特殊:Badtitle/NS100:WifiDocs/WPAHowTo:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Oneleaf留言 | 贡献
无编辑摘要
Oneleaf留言 | 贡献
无编辑摘要
第126行: 第126行:
Edit <code><nowiki>/etc/wpa_supplicant.conf</nowiki></code> to include your network. The info to include can be generated with wpa_passphrase {i} ''(although this is optional, it saves the supplicant having to generate the preshared key (PSK) each time it is started)'':
Edit <code><nowiki>/etc/wpa_supplicant.conf</nowiki></code> to include your network. The info to include can be generated with wpa_passphrase {i} ''(although this is optional, it saves the supplicant having to generate the preshared key (PSK) each time it is started)'':


attachment:IconsPage/IconExample48.png
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.png
   <pre><nowiki>
   <pre><nowiki>
   dennis@mirage:~$ wpa_passphrase NetworkEssid
   dennis@mirage:~$ wpa_passphrase NetworkEssid
第160行: 第160行:
   </nowiki></pre>
   </nowiki></pre>


You should see something like the following, but more verbose (if you get a different result, append -dd to the above command line and ask someone on #ubuntu for help):
You should see something like the following, but more verbose (if you get a different result, append -dd to the abovehttps://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.pngtu for help):


attachment:IconsPage/IconExample48.png
https://help.ubuntu.com/community/WifiDocs/WPAHowTo?action=AttachFile&do=get&target=IconsPage%2FIconExample48.png
   <pre><nowiki>
   <pre><nowiki>
   Trying to associate with 00:ff:00:1e:a7:7d (SSID='NetworkEssid' freq=0 MHz)
   Trying to associate with 00:ff:00:1e:a7:7d (SSID='NetworkEssid' freq=0 MHz)
第255行: 第255行:
   </nowiki></pre>
   </nowiki></pre>


   Where $IF is the interface (eth0, ath0, etc), and $CONN is the event - either "CONNECTED" or "DISCONNECTED".
   Wherhttps://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.https://help.ubuntu.com/community/WifiDocs/WPAHowTo?action=AttachFile&do=get&target=IconsPage%2FIconExample48.png "CONNECTED" or "DISCONNECTED".





2007年5月13日 (日) 23:49的版本

{{#ifexist: :WifiDocs/WPAHowTo/zh | | {{#ifexist: WifiDocs/WPAHowTo/zh | | {{#ifeq: {{#titleparts:WifiDocs/WPAHowTo|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:WifiDocs/WPAHowTo|1|-1|}} | zh | | }}


WPA howto

WPA configuration is handled seamlessly by the "just works" UbuntuHelp:WifiDocs/NetworkManager and should be installed with recent versions of Ubuntu. If not you can go through the procedure to install it manually here or you can configure the daemon in charge of WPA encryption (wpasupplicant) manually.

The NetworkManager should be installed by default on recent versions of Ubuntu, see UbuntuHelp:WifiDocs/NetworkManager for more information on the NetworkManager.

What is WPA?

Wi-Fi Protected Access (WPA) is a family of encryption methods used when connecting to a wireless access point. It is based on the technology that is used in Wired Equivalent Privacy (WEP) but provides stronger security. For more information on the subject you can see the WPA entry on Wikipedia.


Kubuntu version

For instructions for Kubuntu, take a look at UbuntuHelp:WifiDocs/WPAHowTo/Kubuntu

Network Manager

For Ubuntu 6.06 LTS (Dapper) or later (but not for Kubuntu 6.06 or 6.10), there should be a Network Manager icon in the GNOME panel, which looks like a couple of dots. Right click the Network Manager icon to enable the network if necessary. Next, left click on the Network Manager icon and choose "Connect to other wireless network". Then, enter "YOUR-SSID" for the network name and choose your type "WPA ENTERPRISE" or "WPA PERSONAL" etc, etc ... for wireless security. Enter the password in the password text entry box. Click connect to attempt a connection. It is unlikely that you will need the procedure described bellow.

Note: if you have altered the configuration of your network cards in /etc/network/interfaces it is likely that Network Manager will refuse to manage the non-standard interfaces (see /usr/share/doc/network-manager/README.Debian for more information). The easiest way to have NetworkManager configure your networking devices is to simply leave them out of /etc/network/interfaces.

