如何配置wpa_supplicant(在FreeBSD上)以匹配图片中的Windows参数?
到目前为止,我已经在/etc/wpa_supplicant.conf中尝试过此操作:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
ap_scan=2
update_config=1
network={
priority=1
ssid= SSID
proto=RSN
key_mgmt=WPA-EAP
eap=TLS
identity= IDENTITY
password= PASSWORD
}
使用wpa_cli
控制WPA请求者配置:
编辑wpa_supplicant.conf,然后reconfigure
在wpa_cli
提示符下
然后:
> status
wpa_state=SCANNING <======== What does that mean?
ip_address=192.168.15.68
>
我也意识到我试图加入的网络可能被隐藏了。
加入后ap_scan=2
的在wpa_supplicant.conf
文件中,我也得到这个:
<2>Association request to the driver failed
wpa_state=ASSOCIATING
ip_address=192.168.15.68
Supplicant PAE state=DISCONNECTED
suppPortStatus=Unauthorized
EAP state=DISABLED
然后无限期地
<2>Association request to the driver failed
<2>Authentication with 00:00:00:00:00:00 timed out.
<2>Trying to associate with SSID <SSID>
<2>Association request to the driver failed
<2>Authentication with 00:00:00:00:00:00 timed out.
<2>Trying to associate with SSID <SSID>
<2>Association request to the driver failed
<2>Authentication with 00:00:00:00:00:00 timed out.
更新20131202-该问题已演变为一组更有意义的参数。
它使用三层环境
根CA(离线)
中级CA(离线)
2 Issuing CAs (online)
I have those in Base64 with a .CER extension
Now how does it fit in the wpa_supplicant.conf ?
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
ap_scan=2
update_config=1
network={
priority=1
mode=0
scan_ssid=1
ssid="SSID"
proto=RSN
key_mgmt=WPA-EAP
eap=PEAP
group=CCMP TKIP
pairwise=CCMP TKIP
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
identity="IDENTITY"
password="PASSWORD"
ca_cert= ????
}
I think a good starting place to fix this problem is the FreeBSD Manpage for wpa_supplicant.conf, which presents several examples, one of which is:
# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
network={
ssid="work"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TLS
identity="[email protected]"
ca_cert="/etc/cert/ca.pem"
client_cert="/etc/cert/user.pem"
private_key="/etc/cert/user.prv"
private_key_passwd="password"
}
This differs from your version of it in two key ways: there is a reference to AES encryption which was missing in your file (it is the CCMP mode, which is based on AES), and requires the existence of certificates. This last part is what leaves me befuddled in your Windows mask: in it there is no reference whatsoever to an authentication mechanism. There is no room for passwords (fair enough, it would not be WPA-EAP otherwise), but there is also no mention of certificates, which is what TLS needs.
In fact, from Wikipedia's page on TLS,
Transport Layer Security (TLS) .... use[s] X.509 certificates... As a consequence of choosing X.509 certificates, certificate authorities and a public key infrastructure are necessary to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates...
In other words, since your Windows mask is adamant that TLS
is being used, somewhere there must be the certificates referred to in the wpa_supplicant.conf
file I quoted above. I cannot go beyond this point.
Edit:
to address joelmaranhao's latest question, I quote again from FreeBSD Manpage for wpa_supplicant.conf:
证书某些EAP身份验证方法要求使用证书。EAP-TLS同时使用服务器端和客户端证书,而EAP-PEAP和EAP-TTLS仅需要服务器端证书。
编辑n。2:
.CER证书必须转换为.PEM格式。您甚至可以在这里在线进行。新的wpa_supplicant.conf中的最后一行正是此证书的位置。身份是您在服务器上的名称,密码又是您在wifi服务器上的密码。您确定peal标签为0吗?我在任何地方都找不到它,如果不起作用,请尝试使用peap-label = 1。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句