g-dev
* libpam0g-dev
第73行: 第56行:
* autotools-dev
* autotools-dev
* libtool
* libtool
Here are the steps to install:
<ol><li>Download
</li><li>Unzip to folder (e.g. ~/pam_keyring_tmp)
</li><li>In Terminal:</li></ol>


Here are the steps to install:
* Download
* Unzip to folder (e.g. ~/pam_keyring_tmp)
* In Terminal:
<pre><nowiki>
<pre><nowiki>
cd ~/pam_keyring_tmp
cd ~/pam_keyring_tmp
第99行: 第82行:
session optional pam_keyring.so
session optional pam_keyring.so
</nowiki></pre>
</nowiki></pre>
 
Reboot your computer, log out and in again, or type <code><nowiki>sudo /etc/init.d/gdm restart</nowiki></code> to restart X.
Reboot your computer, log out and in again, or hit ctl-alt-backspace to restart X.
 
As I mentioned in the comments in gdm file, this relies on having the password of the default keyring the same as your login password. ENJOY!
As I mentioned in the comments in gdm file, this relies on having the password of the default keyring the same as your login password. ENJOY!
~- Original instructions from: http://ubuntuforums.org/showthread.php?t=187874
~- Original instructions from: http://ubuntuforums.org/showthread.php?t=187874
and http://ubuntuforums.org/showthread.php?p=1619571 and http://ubuntuforums.org/showthread.php?t=192281 -~
and http://ubuntuforums.org/showthread.php?p=1619571 and http://ubuntuforums.org/showthread.php?t=192281 -~
 
<!> If your wireless card is based on the rt2500 chipset, '''do not''' follow these instructions, as WPA has to be configured as described in [[UbuntuHelp:WifiDocs/Driver/RalinkRT2500|WifiDocs/Driver/RalinkRT2500]].
<!> If your wireless card is based on the rt2500 chipset, '''do not''' follow these instructions, as WPA has to be configured as described in [[UbuntuHelp:WifiDocs/Driver/RalinkRT2500]].
 
== WPA Supplicant ==
== WPA Supplicant ==
{i} ~- Before proceeding any further, it might be worthwhile to check whether your Wi-Fi Card is supported. [http://hostap.epitest.fi/wpa_supplicant/ wpa_supplicant website] This will save you lots of time and frustration. -~
{i} ~- Before proceeding any further, it might be worthwhile to check whether your Wi-Fi Card is supported. [http://hostap.epitest.fi/wpa_supplicant/ wpa_supplicant website] This will save you lots of time and frustration. -~
Bear in mind that altering the <code><nowiki>/etc/network/interfaces</nowiki></code> file will likely interfere with Network Manager (see note above).
Bear in mind that altering the <code><nowiki>/etc/network/interfaces</nowiki></code> file will likely interfere with Network Manager (see note above).
=== Configuring wpa_supplicant ===
=== Configuring wpa_supplicant ===
WPA supplicant provides WPA support, as well as automatic selection of the best available configured access point. WPA supplicant should already be installed in Dapper and later. Otherwise, install it:
WPA supplicant provides WPA support, as well as automatic selection of the best available configured access point. WPA supplicant should already be installed in Dapper and later. Otherwise, install it:
<pre><nowiki>
<pre><nowiki>
sudo apt-get install wpasupplicant
  sudo apt-get install wpasupplicant
</nowiki></pre>
  </nowiki></pre>
You then need to configure it.
You then need to configure it.
==== Note to Kubuntu users: No editing of files needed. Just make sure wpasupplicant is installed and start knetworkmanager from the Internet menu. ====
==== Note to Kubuntu users: No editing of files needed. Just make sure wpasupplicant is installed and start knetworkmanager from the Internet menu. ====
Edit <code><nowiki>/etc/wpa_supplicant.conf</nowiki></code> to include your network. The info to include can be generated with wpa_passphrase {i} ''(although this is optional, it saves the supplicant having to generate the preshared key (PSK) each time it is started)'':
Edit <code><nowiki>/etc/wpa_supplicant.conf</nowiki></code> to include your network. The info to include can be generated with wpa_passphrase {i} ''(although this is optional, it saves the supplicant having to generate the preshared key (PSK) each time it is started)'':
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.png
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.png
<pre><nowiki>
<pre><nowiki>
dennis@mirage:~$ wpa_passphrase NetworkEssid
  dennis@mirage:~$ wpa_passphrase NetworkEssid
# reading passphrase from stdin
  # reading passphrase from stdin
TextPassphrase
  TextPassphrase
network={
  network={
ssid="NetworkEssid"
        ssid="NetworkEssid"
#psk="TextPassphrase"
        #psk="TextPassphrase"
psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c
        psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c
}
  }
</nowiki></pre>
  </nowiki></pre>
{i} ~- Requiring wpa_passphrase to prompt for the passphrase, rather than providing it as a command line argument, prevents the phrase from being stored insecurely in your shell's history. -~
{i} ~- Requiring wpa_passphrase to prompt for the passphrase, rather than providing it as a command line argument, prevents the phrase from being stored insecurely in your shell's history. -~
Then add the following to the end of /etc/wpa_supplicant.conf:
Then add the following to the end of /etc/wpa_supplicant.conf:
<pre><nowiki>
<pre><nowiki>
network={
  network={
ssid="NetworkEssid"
        ssid="NetworkEssid"
scan_ssid=1 # only needed if your access point uses a hidden ssid
        scan_ssid=1 # only needed if your access point uses a hidden ssid
proto=WPA
        proto=WPA
key_mgmt=WPA-PSK
        key_mgmt=WPA-PSK
psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c
        psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c
}
  }
</nowiki></pre>
  </nowiki></pre>
{i} ~- You ''may'' have to specify <code><nowiki>proto=WPA</nowiki></code> and <code><nowiki>key_mgmt=WPA-PSK</nowiki></code>, but <code><nowiki>wpa_supplicant</nowiki></code> can usually autodetect them correctly. -~
{i} ~- You ''may'' have to specify <code><nowiki>proto=WPA</nowiki></code> and <code><nowiki>key_mgmt=WPA-PSK</nowiki></code>, but <code><nowiki>wpa_supplicant</nowiki></code> can usually autodetect them correctly. -~
=== Testing the configuration ===
=== Testing the configuration ===
Next we test the WPA supplicant. To do this you first determine which driver you have. The supported drivers are visible by running `wpa_supplicant -h`. In this example I assume the <code><nowiki>madwifi</nowiki></code> driver. You also need to know the name of your card's interface. In this example I assume <code><nowiki>ath0</nowiki></code>.
Next we test the WPA supplicant. To do this you first determine which driver you have. The supported drivers are visible by running `wpa_supplicant -h`. In this example I assume the <code><nowiki>madwifi</nowiki></code> driver. You also need to know the name of your card's interface. In this example I assume <code><nowiki>ath0</nowiki></code>.
Now simply start wpa_supplicant for testing:
Now simply start wpa_supplicant for testing:
<pre><nowiki>
<pre><nowiki>
sudo wpa_supplicant -iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w
  sudo wpa_supplicant -iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w
</nowiki></pre>
  </nowiki></pre>
 
You should see something like the following, but more verbose (if you get a different result, append -dd to the above command line and ask someone on #ubuntu for help if you need additional examples try [http://www.examplenow.com/wpa_supplicant wpa_supplicant]):
You should see something like the following, but more verbose (if you get a different result, append -dd to the above command line and ask someone on #ubuntu for help):
 