If you do not see a network icon near your power information, or if WEP is your only encryption choice for network configuration, you may need to install Network Manager. For Ubuntu users:

sudo apt-get install network-manager-gnome

Restart dbus to make it awear of the new service

sudo /etc/init.d/dbus restart

After installing the package, logout and log back in (or re-start) and Network Manager should appear.

If the icon does not appear you can start it manually (Gnome):

nm-applet

If WPA does not work, make sure that wpa-supplicant is installed. No further configuration is needed NetworkManager should handle the rest. If all else fails try the procedure bellow.

sudo apt-get install wpasupplicant
Kubuntu

Note that for Kubuntu users, the Wireless Assistant Wireless LAN Manager, found in the KMenu/Internet menu, does not integrate with WPA, and should not be used.

Kubuntu users should install the KDE version (from Kubuntu 6.0.6):

sudo apt-get install knetworkmanager

Kubuntu (still 6.0.6) users should also skip the section on editing of files and the section on password nagging, and activate kwalletmanager instead. This means you will only get WPA when logged into KDE, but hey ... (For instructions on how to do this, see this link). Log out and back in, and start Verbatim(KNetworkManager) from the Internet menu. In some rare cases WPA needs special setup, perhaps for the RT2500 chipset UbuntuHelp:WifiDocs/Driver/RalinkRT2500 (i have not tried this).

Or for earlier versions of Kubuntu:

sudo apt-get install network-manager-kde

Avoiding password nagging

Gnome Network Manager bugs for the keyring password on login, so install pam-keyring to get around that.

Either use the unofficial debian package found at: ubuntuforums.org http://ubuntuforums.org/attachment.php?attachmentid=11818&d=1151394726 , or install from source. (Warning: be careful about install from unauthenticated sources; it's a little safer to build from source---see the instructions below.)

Here is the link to get the source package

You may need to get a few packages in addition to build-essential to complete the build.

Using Synaptic get:

  • libpam0g-dev
  • libgnome-keyring-dev
  • libglib2.0-dev
  • autotools-dev
  • libtool

Here are the steps to install:

  1. Download
  2. Unzip to folder (e.g. ~/pam_keyring_tmp)
  3. In Terminal:
cd ~/pam_keyring_tmp
./configure --prefix=/usr --libdir=/lib
make
sudo make install
cd /etc/pam.d
sudo gedit gdm

To look like:

#%PAM-1.0
auth	requisite	pam_nologin.so
auth	required	pam_env.so
@include common-auth
@include common-account
session	required	pam_limits.so
@include common-session
@include common-password
auth optional pam_keyring.so try_first_pass
session optional pam_keyring.so

Reboot your computer, log out and in again, or hit ctl-alt-backspace to restart X.

As I mentioned in the comments in gdm file, this relies on having the password of the default keyring the same as your login password. ENJOY!

~- Original instructions from: http://ubuntuforums.org/showthread.php?t=187874 and http://ubuntuforums.org/showthread.php?p=1619571 and http://ubuntuforums.org/showthread.php?t=192281 -~

<!> If your wireless card is based on the rt2500 chipset, do not follow these instructions, as WPA has to be configured as described in UbuntuHelp:WifiDocs/Driver/RalinkRT2500.

WPA Supplicant

{i} ~- Before proceeding any further, it might be worthwhile to check whether your Wi-Fi Card is supported. wpa_supplicant website This will save you lots of time and frustration. -~

Bear in mind that altering the /etc/network/interfaces file will likely interfere with Network Manager (see note above).

Configuring wpa_supplicant

WPA supplicant provides WPA support, as well as automatic selection of the best available configured access point. WPA supplicant should already be installed in Dapper and later. Otherwise, install it:

  sudo apt-get install wpasupplicant
  

You then need to configure it.

Note to Kubuntu users: No editing of files needed. Just make sure wpasupplicant is installed and start knetworkmanager from the Internet menu.