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.png
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.png
<pre><nowiki>
<pre><nowiki>
Trying to associate with 00:ff:00:1e:a7:7d (SSID='NetworkEssid' freq=0 MHz)
  Trying to associate with 00:ff:00:1e:a7:7d (SSID='NetworkEssid' freq=0 MHz)
Associated with 00:ff:00:1e:a7:7d
  Associated with 00:ff:00:1e:a7:7d
WPA: Key negotiation completed with 00:ff:00:1e:a7:7d [PTK=TKIP GTK=TKIP]
  WPA: Key negotiation completed with 00:ff:00:1e:a7:7d [PTK=TKIP GTK=TKIP]
</nowiki></pre>
  </nowiki></pre>
 
Now interrupt wpa_supplicant with <ctrl> C
Now interrupt wpa_supplicant with <ctrl> C
=== Final installation (Ubuntu 6.10 (Edgy)) ===
=== Final installation (Ubuntu 6.10 (Edgy)) ===
Telling Ubuntu Edgy to use WPA supplicant is pleasingly easy. Note this will not work with Network Manager (see note above).
Telling Ubuntu Edgy to use WPA supplicant is pleasingly easy. Note this will not work with Network Manager (see note above).
First find the interface in <code><nowiki>/etc/network/interfaces</nowiki></code>. It should look like this:
First find the interface in <code><nowiki>/etc/network/interfaces</nowiki></code>. It should look like this:
<pre><nowiki>
<pre><nowiki>
第186行: 第148行:
</nowiki></pre>
</nowiki></pre>
Where, as above, you have to use your driver and interface in place of the example <code><nowiki>madwifi</nowiki></code> and <code><nowiki>ath0</nowiki></code>. That's it! Now when you <code><nowiki>ifup</nowiki></code>/<code><nowiki>ifdown</nowiki></code> the interface (of Ubuntu does it for you on boot/shutdown), <code><nowiki>wpa_supplicant</nowiki></code> will be correctly started and stopped.
Where, as above, you have to use your driver and interface in place of the example <code><nowiki>madwifi</nowiki></code> and <code><nowiki>ath0</nowiki></code>. That's it! Now when you <code><nowiki>ifup</nowiki></code>/<code><nowiki>ifdown</nowiki></code> the interface (of Ubuntu does it for you on boot/shutdown), <code><nowiki>wpa_supplicant</nowiki></code> will be correctly started and stopped.
=== Final installation (older versions) ===
=== Final installation (older versions) ===
Once wpa_supplicant works, you should edit /etc/network/interfaces to include wpa_supplicant. If prior to all of this, your /etc/network/interfaces looks like:
Once wpa_supplicant works, you should edit /etc/network/interfaces to include wpa_supplicant. If prior to all of this, your /etc/network/interfaces looks like:
<pre><nowiki>
<pre><nowiki>
auto ath0
  auto ath0
iface ath0 inet dhcp
  iface ath0 inet dhcp
</nowiki></pre>
  </nowiki></pre>
Simply change it to look like:
Simply change it to look like:
<pre><nowiki>
<pre><nowiki>
auto ath0
  auto ath0
iface ath0 inet dhcp
  iface ath0 inet dhcp
pre-up /etc/init.d/wpasupplicant start
  pre-up /etc/init.d/wpasupplicant start
pre-up sleep 5
  pre-up sleep 5
</nowiki></pre>
  </nowiki></pre>
 
{i}  ~- This looks like an optional step, too. As of 0.4.7-0ubuntu3, the /etc/network/if-pre-up.d/wpasupplicant [http://essaywritingservices.org/custom-essay-writing.php custom writing company] script will take care of this step automatically. - 20060107 DaniloPiazzalunga -~
{i}  ~- This looks like an optional step, too. As of 0.4.7-0ubuntu3, the /etc/network/if-pre-up.d/wpasupplicant script will take care of this step automatically. - 20060107 DaniloPiazzalunga -~
 
{i}  ~- It is indeed optional and only relevant for Breezy systems. I made the change in Dapper's package. - 20060110 [''DanielTChen''] -~
{i}  ~- It is indeed optional and only relevant for Breezy systems. I made the change in Dapper's package. - 20060110 [''DanielTChen''] -~
 
{i} ~- For an alternative more detailed way to configure /etc/network/interfaces to work with wpa_supplicant 0.4.8-3ubuntu1.1 try [http://svn.debian.org/wsvn/pkg-wpa/trunk/wpasupplicant/debian/README.modes?op=file&rev=0&sc=0]] [[http://custom-essay-writing-service.org/faq.php write my essay] - particularly if you want to set up a static IP address, which Network Manager doesn't currently support very well -~
{i} ~- For an alternative more detailed way to configure /etc/network/interfaces to work with wpa_supplicant 0.4.8-3ubuntu1.1 try [http://svn.debian.org/wsvn/pkg-wpa/trunk/wpasupplicant/debian/README.modes?op=file&rev=0&sc=0] - particularly if you want to set up a static IP address, which Network Manager doesn't currently support very well -~
 
Finally, edit /etc/default/wpasupplicant to enable wpa_supplicant and provide its command line options. For our example setup, this would be:
Finally, edit /etc/default/wpasupplicant to enable wpa_supplicant and provide its command line options. For our example setup, this would be:
<pre><nowiki>
<pre><nowiki>
# Useful flags:
  # Useful flags:
#  -D <driver>          Wireless drive, typically optional.
  #  -D <driver>          Wireless drive, typically optional.
#  -i <ifname>          Interface
  #  -i <ifname>          Interface
#  -c <config file>    Configuration file
  #  -c <config file>    Configuration file
#  -d                  Debugging (-dd for more)
  #  -d                  Debugging (-dd for more)
#  -w                  Wait for interface to come up
  #  -w                  Wait for interface to come up


# See the manual page wpa_supplicant(1) for more options and information.
  # See the manual page wpa_supplicant(1) for more options and information.


ENABLED=1
  ENABLED=1
OPTIONS="-iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w"
  OPTIONS="-iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w"
 
</nowiki></pre>


  </nowiki></pre>
{i}  ~- Note that in Dapper, because of a newer kernel (2.6.15) and a newer wpasupplicant package (0.4.7), your wireless driver may already support the kernel's wireless extensions interface. Please consult the README.Debian. - 20060110 [''DanielTChen''] -~
{i}  ~- Note that in Dapper, because of a newer kernel (2.6.15) and a newer wpasupplicant package (0.4.7), your wireless driver may already support the kernel's wireless extensions interface. Please consult the README.Debian. - 20060110 [''DanielTChen''] -~
{i}  ~- I placed the "ENABLED=1" setting directly above the "OPTIONS" setting; it was easy to miss that setting when it was above the comment section in the file. - 20060129 [''Scott''] -~
{i}  ~- I placed the "ENABLED=1" setting directly above the "OPTIONS" setting; it was easy to miss that setting when it was above the comment section in the file. - 20060129 [''Scott''] -~
{i}  ~- If you have an ipw2200 wirless card and a kernel 2.6.16 or newer, you maybe have to use "wext" driver instead of "ipw" -~
{i}  ~- If you have an ipw2200 wirless card and a kernel 2.6.16 or newer, you maybe have to use "wext" driver instead of "ipw" -~
==== Integration with DHCP ====
==== Integration with DHCP ====
{i}  ~- Note that the instructions below are deprecated. The changes that I made in Dapper's wpasupplicant package already take care of this case. [''DanielTChen''] -~
{i}  ~- Note that the instructions below are deprecated. The changes that I made in Dapper's wpasupplicant package already take care of this case. [''DanielTChen''] -~
If you want your wireless card to aquire a new IP address using DHCP when wpa_supplicant associates with an access point, use the wpa_cli utility as documented in the wpa_supplicant [http://hostap.epitest.fi/cgi-bin/viewcvs.cgi/*checkout*/hostap/wpa_supplicant/README?rev=HEAD&content-type=text/plain README]:
If you want your wireless card to aquire a new IP address using DHCP when wpa_supplicant associates with an access point, use the wpa_cli utility as documented in the wpa_supplicant [http://hostap.epitest.fi/cgi-bin/viewcvs.cgi/*checkout*/hostap/wpa_supplicant/README?rev=HEAD&content-type=text/plain README]:
<pre><nowiki>
<pre><nowiki>
wpa_cli can used to run external programs whenever wpa_supplicant
  wpa_cli can used to run external programs whenever wpa_supplicant
connects or disconnects from a network. This can be used, e.g., to
  connects or disconnects from a network. This can be used, e.g., to
update network configuration and/or trigget DHCP client to update IP
  update network configuration and/or trigget DHCP client to update IP
addresses, etc.
  addresses, etc.
</nowiki></pre>
  </nowiki></pre>
 