Edit /etc/wpa_supplicant.conf to include your network. The info to include can be generated with wpa_passphrase {i} (although this is optional, it saves the supplicant having to generate the preshared key (PSK) each time it is started):

IconsPage?action=AttachFile&do=get&target=IconExample48.png

  dennis@mirage:~$ wpa_passphrase NetworkEssid
  # reading passphrase from stdin
  TextPassphrase
  network={
        ssid="NetworkEssid"
        #psk="TextPassphrase"
        psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c
  }
  

{i} ~- Requiring wpa_passphrase to prompt for the passphrase, rather than providing it as a command line argument, prevents the phrase from being stored insecurely in your shell's history. -~

Then add the following to the end of /etc/wpa_supplicant.conf:

  network={
        ssid="NetworkEssid"
        scan_ssid=1 # only needed if your access point uses a hidden ssid
        proto=WPA
        key_mgmt=WPA-PSK
        psk=945609a382413e64d57daef00eb5fab3ae228716e1e440981c004bc61dccc98c
  }
  

{i} ~- You may have to specify proto=WPA and key_mgmt=WPA-PSK, but wpa_supplicant can usually autodetect them correctly. -~

Testing the configuration

Next we test the WPA supplicant. To do this you first determine which driver you have. The supported drivers are visible by running `wpa_supplicant -h`. In this example I assume the madwifi driver. You also need to know the name of your card's interface. In this example I assume ath0.

Now simply start wpa_supplicant for testing:

  sudo wpa_supplicant -iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w
  

You should see something like the following, but more verbose (if you get a different result, append -dd to the abovehttps://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.pngtu for help):

WPAHowTo?action=AttachFile&do=get&target=IconsPage%2FIconExample48.png

  Trying to associate with 00:ff:00:1e:a7:7d (SSID='NetworkEssid' freq=0 MHz)
  Associated with 00:ff:00:1e:a7:7d
  WPA: Key negotiation completed with 00:ff:00:1e:a7:7d [PTK=TKIP GTK=TKIP]
  

Now interrupt wpa_supplicant with <ctrl> C

Final installation (Ubuntu 6.10 (Edgy))

Telling Ubuntu Edgy to use WPA supplicant is pleasingly easy. Note this will not work with Network Manager (see note above).


First find the interface in /etc/network/interfaces. It should look like this:

auto ath0
iface ath0 inet dhcp

Now add these two lines immediately below that:

wpa-driver madwifi
wpa-conf /etc/wpa_supplicant.conf

Where, as above, you have to use your driver and interface in place of the example madwifi and ath0. That's it! Now when you ifup/ifdown the interface (of Ubuntu does it for you on boot/shutdown), wpa_supplicant will be correctly started and stopped.

Final installation (older versions)

 Once wpa_supplicant works, you should edit /etc/network/interfaces to include wpa_supplicant. If prior to all of this, your /etc/network/interfaces looks like:
  auto ath0
  iface ath0 inet dhcp
  
 Simply change it to look like:
  auto ath0
  iface ath0 inet dhcp
  pre-up /etc/init.d/wpasupplicant start
  pre-up sleep 5
  

{i} ~- This looks like an optional step, too. As of 0.4.7-0ubuntu3, the /etc/network/if-pre-up.d/wpasupplicant script will take care of this step automatically. - 20060107 DaniloPiazzalunga -~

{i} ~- It is indeed optional and only relevant for Breezy systems. I made the change in Dapper's package. - 20060110 [DanielTChen] -~

{i} ~- For an alternative more detailed way to configure /etc/network/interfaces to work with wpa_supplicant 0.4.8-3ubuntu1.1 try [1] - particularly if you want to set up a static IP address, which Network Manager doesn't currently support very well -~

 Finally, edit /etc/default/wpasupplicant to enable wpa_supplicant and provide its command line options. For our example setup, this would be:
  # Useful flags:
  #  -D <driver>          Wireless drive, typically optional.
  #  -i <ifname>          Interface
  #  -c <config file>     Configuration file
  #  -d                   Debugging (-dd for more)
  #  -w                   Wait for interface to come up

  # See the manual page wpa_supplicant(1) for more options and information.

  ENABLED=1
  OPTIONS="-iath0 -c/etc/wpa_supplicant.conf -Dmadwifi -w"

  

{i} ~- Note that in Dapper, because of a newer kernel (2.6.15) and a newer wpasupplicant package (0.4.7), your wireless driver may already support the kernel's wireless extensions interface. Please consult the README.Debian. - 20060110 [DanielTChen] -~

{i} ~- I placed the "ENABLED=1" setting directly above the "OPTIONS" setting; it was easy to miss that setting when it was above the comment section in the file. - 20060129 [Scott] -~

{i} ~- If you have an ipw2200 wirless card and a kernel 2.6.16 or newer, you maybe have to use "wext" driver instead of "ipw" -~

Integration with DHCP

{i} ~- Note that the instructions below are deprecated. The changes that I made in Dapper's wpasupplicant package already take care of this case. [DanielTChen] -~

 If you want your wireless card to aquire a new IP address using DHCP when wpa_supplicant associates with an access point, use the wpa_cli utility as documented in the wpa_supplicant README:
  wpa_cli can used to run external programs whenever wpa_supplicant
  connects or disconnects from a network. This can be used, e.g., to
  update network configuration and/or trigget DHCP client to update IP
  addresses, etc.
  