The wpa_cli utility can automatically execute a script whenever wpa_supplicant connects or disconnects from an access point. For this, use the -a switch like so:
The wpa_cli utility can automatically execute a script whenever wpa_supplicant connects or disconnects from an access point. For this, use the -a switch like so:
<pre><nowiki>
<pre><nowiki>
wpa_cli -a<my-script>
  wpa_cli -a<my-script>
</nowiki></pre>
  </nowiki></pre>
 
The script will be invoked like this:
The script will be invoked like this:
<pre><nowiki>
<pre><nowiki>
my-script $IF $CONN
  my-script $IF $CONN
</nowiki></pre>
  </nowiki></pre>
 
Where $IF is the interface (eth0, ath0, etc), and $CONN is the event - either "CONNECTED" or "DISCONNECTED".
Where $IF is the interface (eth0, ath0, etc), and $CONN is the event - either "CONNECTED" or "DISCONNECTED".
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.png
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.png
The simplest thing to do is write a script that invokes ifup or ifdown. I've put it in /sbin/wpa_action:
The simplest thing to do is write a script that invokes ifup or ifdown. I've put it in /sbin/wpa_action:
<pre><nowiki>
<pre><nowiki>
#! /bin/bash
  #! /bin/bash


IFNAME=$1
  IFNAME=$1
CMD=$2
  CMD=$2
 
if [ "$CMD" == "CONNECTED" ]; then
SSID=`wpa_cli -i$IFNAME status | grep ^ssid= | cut -f2- -d=`
logger "WiFi: Connecting `$IFNAME' to network `$SSID'"
ifup $IFNAME
elif [ "$CMD" == "DISCONNECTED" ]; then
logger "WiFi: Disconnecting `$IFNAME`"
ifdown $IFNAME
fi
</nowiki></pre>


  if [ "$CMD" == "CONNECTED" ]; then
    SSID=`wpa_cli -i$IFNAME status | grep ^ssid= | cut -f2- -d=`
    logger "WiFi: Connecting `$IFNAME' to network `$SSID'"
    ifup $IFNAME
  elif [ "$CMD" == "DISCONNECTED" ]; then
    logger "WiFi: Disconnecting `$IFNAME`"
    ifdown $IFNAME
  fi
  </nowiki></pre>
Then, edit /etc/init.d/wpasupplicant to run wpa_cli appropriately. Look for these lines:
Then, edit /etc/init.d/wpasupplicant to run wpa_cli appropriately. Look for these lines:
<pre><nowiki>
<pre><nowiki>
case "$1" in
  case "$1" in
start)
start)
echo -n "Starting wpa_supplicant: "
echo -n "Starting wpa_supplicant: "
第288行: 第227行:
;;
;;
stop)
stop)
</nowiki></pre>
  </nowiki></pre>
 
Insert a sleep and wpa_cli call below the start-stop-daemon call:
Insert a sleep and wpa_cli call below the start-stop-daemon call:
<pre><nowiki>
<pre><nowiki>
case "$1" in
  case "$1" in
start)
start)
echo -n "Starting wpa_supplicant: "
echo -n "Starting wpa_supplicant: "
start-stop-daemon --start --name $PNAME
start-stop-daemon --start --name $PNAME
--oknodo --startas $DAEMON -- -B $OPTIONS
--oknodo --startas $DAEMON -- -B $OPTIONS
sleep 1
sleep 1
wpa_cli -a/sbin/wpa_action -B
wpa_cli -a/sbin/wpa_action -B
echo "done."
echo "done."
;;
;;
stop)
stop)
</nowiki></pre>
  </nowiki></pre>
 
If you are using DHCP exclusively to configure your wireless interface, then make sure you have this line for your wireless interface in /etc/network/interfaces:
If you are using DHCP exclusively to configure your wireless interface, then make sure you have this line for your wireless interface in /etc/network/interfaces:
<pre><nowiki>
<pre><nowiki>
iface eth0 inet dhcp
  iface eth0 inet dhcp
</nowiki></pre>
  </nowiki></pre>
 
Where "eth0" is your wireless interface. And you'll want to make sure that your computer doesn't try to automatically start the interface up without an associated AP, so remove your wireless interface from the 'auto' line in /etc/network/interfaces:
Where "eth0" is your wireless interface. And you'll want to make sure that your computer doesn't try to automatically start the interface up without an associated AP, so remove your wireless interface from the 'auto' line in /etc/network/interfaces:
<pre><nowiki>
<pre><nowiki>
auto lo eth0 eth1
  auto lo eth0 eth1
</nowiki></pre>
  </nowiki></pre>
 
So it becomes
So it becomes
<pre><nowiki>
<pre><nowiki>
auto lo eth1
  auto lo eth1
</nowiki></pre>
  </nowiki></pre>
 
Listing only those interfaces that you want to configure on startup. (Obviously, your 'auto' line will look different, depending on what network interfaces you have on your system.)
Listing only those interfaces that you want to configure on startup. (Obviously, your 'auto' line will look different, depending on what network interfaces you have on your system.)
Now, whenever you associate with a new wireless access point, your wireless interface will have an IP automatically configured and you'll be fully connected to the network. (YAY!)
Now, whenever you associate with a new wireless access point, your wireless interface will have an IP automatically configured and you'll be fully connected to the network. (YAY!)
=== GUI for WPA_Supplicant ===
=== GUI for WPA_Supplicant ===
A Qt-based application is available that lets you monitor what <code><nowiki>wpa_supplicant</nowiki></code> is up to:
A Qt-based application is available that lets you monitor what <code><nowiki>wpa_supplicant</nowiki></code> is up to:
[http://packages.ubuntu.com/dapper/net/wpagui]
[http://packages.ubuntu.com/dapper/net/wpagui]
You will need to run it via <code><nowiki>gksudo wpa_gui</nowiki></code> so that it can talk to the WPA daemon.
You will need to run it via <code><nowiki>gksudo wpa_gui</nowiki></code> so that it can talk to the WPA daemon.
== Examples ==
== Examples ==
=== Manual install on Edgy 6.10 ===
=== Manual install on Edgy 6.10 ===
requirements: wpa2-psk with tkip, intel ipw220, dhcp, roaming with different aps
requirements: wpa2-psk with tkip, intel ipw220, dhcp, roaming with different aps
/etc/network/interfaces
/etc/network/interfaces
<pre><nowiki>
<pre><nowiki>
# the roaming interface MUST use the manual inet method
# the roaming interface MUST use the manual inet method
iface eth1 inet manual
iface eth1 inet manual
wpa-driver wext                          #also for intel ip2200!!!!
        wpa-driver wext                          #also for intel ip2200!!!!
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf


# no id_str, 'default' is used as the fallback mapping target
# no id_str, 'default' is used as the fallback mapping target
第354行: 第277行:
# id_str="home_static"
# id_str="home_static"
iface home_static inet static
iface home_static inet static
address 192.168.0.20
        address 192.168.0.20
netmask 255.255.255.0
        netmask 255.255.255.0
network 192.168.0.0
        network 192.168.0.0
broadcast 192.168.0.255
        broadcast 192.168.0.255
gateway 192.168.0.1
        gateway 192.168.0.1
</nowiki></pre>
</nowiki></pre>
wpa_supplicant.conf
wpa_supplicant.conf
<pre><nowiki>
<pre><nowiki>
network={
network={
ssid="foo"
        ssid="foo"
# this id_str will notify /sbin/wpa_action to 'ifup uni'
        # this id_str will notify /sbin/wpa_action to 'ifup uni'
id_str="uni"
        id_str="uni"
key_mgmt=NONE
        key_mgmt=NONE
}
}


network={
network={
ssid="bar"
        ssid="bar"
# this id_str will notify /sbin/wpa_action to 'ifup home_static'
        # this id_str will notify /sbin/wpa_action to 'ifup home_static'
id_str="home_static"
        id_str="home_static"
psk=123456789...
        psk=123456789...
}
}


network={
network={
ssid=""
        ssid=""
# no 'id_str' is given, /sbin/wpa_action will 'ifup default'
        # no 'id_str' is given, /sbin/wpa_action will 'ifup default'
key_mgmt=NONE
        key_mgmt=NONE
}
}


#need wpa2 with tkip
#need wpa2 with tkip
network={
network={
pairwise=TKIP
        pairwise=TKIP
group=TKIP
        group=TKIP
ssid="youressid"
        ssid="youressid"
scan_ssid=1 # only needed if your access point uses a hidden ssid
        scan_ssid=1 # only needed if your access point uses a hidden ssid
proto=WPA
        proto=WPA
key_mgmt=WPA-PSK
        key_mgmt=WPA-PSK
psk=f7cab7b6ecd68702dd989956568b6ecd68349343b6ecd68943b6bf95fa08079dad7
        psk=f7cab7b6ecd68702dd989956568b6ecd68349343b6ecd68943b6bf95fa08079dad7
}
}
</nowiki></pre>
</nowiki></pre>
for more info see
for more info see
<pre><nowiki>
<pre><nowiki>
zmore /usr/share/doc/wpasupplicant/README.modes.gz
zmore /usr/share/doc/wpasupplicant/README.modes.gz
</nowiki></pre>
</nowiki></pre>
== Edgy - Using just the /etc/network/interfaces file, with ndiswrapper and no SSID broadcast ==
== Edgy - Using just the /etc/network/interfaces file, with ndiswrapper and no SSID broadcast ==
I had no luck using any of the above techniques.  I'm using Ndiswrapper on a LinksysG PCMCIA card.  What worked for me is described in the forum here: http://ubuntuforums.org/showthread.php?t=290414
I had no luck using any of the above techniques.  I'm using Ndiswrapper on a LinksysG PCMCIA card.  What worked for me is described in the forum here: http://ubuntuforums.org/showthread.php?t=290414
After setting up the Ndiswrapper module, all I had to do was add the following to /etc/network/interfaces:
After setting up the Ndiswrapper module, all I had to do was add the following to /etc/network/interfaces:
<pre><nowiki>
<pre><nowiki>
第416行: 第335行:
wpa-psk YOUR_HEX_KEY
wpa-psk YOUR_HEX_KEY
</nowiki></pre>
</nowiki></pre>
Works great, hope this helps some people.
<!> Above may be syntactically incorrect - my feisty complains it doesn't find a 'managed' file, so I think the wpa-conf parameter should be the name of an existing file.
== Feisty - Using just the /etc/network/interfaces file, with ndiswrapper and SSID broadcast ==
I got mine working(RaLink Rt2500). Run lspci and if you have "Network controller: RaLink RT2500 802.11g Cardbus/mini-PCI" then this should work for you.
1. Make sure you have ndiswrapper, wpa_supplicant, and the correct rt2500.inf and rt2500.sys files installed through ndiswrapper(as above).I had to get a special inf/sys file from my windows driver disk which was for 64-bit because I run amd64.If you need these let me know and I'll email them to you. I have both 32 and 64 bit, please specify.
2. Verify that you're not using the default driver(serialmonkey) and that you're using ndiswrapper. Just type dmesg |grep rt2500 and you should get something like:


Works great, hope this helps some people.
<pre><nowiki>
[  46.334475] ndiswrapper: driver rt2500 (Ralink Technology, Inc.,10/20/2005, 3.01.00.0000) loaded
[  46.890841] wlan0: ethernet device 00:13:d3:75:d4:a8 using serialized NDIS driver: rt2500, version: 0x20001, NDIS version: 0x501, vendor: 'IEEE 802.11g Wireless Card.', 1814:0201.5.conf
</nowiki></pre>
Step 3 won't work if you don't get through step 2. I had to blacklist the serialmonkey driver and then add ndiswrapper to /etc/modules before I could proceed.
3. Find out your router settings. I just ran iwlist scan and got the following:
 
<pre><nowiki>
          Cell 01 - Address: 00:14:BF:0F:XX:XX
                    ESSID:"myEssid"
                    Protocol:IEEE 802.11g
                    Mode:Managed
                    Frequency:2.417 GHz (Channel 2)
                    Quality:100/100  Signal level:-29 dBm  Noise level:-96 dBm
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
                              24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s
                              12 Mb/s; 48 Mb/s
                    Extra:bcn_int=100
                    Extra:atim=0
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK 
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (2) : CCMP TKIP
                        Authentication Suites (1) : PSK
</nowiki></pre>
4. Modify /etc/network/interfaces as follows, using the info from iwlist scan above:


<pre><nowiki>
iface ra0 inet dhcp
wpa-driver wext
wpa-ssid your-ssid
wpa-ap-scan 1
wpa-proto RSN WPA
wpa-pairwise CCMP TKIP
wpa-group CCMP TKIP
wpa-key-mgmt WPA-PSK
wpa-psk your-wpa-psk
</nowiki></pre>
You may need to remove other things aded by network manager and you may need to disable the wireless in network manager as well for this to work.
== Troubleshooting intermittent disconnects ==
== Troubleshooting intermittent disconnects ==
This can be caused by Network Manager.  Apparently when Network Manager scans for APs, wpa_supplicant will disconnect.  Disabling Network Manager allows WPA to work, but you loose the NM function of automatic connections.
This can be caused by Network Manager.  Apparently when Network Manager scans for APs, wpa_supplicant will disconnect.  Disabling Network Manager allows WPA to work, but you loose the NM function of automatic connections.
=== Hardware ===
=== Hardware ===
You can use <code><nowiki>sudo iwconfig</nowiki></code> to check that you have your wireless device working. Most of the time this should be the case, but sometimes the drivers (kernel modules) fight, and the wrong one wins---for example, Prism 2 cards supported by <code><nowiki>hostap</nowiki></code> may instead end up using the <code><nowiki>orinoco</nowiki></code> driver, which won't work properly. Add incorrect modules to <code><nowiki>/etc/modprobe.d/blacklist</nowiki></code>.
You can use <code><nowiki>sudo iwconfig</nowiki></code> to check that you have your wireless device working. Most of the time this should be the case, but sometimes the drivers (kernel modules) fight, and the wrong one wins---for example, Prism 2 cards supported by <code><nowiki>hostap</nowiki></code> may instead end up using the <code><nowiki>orinoco</nowiki></code> driver, which won't work properly. Add incorrect modules to <code><nowiki>/etc/modprobe.d/blacklist</nowiki></code>.
==  Links and Resources ==
==  Links and Resources ==
* [http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access WPA]
* [http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access WPA]
* [http://hostap.epitest.fi/wpa_supplicant/ wpa_supplicant website]
* [http://hostap.epitest.fi/wpa_supplicant/ wpa_supplicant website]
== Comments ==
== Comments ==
This was my case in Kubuntu, but should also apply to ubuntu.  Once I had ndiswrapper setup, and after much detective work on filtering through the various pages on wifi in linux(ie using wext, wpa_supplicant, etc), I was able to connect to my router using wpa.  I ignored the section on editing the /etc/network/interfaces to just use kwlan(Not knetworkmanager) to handle my wpa needs.  There all one needs to do is set it to use wext, scan, enter password, and it just works.  So maybe next time it should be made easier with having ndiswrapper(or the other driver solutions) and wpa_supplicant pre-installed.  And maybe a much more non-veteran linux user howto.
This was my case in Kubuntu, but should also apply to ubuntu.  Once I had ndiswrapper setup, and after much detective work on filtering through the various pages on wifi in linux(ie using wext, wpa_supplicant, etc), I was able to connect to my router using wpa.  I ignored the section on editing the /etc/network/interfaces to just use kwlan(Not knetworkmanager) to handle my wpa needs.  There all one needs to do is set it to use wext, scan, enter password, and it just works.  So maybe next time it should be made easier with having ndiswrapper(or the other driver solutions) and wpa_supplicant pre-installed.  And maybe a much more non-veteran linux user howto.
Pretty sure "network management framework (GNOME Frontend)" is what made WPA "just work" -  the problem is I have followed 3 or 4 sets of instructions, so I can't be sure that the one package is all you need - but it sure seems it is a good place to start.  If someone can confirm this, fix this entry (or e-mail CarlKarsten and I'll fix it.)
Pretty sure "network management framework (GNOME Frontend)" is what made WPA "just work" -  the problem is I have followed 3 or 4 sets of instructions, so I can't be sure that the one package is all you need - but it sure seems it is a good place to start.  If someone can confirm this, fix this entry (or e-mail CarlKarsten and I'll fix it.)
So try this:
So try this:
第442行: 第401行:
</nowiki></pre>
</nowiki></pre>
look for a new icon in the upper left - click it - you should see a list of ESSID's (wireless network names)
look for a new icon in the upper left - click it - you should see a list of ESSID's (wireless network names)
 
Some WLAN routers, such as the FRITZ!Box WLAN 3170, allow WPA network keys of up to 60 characters, including alpha-numeric and special characters. WPA network keys including alphabetical and special characters can cause problems. The solution to such problems is to set the WPA network key to maximal 10 numbers on the WLAN router.
=== Restarting nm-applet ===
=== Restarting nm-applet ===
In my case (on Edgy) I had wireless with WPA working but no wireless connections ever showed under the network manager applet. To solve this issue I simply killed the nm-applet process (since there's no quit option via right-click) and then restarted the service.  Wireless showed up right away.  To kill the process go to System > Administration > System Monitor.  Select the Processes tab and scroll to find a process called nm-applet.  Click to highlight it and hit the "End Process" button.  I added a "Run Application" utility to my panel, so I just click that and type in "nm-applet" to start it back up.
In my case (on Edgy) I had wireless with WPA working but no wireless connections ever showed under the network manager applet. To solve this issue I simply killed the nm-applet process (since there's no quit option via right-click) and then restarted the service.  Wireless showed up right away.  To kill the process go to System > Administration > System Monitor.  Select the Processes tab and scroll to find a process called nm-applet.  Click to highlight it and hit the "End Process" button.  I added a "Run Application" utility to my panel, so I just click that and type in "nm-applet" to start it back up.
=== Using /etc/rcS.d for boot ===
=== Using /etc/rcS.d for boot ===
{i} This is for launching wpa_supplicant as a background daemon on boot in '''Ubuntu 6.06 LTS''' (Dapper)
{i} This is for launching wpa_supplicant as a background daemon on boot in '''Ubuntu 6.06 LTS''' (Dapper)
<!> You need to have wpa_supplicant.conf created and know how to launch wpa_supplicant from the command line
<!> You need to have wpa_supplicant.conf created and know how to launch wpa_supplicant from the command line
I tried the examples above and the man 8 page for wpa_supplicant examples, but could not get it to launch automatically on boot. This approach seems very straightforward.  If you can run your launch script manually, it will run on boot just the same.  The other methods seem very difficult editing the system files.
I tried the examples above and the man 8 page for wpa_supplicant examples, but could not get it to launch automatically on boot. This approach seems very straightforward.  If you can run your launch script manually, it will run on boot just the same.  The other methods seem very difficult editing the system files.
'''Work around for booting with /etc/init.d and /etc/rcS.d'''
'''Work around for booting with /etc/init.d and /etc/rcS.d'''
Create a simple shell script in /etc/init.d that launches the wpa_supplicant as a background daemon:
Create a simple shell script in /etc/init.d that launches the wpa_supplicant as a background daemon:
<pre><nowiki>
<pre><nowiki>
/etc/init.d/wpa_launch.sh
/etc/init.d/wpa_launch.sh
#!/bin/bash
    #!/bin/bash
/sbin/wpa_supplicant -Bw -iath1 -Dmadwifi -c/etc/wpa_supplicant/wpa_supplicant.conf
    /sbin/wpa_supplicant -Bw -iath1 -Dmadwifi -c/etc/wpa_supplicant/wpa_supplicant.conf
</nowiki></pre>
</nowiki></pre>
Create a symbolic link in /etc/rcS.d that points to the launch script:
Create a symbolic link in /etc/rcS.d that points to the launch script:
<pre><nowiki>
<pre><nowiki>
ln -s /etc/rcS.d/S42wpa_launch -> /etc/init.d/wpa_launch.sh
ln -s /etc/rcS.d/S42wpa_launch -> /etc/init.d/wpa_launch.sh
</nowiki></pre>
</nowiki></pre>
<!> '''Are there potential disadvantages of this method?  Please post comments here.'''
<!> '''Are there potential disadvantages of this method?  Please post comments here.'''
 
If the nm-applet is causing intermittent connection drop as described above then you can easily disable it from automatically starting up. Simply go to System | Preferences | Sessions and uncheck the Network Manager checkbox.
I found that Network Manager had successfully configured my wireless for WPA (a WUSB54G, on Ubuntu 7.10, standard desktop packages) and would work when manually configuring within Network Manager or by restarting the interface, however on reboot it would once again not obtain a valid address from DHCP. I needed it to work without my having to log in. As work-around I have added the following two lines to /etc/rc.local and the interface now consistently obtains a valid address at boot up: "ifdown wlan0", and "ifup wlan0" (without the quotes)
----
=== WICD ===
Interesting to mention is an alternative network manager that makes almost any wifi connection just work. It's called wicd and it is in the standard repositories of Ubuntu. It replaces the standard network-manager and is only capable to manage LAN and WLAN connections. The wicd tool has a website on sourceforge:[http://wicd.sourceforge.net/]
----
----
 
[[category:CategoryNetworking]] [[category:CategoryWireless]]
 
[[category:CategoryCleanup]] [[category:CategoryDocumentation]]


[[category:UbuntuHelp]]
[[category:UbuntuHelp]]

2010年5月20日 (四) 00:58的最新版本

{{#ifexist: :WifiDocs/WPAHowTo/zh | | {{#ifexist: WifiDocs/WPAHowTo/zh | | {{#ifeq: {{#titleparts:WifiDocs/WPAHowTo|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:WifiDocs/WPAHowTo|1|-1|}} | zh | | }}

<<Include(Tag/Unsupported)>> <<Include(Tag/StyleCleanup)>>

WPA howto

WPA configuration is handled seamlessly by the "just works" WifiDocs/NetworkManager and should be installed with recent versions of Ubuntu. If not you can go through the procedure to install it manually here or you can configure the daemon in charge of WPA encryption (wpasupplicant) manually. The NetworkManager should be installed by default on recent versions of Ubuntu, see WifiDocs/NetworkManager for more information on the NetworkManager.

What is WPA?

Wi-Fi Protected Access (WPA) is a family of encryption methods used when connecting to a wireless access point. It is based on the technology that is used in Wired Equivalent Privacy (WEP) but provides stronger security. For more information on the subject you can see the WPA entry on Wikipedia.

Kubuntu version

For instructions for Kubuntu, take a look at WifiDocs/WPAHowTo/Kubuntu

Network Manager

For Ubuntu 6.06 LTS (Dapper) or later (but not for Kubuntu 6.06 or 6.10), there should be a Network Manager icon in the GNOME panel, which looks like a couple of dots. Right click the Network Manager icon to enable the network if necessary. Next, left click on the Network Manager icon and choose "Connect to other wireless network". Then, enter "YOUR-SSID" for the network name and choose your type "WPA ENTERPRISE" or "WPA PERSONAL" etc, etc ... for wireless security. Enter the password in the password text entry box. Click connect to attempt a connection. It is unlikely that you will need the procedure described bellow. Note: if you have altered the configuration of your network cards in /etc/network/interfaces it is likely that Network Manager will refuse to manage the non-standard interfaces (see /usr/share/doc/network-manager/README.Debian for more information). The easiest way to have NetworkManager configure your networking devices is to simply leave them out of /etc/network/interfaces. If you do not see a network icon near your power information, or if WEP is your only encryption choice for network configuration, you may need to install Network Manager. For Ubuntu users:

sudo apt-get install network-manager-gnome

Restart dbus to make it aware of the new service

sudo /etc/init.d/dbus restart

After installing the package, logout and log back in (or re-start) and Network Manager should appear. If the icon does not appear you can start it manually (Gnome):

nm-applet

If WPA does not work, make sure that wpa-supplicant is installed. No further configuration is needed NetworkManager should handle the rest. If all else fails try the procedure bellow.

sudo apt-get install wpasupplicant
Kubuntu

Note that for Kubuntu users, the Wireless Assistant Wireless LAN Manager, found in the KMenu/Internet menu, does not integrate with WPA, and should not be used. Kubuntu users should install the KDE version (from Kubuntu 6.0.6):

sudo apt-get install knetworkmanager

Kubuntu (still 6.0.6) users should also skip the section on editing of files and the section on password nagging, and activate kwalletmanager instead. This means you will only get WPA when logged into KDE, but hey ... (For instructions on how to do this, see this link). Log out and back in, and start <<Verbatim(KNetworkManager)>> from the Internet menu. In some rare cases WPA needs special setup, perhaps for the RT2500 chipset WifiDocs/Driver/RalinkRT2500 (i have not tried this). Or for earlier versions of Kubuntu:

sudo apt-get install network-manager-kde

Avoiding password nagging

Gnome Network Manager bugs for the keyring password on login, so install pam-keyring to get around that.

      • Can anyone help with Gutsy yet?? This fix was brilliant under Dapper & Fiesty, but breaks under Gutsy. It is an excellent addition to your wifi and you miss it badly when upgrading!!!
      • Why? You only need to install the libpam(-gnome)-keyring package in Gutsy. Then simply check the box saying "Automatically unlock this keyring when I log in." when being asked for the keyring password.

Either use the unofficial debian package found at: ubuntuforums.org http://ubuntuforums.org/attachment.php?attachmentid=11818&d=1151394726 , or install from source. (Warning: be careful about install from unauthenticated sources; it's a little safer to build from source---see the instructions below.) Here is the link to get the source package

You may need to get a few packages in addition to build-essential to complete the build. Using Synaptic get:

  • libpam0g-dev
  • libgnome-keyring-dev
  • libglib2.0-dev
  • autotools-dev
  • libtool

Here are the steps to install:

  1. Download
  2. Unzip to folder (e.g. ~/pam_keyring_tmp)
  3. In Terminal:
cd ~/pam_keyring_tmp
./configure --prefix=/usr --libdir=/lib
make
sudo make install
cd /etc/pam.d
sudo gedit gdm

To look like:

#%PAM-1.0
auth	requisite	pam_nologin.so
auth	required	pam_env.so
@include common-auth
@include common-account
session	required	pam_limits.so
@include common-session
@include common-password
auth optional pam_keyring.so try_first_pass
session optional pam_keyring.so

Reboot your computer, log out and in again, or type sudo /etc/init.d/gdm restart to restart X. As I mentioned in the comments in gdm file, this relies on having the password of the default keyring the same as your login password. ENJOY! ~- Original instructions from: http://ubuntuforums.org/showthread.php?t=187874 and http://ubuntuforums.org/showthread.php?p=1619571 and http://ubuntuforums.org/showthread.php?t=192281 -~ <!> If your wireless card is based on the rt2500 chipset, do not follow these instructions, as WPA has to be configured as described in WifiDocs/Driver/RalinkRT2500.

WPA Supplicant

{i} ~- Before proceeding any further, it might be worthwhile to check whether your Wi-Fi Card is supported. wpa_supplicant website This will save you lots of time and frustration. -~ Bear in mind that altering the /etc/network/interfaces file will likely interfere with Network Manager (see note above).

Configuring wpa_supplicant

WPA supplicant provides WPA support, as well as automatic selection of the best available configured access point. WPA supplicant should already be installed in Dapper and later. Otherwise, install it:

  sudo apt-get install wpasupplicant
  

You then need to configure it.

Note to Kubuntu users: No editing of files needed. Just make sure wpasupplicant is installed and start knetworkmanager from the Internet menu.

Edit /etc/wpa_supplicant.conf to include your network. The info to include can be generated with wpa_passphrase {i} (although this is optional, it saves the supplicant having to generate the preshared key (PSK) each time it is started): IconsPage?action=AttachFile&do=get&target=IconExample48.png

  dennis@mirage:~$ wpa_passphrase NetworkEssid
  # reading passphrase from stdin
  TextPassphrase
  network={
        ssid="NetworkEssid"
        #psk="TextPassphrase"
        psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c
  }
  

{i} ~- Requiring wpa_passphrase to prompt for the passphrase, rather than providing it as a command line argument, prevents the phrase from being stored insecurely in your shell's history. -~ Then add the following to the end of /etc/wpa_supplicant.conf:

  network={
        ssid="NetworkEssid"
        scan_ssid=1 # only needed if your access point uses a hidden ssid
        proto=WPA
        key_mgmt=WPA-PSK
        psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c
  }
  

{i} ~- You may have to specify proto=WPA and key_mgmt=WPA-PSK, but wpa_supplicant can usually autodetect them correctly. -~

Testing the configuration

Next we test the WPA supplicant. To do this you first determine which driver you have. The supported drivers are visible by running `wpa_supplicant -h`. In this example I assume the madwifi driver. You also need to know the name of your card's interface. In this example I assume ath0. Now simply start wpa_supplicant for testing:

  sudo wpa_supplicant -iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w
  

You should see something like the following, but more verbose (if you get a different result, append -dd to the above command line and ask someone on #ubuntu for help if you need additional examples try wpa_supplicant): IconsPage?action=AttachFile&do=get&target=IconExample48.png

  Trying to associate with 00:ff:00:1e:a7:7d (SSID='NetworkEssid' freq=0 MHz)
  Associated with 00:ff:00:1e:a7:7d
  WPA: Key negotiation completed with 00:ff:00:1e:a7:7d [PTK=TKIP GTK=TKIP]
  

Now interrupt wpa_supplicant with <ctrl> C

Final installation (Ubuntu 6.10 (Edgy))

Telling Ubuntu Edgy to use WPA supplicant is pleasingly easy. Note this will not work with Network Manager (see note above). First find the interface in /etc/network/interfaces. It should look like this:

auto ath0
iface ath0 inet dhcp

Now add these two lines immediately below that:

wpa-driver madwifi
wpa-conf /etc/wpa_supplicant.conf

Where, as above, you have to use your driver and interface in place of the example madwifi and ath0. That's it! Now when you ifup/ifdown the interface (of Ubuntu does it for you on boot/shutdown), wpa_supplicant will be correctly started and stopped.