 The wpa_cli utility can automatically execute a script whenever wpa_supplicant connects or disconnects from an access point. For this, use the -a switch like so:
  wpa_cli -a<my-script>
  
 The script will be invoked like this:
  my-script $IF $CONN
  
 Wherhttps://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconExample48.WPAHowTo?action=AttachFile&do=get&target=IconsPage%2FIconExample48.png "CONNECTED" or "DISCONNECTED".


attachment:IconsPage/IconExample48.png

 The simplest thing to do is write a script that invokes ifup or ifdown. I've put it in /sbin/wpa_action:
  #! /bin/bash

  IFNAME=$1
  CMD=$2

  if [ "$CMD" == "CONNECTED" ]; then
    SSID=`wpa_cli -i$IFNAME status | grep ^ssid= | cut -f2- -d=`
    logger "WiFi: Connecting `$IFNAME' to network `$SSID'"
    ifup $IFNAME
  elif [ "$CMD" == "DISCONNECTED" ]; then
    logger "WiFi: Disconnecting `$IFNAME`"
    ifdown $IFNAME
  fi
  
 Then, edit /etc/init.d/wpasupplicant to run wpa_cli appropriately. Look for these lines:
  case "$1" in
	start)
		echo -n "Starting wpa_supplicant: "
		start-stop-daemon --start --name $PNAME
			--oknodo --startas $DAEMON -- -B $OPTIONS
		echo "done."
		;;
	stop)
  
 Insert a sleep and wpa_cli call below the start-stop-daemon call:
   case "$1" in
 	start)
 		echo -n "Starting wpa_supplicant: "
 		start-stop-daemon --start --name $PNAME
 			--oknodo --startas $DAEMON -- -B $OPTIONS
 		sleep 1
 		wpa_cli -a/sbin/wpa_action -B
 		echo "done."
 		;;
 	stop)
  
 If you are using DHCP exclusively to configure your wireless interface, then make sure you have this line for your wireless interface in /etc/network/interfaces:
  iface eth0 inet dhcp
  
 Where "eth0" is your wireless interface. And you'll want to make sure that your computer doesn't try to automatically start the interface up without an associated AP, so remove your wireless interface from the 'auto' line in /etc/network/interfaces:
  auto lo eth0 eth1
  
 So it becomes
  auto lo eth1
  
 Listing only those interfaces that you want to configure on startup. (Obviously, your 'auto' line will look different, depending on what network interfaces you have on your system.)
 Now, whenever you associate with a new wireless access point, your wireless interface will have an IP automatically configured and you'll be fully connected to the network. (YAY!)

GUI for WPA_Supplicant

A Qt-based application is available that lets you monitor what wpa_supplicant is up to: [2]

You will need to run it via gksudo wpa_gui so that it can talk to the WPA daemon.

Examples

Manual install on Edgy 6.10

requirements: wpa2-psk with tkip, intel ipw220, dhcp, roaming with different aps

/etc/network/interfaces

# the roaming interface MUST use the manual inet method
iface eth1 inet manual
        wpa-driver wext                           #also for intel ip2200!!!!
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

# no id_str, 'default' is used as the fallback mapping target
iface default inet dhcp

# id_str="uni"
iface uni inet dhcp

# id_str="home_static"
iface home_static inet static
        address 192.168.0.20
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1

wpa_supplicant.conf

network={
        ssid="foo"
        # this id_str will notify /sbin/wpa_action to 'ifup uni'
        id_str="uni"
        key_mgmt=NONE
}

network={
        ssid="bar"
        # this id_str will notify /sbin/wpa_action to 'ifup home_static'
        id_str="home_static"
        psk=123456789...
}

network={
        ssid=""
        # no 'id_str' is given, /sbin/wpa_action will 'ifup default'
        key_mgmt=NONE
}