Final installation (older versions)

Once wpa_supplicant works, you should edit /etc/network/interfaces to include wpa_supplicant. If prior to all of this, your /etc/network/interfaces looks like:

  auto ath0
  iface ath0 inet dhcp
  

Simply change it to look like:

  auto ath0
  iface ath0 inet dhcp
  pre-up /etc/init.d/wpasupplicant start
  pre-up sleep 5
  

{i} ~- This looks like an optional step, too. As of 0.4.7-0ubuntu3, the /etc/network/if-pre-up.d/wpasupplicant custom writing company script will take care of this step automatically. - 20060107 DaniloPiazzalunga -~ {i} ~- It is indeed optional and only relevant for Breezy systems. I made the change in Dapper's package. - 20060110 [DanielTChen] -~ {i} ~- For an alternative more detailed way to configure /etc/network/interfaces to work with wpa_supplicant 0.4.8-3ubuntu1.1 try [1]] [write my essay - particularly if you want to set up a static IP address, which Network Manager doesn't currently support very well -~ Finally, edit /etc/default/wpasupplicant to enable wpa_supplicant and provide its command line options. For our example setup, this would be:

  # Useful flags:
  #  -D <driver>          Wireless drive, typically optional.
  #  -i <ifname>          Interface
  #  -c <config file>     Configuration file
  #  -d                   Debugging (-dd for more)
  #  -w                   Wait for interface to come up

  # See the manual page wpa_supplicant(1) for more options and information.

  ENABLED=1
  OPTIONS="-iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w"

  

{i} ~- Note that in Dapper, because of a newer kernel (2.6.15) and a newer wpasupplicant package (0.4.7), your wireless driver may already support the kernel's wireless extensions interface. Please consult the README.Debian. - 20060110 [DanielTChen] -~ {i} ~- I placed the "ENABLED=1" setting directly above the "OPTIONS" setting; it was easy to miss that setting when it was above the comment section in the file. - 20060129 [Scott] -~ {i} ~- If you have an ipw2200 wirless card and a kernel 2.6.16 or newer, you maybe have to use "wext" driver instead of "ipw" -~

Integration with DHCP

{i} ~- Note that the instructions below are deprecated. The changes that I made in Dapper's wpasupplicant package already take care of this case. [DanielTChen] -~ If you want your wireless card to aquire a new IP address using DHCP when wpa_supplicant associates with an access point, use the wpa_cli utility as documented in the wpa_supplicant README:

  wpa_cli can used to run external programs whenever wpa_supplicant
  connects or disconnects from a network. This can be used, e.g., to
  update network configuration and/or trigget DHCP client to update IP
  addresses, etc.
  

The wpa_cli utility can automatically execute a script whenever wpa_supplicant connects or disconnects from an access point. For this, use the -a switch like so:

  wpa_cli -a<my-script>
  

The script will be invoked like this:

  my-script $IF $CONN
  

Where $IF is the interface (eth0, ath0, etc), and $CONN is the event - either "CONNECTED" or "DISCONNECTED". IconsPage?action=AttachFile&do=get&target=IconExample48.png The simplest thing to do is write a script that invokes ifup or ifdown. I've put it in /sbin/wpa_action:

  #! /bin/bash

  IFNAME=$1
  CMD=$2

  if [ "$CMD" == "CONNECTED" ]; then
    SSID=`wpa_cli -i$IFNAME status | grep ^ssid= | cut -f2- -d=`
    logger "WiFi: Connecting `$IFNAME' to network `$SSID'"
    ifup $IFNAME
  elif [ "$CMD" == "DISCONNECTED" ]; then
    logger "WiFi: Disconnecting `$IFNAME`"
    ifdown $IFNAME
  fi
  

Then, edit /etc/init.d/wpasupplicant to run wpa_cli appropriately. Look for these lines:

  case "$1" in
	start)
		echo -n "Starting wpa_supplicant: "
		start-stop-daemon --start --name $PNAME
			--oknodo --startas $DAEMON -- -B $OPTIONS
		echo "done."
		;;
	stop)
  

Insert a sleep and wpa_cli call below the start-stop-daemon call:

   case "$1" in
 	start)
 		echo -n "Starting wpa_supplicant: "
 		start-stop-daemon --start --name $PNAME
 			--oknodo --startas $DAEMON -- -B $OPTIONS
 		sleep 1
 		wpa_cli -a/sbin/wpa_action -B
 		echo "done."
 		;;
 	stop)
  

If you are using DHCP exclusively to configure your wireless interface, then make sure you have this line for your wireless interface in /etc/network/interfaces:

  iface eth0 inet dhcp
  

Where "eth0" is your wireless interface. And you'll want to make sure that your computer doesn't try to automatically start the interface up without an associated AP, so remove your wireless interface from the 'auto' line in /etc/network/interfaces:

  auto lo eth0 eth1
  

So it becomes

  auto lo eth1
  

Listing only those interfaces that you want to configure on startup. (Obviously, your 'auto' line will look different, depending on what network interfaces you have on your system.) Now, whenever you associate with a new wireless access point, your wireless interface will have an IP automatically configured and you'll be fully connected to the network. (YAY!)

GUI for WPA_Supplicant

A Qt-based application is available that lets you monitor what wpa_supplicant is up to: [2] You will need to run it via gksudo wpa_gui so that it can talk to the WPA daemon.

Examples

Manual install on Edgy 6.10

requirements: wpa2-psk with tkip, intel ipw220, dhcp, roaming with different aps /etc/network/interfaces

# the roaming interface MUST use the manual inet method
iface eth1 inet manual
        wpa-driver wext                           #also for intel ip2200!!!!
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

# no id_str, 'default' is used as the fallback mapping target
iface default inet dhcp

# id_str="uni"
iface uni inet dhcp

# id_str="home_static"
iface home_static inet static
        address 192.168.0.20
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1

wpa_supplicant.conf

network={
        ssid="foo"
        # this id_str will notify /sbin/wpa_action to 'ifup uni'
        id_str="uni"
        key_mgmt=NONE
}

network={
        ssid="bar"
        # this id_str will notify /sbin/wpa_action to 'ifup home_static'
        id_str="home_static"
        psk=123456789...
}

network={
        ssid=""
        # no 'id_str' is given, /sbin/wpa_action will 'ifup default'
        key_mgmt=NONE
}

#need wpa2 with tkip
network={
        pairwise=TKIP
        group=TKIP
        ssid="youressid"
        scan_ssid=1 # only needed if your access point uses a hidden ssid
        proto=WPA
        key_mgmt=WPA-PSK
        psk=f7cab7b6ecd68702dd989956568b6ecd68349343b6ecd68943b6bf95fa08079dad7
}

for more info see

zmore /usr/share/doc/wpasupplicant/README.modes.gz

Edgy - Using just the /etc/network/interfaces file, with ndiswrapper and no SSID broadcast

I had no luck using any of the above techniques. I'm using Ndiswrapper on a LinksysG PCMCIA card. What worked for me is described in the forum here: http://ubuntuforums.org/showthread.php?t=290414 After setting up the Ndiswrapper module, all I had to do was add the following to /etc/network/interfaces:

auto wlan0
iface wlan0 inet dhcp
wpa-driver wext
wpa-conf managed
wpa-ssid YOUR_SSID
wpa-ap-scan 2
wpa-proto TKIP
wpa-pairwise TKIP
wpa-key-mgmt WPA-PSK
wpa-psk YOUR_HEX_KEY

Works great, hope this helps some people. <!> Above may be syntactically incorrect - my feisty complains it doesn't find a 'managed' file, so I think the wpa-conf parameter should be the name of an existing file.