#need wpa2 with tkip
network={
        pairwise=TKIP
        group=TKIP
        ssid="youressid"
        scan_ssid=1 # only needed if your access point uses a hidden ssid
        proto=WPA
        key_mgmt=WPA-PSK
        psk=f7cab7b6ecd68702dd989956568b6ecd68349343b6ecd68943b6bf95fa08079dad7
}

for more info see

zmore /usr/share/doc/wpasupplicant/README.modes.gz

Edgy - Using just the /etc/network/interfaces file, with ndiswrapper and no SSID broadcast

I had no luck using any of the above techniques. I'm using Ndiswrapper on a LinksysG PCMCIA card. What worked for me is described in the forum here: http://ubuntuforums.org/showthread.php?t=290414

After setting up the Ndiswrapper module, all I had to do was add the following to /etc/network/interfaces:

auto wlan0
iface wlan0 inet dhcp
wpa-driver wext
wpa-conf managed
wpa-ssid YOUR_SSID
wpa-ap-scan 2
wpa-proto TKIP
wpa-pairwise TKIP
wpa-key-mgmt WPA-PSK
wpa-psk YOUR_HEX_KEY

Works great, hope this helps some people.

Troubleshooting intermittent disconnects

This can be caused by Network Manager. Apparently when Network Manager scans for APs, wpa_supplicant will disconnect. Disabling Network Manager allows WPA to work, but you loose the NM function of automatic connections.

Hardware

You can use sudo iwconfig to check that you have your wireless device working. Most of the time this should be the case, but sometimes the drivers (kernel modules) fight, and the wrong one wins---for example, Prism 2 cards supported by hostap may instead end up using the orinoco driver, which won't work properly. Add incorrect modules to /etc/modprobe.d/blacklist.


Links and Resources

Comments

This was my case in Kubuntu, but should also apply to ubuntu. Once I had ndiswrapper setup, and after much detective work on filtering through the various pages on wifi in linux(ie using wext, wpa_supplicant, etc), I was able to connect to my router using wpa. I ignored the section on editing the /etc/network/interfaces to just use kwlan(Not knetworkmanager) to handle my wpa needs. There all one needs to do is set it to use wext, scan, enter password, and it just works. So maybe next time it should be made easier with having ndiswrapper(or the other driver solutions) and wpa_supplicant pre-installed. And maybe a much more non-veteran linux user howto.

Pretty sure "network management framework (GNOME Frontend)" is what made WPA "just work" - the problem is I have followed 3 or 4 sets of instructions, so I can't be sure that the one package is all you need - but it sure seems it is a good place to start. If someone can confirm this, fix this entry (or e-mail CarlKarsten and I'll fix it.) So try this: First disable the System, Administration, Networking - select the/all interface - Properties, uncheck "Enable this connection" (so that the next step can take over managing it.), OK, OK.

sudo apt-get install network-manager-gnome

look for a new icon in the upper left - click it - you should see a list of ESSID's (wireless network names)

Restarting nm-applet

In my case (on Edgy) I had wireless with WPA working but no wireless connections ever showed under the network manager applet. To solve this issue I simply killed the nm-applet process (since there's no quit option via right-click) and then restarted the service. Wireless showed up right away. To kill the process go to System > Administration > System Monitor. Select the Processes tab and scroll to find a process called nm-applet. Click to highlight it and hit the "End Process" button. I added a "Run Application" utility to my panel, so I just click that and type in "nm-applet" to start it back up.

Using /etc/rcS.d for boot

{i} This is for launching wpa_supplicant as a background daemon on boot in Ubuntu 6.06 LTS (Dapper)

<!> You need to have wpa_supplicant.conf created and know how to launch wpa_supplicant from the command line

  I tried the examples above and the man 8 page for wpa_supplicant examples, but could not get it to launch automatically on boot. This approach seems very straightforward.  If you can run your launch script manually, it will run on boot just the same.  The other methods seem very difficult editing the system files.

Work around for booting with /etc/init.d and /etc/rcS.d

Create a simple shell script in /etc/init.d that launches the wpa_supplicant as a background daemon:

/etc/init.d/wpa_launch.sh
    #!/bin/bash
    /sbin/wpa_supplicant -Bw -iath1 -Dmadwifi -c/etc/wpa_supplicant/wpa_supplicant.conf

Create a symbolic link in /etc/rcS.d that points to the launch script:

ln -s /etc/rcS.d/S42wpa_launch -> /etc/init.d/wpa_launch.sh


<!> Are there potential disadvantages of this method? Please post comments here.



CategoryCleanup CategoryDocumentation