Feisty - Using just the /etc/network/interfaces file, with ndiswrapper and SSID broadcast

I got mine working(RaLink Rt2500). Run lspci and if you have "Network controller: RaLink RT2500 802.11g Cardbus/mini-PCI" then this should work for you. 1. Make sure you have ndiswrapper, wpa_supplicant, and the correct rt2500.inf and rt2500.sys files installed through ndiswrapper(as above).I had to get a special inf/sys file from my windows driver disk which was for 64-bit because I run amd64.If you need these let me know and I'll email them to you. I have both 32 and 64 bit, please specify. 2. Verify that you're not using the default driver(serialmonkey) and that you're using ndiswrapper. Just type dmesg |grep rt2500 and you should get something like:

[   46.334475] ndiswrapper: driver rt2500 (Ralink Technology, Inc.,10/20/2005, 3.01.00.0000) loaded
[   46.890841] wlan0: ethernet device 00:13:d3:75:d4:a8 using serialized NDIS driver: rt2500, version: 0x20001, NDIS version: 0x501, vendor: 'IEEE 802.11g Wireless Card.', 1814:0201.5.conf

Step 3 won't work if you don't get through step 2. I had to blacklist the serialmonkey driver and then add ndiswrapper to /etc/modules before I could proceed. 3. Find out your router settings. I just ran iwlist scan and got the following:

          Cell 01 - Address: 00:14:BF:0F:XX:XX
                    ESSID:"myEssid"
                    Protocol:IEEE 802.11g
                    Mode:Managed
                    Frequency:2.417 GHz (Channel 2)
                    Quality:100/100  Signal level:-29 dBm  Noise level:-96 dBm
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
                              24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s
                              12 Mb/s; 48 Mb/s
                    Extra:bcn_int=100
                    Extra:atim=0
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP 
                        Pairwise Ciphers (2) : CCMP TKIP 
                        Authentication Suites (1) : PSK  
                    IE: WPA Version 1
                        Group Cipher : TKIP 
                        Pairwise Ciphers (2) : CCMP TKIP 
                        Authentication Suites (1) : PSK

4. Modify /etc/network/interfaces as follows, using the info from iwlist scan above:

iface ra0 inet dhcp
wpa-driver wext
wpa-ssid your-ssid
wpa-ap-scan 1
wpa-proto RSN WPA
wpa-pairwise CCMP TKIP
wpa-group CCMP TKIP
wpa-key-mgmt WPA-PSK
wpa-psk your-wpa-psk

You may need to remove other things aded by network manager and you may need to disable the wireless in network manager as well for this to work.

Troubleshooting intermittent disconnects

This can be caused by Network Manager. Apparently when Network Manager scans for APs, wpa_supplicant will disconnect. Disabling Network Manager allows WPA to work, but you loose the NM function of automatic connections.

Hardware

You can use sudo iwconfig to check that you have your wireless device working. Most of the time this should be the case, but sometimes the drivers (kernel modules) fight, and the wrong one wins---for example, Prism 2 cards supported by hostap may instead end up using the orinoco driver, which won't work properly. Add incorrect modules to /etc/modprobe.d/blacklist.

Links and Resources

Comments

This was my case in Kubuntu, but should also apply to ubuntu. Once I had ndiswrapper setup, and after much detective work on filtering through the various pages on wifi in linux(ie using wext, wpa_supplicant, etc), I was able to connect to my router using wpa. I ignored the section on editing the /etc/network/interfaces to just use kwlan(Not knetworkmanager) to handle my wpa needs. There all one needs to do is set it to use wext, scan, enter password, and it just works. So maybe next time it should be made easier with having ndiswrapper(or the other driver solutions) and wpa_supplicant pre-installed. And maybe a much more non-veteran linux user howto. Pretty sure "network management framework (GNOME Frontend)" is what made WPA "just work" - the problem is I have followed 3 or 4 sets of instructions, so I can't be sure that the one package is all you need - but it sure seems it is a good place to start. If someone can confirm this, fix this entry (or e-mail CarlKarsten and I'll fix it.) So try this: First disable the System, Administration, Networking - select the/all interface - Properties, uncheck "Enable this connection" (so that the next step can take over managing it.), OK, OK.

sudo apt-get install network-manager-gnome

look for a new icon in the upper left - click it - you should see a list of ESSID's (wireless network names) Some WLAN routers, such as the FRITZ!Box WLAN 3170, allow WPA network keys of up to 60 characters, including alpha-numeric and special characters. WPA network keys including alphabetical and special characters can cause problems. The solution to such problems is to set the WPA network key to maximal 10 numbers on the WLAN router.

Restarting nm-applet

In my case (on Edgy) I had wireless with WPA working but no wireless connections ever showed under the network manager applet. To solve this issue I simply killed the nm-applet process (since there's no quit option via right-click) and then restarted the service. Wireless showed up right away. To kill the process go to System > Administration > System Monitor. Select the Processes tab and scroll to find a process called nm-applet. Click to highlight it and hit the "End Process" button. I added a "Run Application" utility to my panel, so I just click that and type in "nm-applet" to start it back up.

Using /etc/rcS.d for boot

{i} This is for launching wpa_supplicant as a background daemon on boot in Ubuntu 6.06 LTS (Dapper) <!> You need to have wpa_supplicant.conf created and know how to launch wpa_supplicant from the command line I tried the examples above and the man 8 page for wpa_supplicant examples, but could not get it to launch automatically on boot. This approach seems very straightforward. If you can run your launch script manually, it will run on boot just the same. The other methods seem very difficult editing the system files. Work around for booting with /etc/init.d and /etc/rcS.d Create a simple shell script in /etc/init.d that launches the wpa_supplicant as a background daemon:

/etc/init.d/wpa_launch.sh
    #!/bin/bash
    /sbin/wpa_supplicant -Bw -iath1 -Dmadwifi -c/etc/wpa_supplicant/wpa_supplicant.conf

Create a symbolic link in /etc/rcS.d that points to the launch script:

ln -s /etc/rcS.d/S42wpa_launch -> /etc/init.d/wpa_launch.sh

<!> Are there potential disadvantages of this method? Please post comments here. If the nm-applet is causing intermittent connection drop as described above then you can easily disable it from automatically starting up. Simply go to System | Preferences | Sessions and uncheck the Network Manager checkbox. I found that Network Manager had successfully configured my wireless for WPA (a WUSB54G, on Ubuntu 7.10, standard desktop packages) and would work when manually configuring within Network Manager or by restarting the interface, however on reboot it would once again not obtain a valid address from DHCP. I needed it to work without my having to log in. As work-around I have added the following two lines to /etc/rc.local and the interface now consistently obtains a valid address at boot up: "ifdown wlan0", and "ifup wlan0" (without the quotes)


WICD

Interesting to mention is an alternative network manager that makes almost any wifi connection just work. It's called wicd and it is in the standard repositories of Ubuntu. It replaces the standard network-manager and is only capable to manage LAN and WLAN connections. The wicd tool has a website on sourceforge:[3]