PDA

View Full Version : HOWTO: WPA authenticated wireless networking on FC3



bärtil
1st November 2004, 06:27 PM
This is not very good howto but i hope it will help someone.. sorry my bad english!

First dowload ndiswrapper (http://ndiswrapper.sourceforge.net), wpa_supplicant (http://hostap.epitest.fi/wpa_supplicant/) and winxp drivers for your card, move them to /root

Untar and make ndiswrapper:

cd /root
tar zxvf ndiswrapper-0.11.tar.gz
cd ndiswrapper-0.11
make install
Download and install your winxp wlan drivers:

mkdir /root/xp_driver
cd /root/xp_driver
unzip ../driver.zip
ndiswrapper -i /root/xp_driver/driver.inf
Write configuration for ndiswrapper to modprobe.conf:

ndiswrapper -m
Then configure network:

system-config-network
select New-->Wireless connection-->ndiswrapper(wlan0)
Mode:Auto, Network name:Auto, Channel:your AP channel, Rate:Auto, Key:leave blank
Select dhcp or static, wichone you use.. Apply and close configuration tool
Next make wpa_supplicant:

cd /root
tar zxvf wpa_supplicant-0.2.5.tar.gz
cd wpa_supplicant-0.2.5
echo CONFIG_DRIVER_NDISWRAPPER=y >.config
make
cp wpa_supplicant wpa_passphrase wpa_cli /usr/local/bin
then edit /etc/wpa_supplicant.conf to look like this:


ctrl_interface=/var/run/wpa_supplicant # for wpa_cli support

network={
ssid="myssid"
psk="mysecret"
key_mgmt=WPA-PSK
proto=WPA
}
to get wpa_supplicant automatically load with ifup type


echo wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -wB >> /etc/sysconfig/network-scripts/ifup-wireless
and final type

ifup wlan0
and networkin should came up, if not check configs match your AP's parameters
if it works use system-config-network to make wlan0 start automatically at boot

micha
8th November 2004, 04:55 PM
Thanks for this how to, it works for me.
Except :) when you need to change the wireless profile. You need to kill wpa_supplicant every time...

micha
8th November 2004, 05:12 PM
I found the solution to properly and automaticaly exit wpa_supplicant when the wireless interface is down.

echo killall wpa_supplicant > /etc/sysconfig/network-scripts/ifdown-wireless
chmod +x /etc/sysconfig/network-scripts/ifdown-wireless

Now each time you put down a wireless interface, wpa_supplicant is killed.

bärtil
9th November 2004, 10:04 AM
yeah, great! :)

bentterp
11th November 2004, 02:10 PM
Hmm, doesn't ndiswrapper clash with 4KSTACKS anymore? Or is that just so obvious that we don't even talk about it? ;)

bärtil
11th November 2004, 05:23 PM
ndiswrapper works fine with FC3, you dont need to worry about 4STACKS.. by the way, anyone heard anything about 64bit wireless drivers?? i want to use 64bit version of FC3

Dhana
12th November 2004, 03:17 PM
yes, no go until 64 bit drivers for windows get released i'm afraid, if you want wireless i'd stick with 32bit FC3 for now :( sorry, there is someone who's working on it, but god knows how long that's going to take

bertj
18th November 2004, 12:28 AM
What about an Dell TrueMobile-card with no winxp-drivers present?
Because I won't get Open1x compiled on my FC3-desktop, this HOWTO is my only option to get it work.

Thnx,
Bert

deucez
13th February 2005, 03:45 AM
This is a great how to. I'm new to Linux and have used this along with some other information I found on the Internet to get my wireless card (BCM4306) working, but have a problem. When I try to start wlan0 I get the following message.

./ifup-wireless: line 96: wpa_supplicant: command not found

Any ideas what I have done wrong?

I'm running FC3 kernel 2.6.10-1.760.

Thanks
Eric

imdeemvp
13th February 2005, 04:21 AM
Thank for the info bartil....this may even help me since I am learning networking in windoz and fedora.

meganbg
7th March 2005, 09:53 PM
I did find a 64-bit broadcom driver, but there seems to be a memory leak somewhere in the network (I suspect the driver, but cannot prove it). I found the driver here <http://ubuntuforums.org/attachment.php?attachmentid=186>. Also, for me it has only worked with the as-distributed FC3 2.6.9 kernel. When I updated to 2.6.10, it stopped working...

mincemeat
7th April 2005, 06:15 AM
When I try to start wlan0 I get the following message.

./ifup-wireless: line 96: wpa_supplicant: command not found

Any ideas what I have done wrong?

I'm running FC3 kernel 2.6.10-1.760.

Thanks
Eric

Hi Eric. I'm sure you've figured it out by now, so if any other noobies are trying this...
This worked for me. The last line in /etc/sysconfig/network-scripts/ifup-wireless should read:

/usr/local/bin/wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -wB

BTW, Bartil, great tutorial. Thanks.

Also, I have noticed that my system locks up with the Broadcom 4306 rev. 3 driver (14e4:4320) and the 2.6.10 kernel so meganbg isn't alone.

Regards,
Christian

dragon
4th May 2005, 12:42 AM
bertj,

Check the ndiswrapper driver list page: http://ndiswrapper.sourceforge.net/phpwiki/index.php/List

It has links to the drivers that appear to work for each card and card-specific instructions for some cards.

Also, if you want to find the chipset of your card (which determines which driver you will need), try running:

/sbin/lspci

this should produce something like:

02:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5705M Gigabit Ethernet (rev 01)
02:01.0 CardBus bridge: O2 Micro, Inc. OZ711EC1 SmartCardBus Controller (rev 20)
02:01.1 CardBus bridge: O2 Micro, Inc. OZ711EC1 SmartCardBus Controller (rev 20)
02:03.0 Network controller: Broadcom Corporation BCM4309 802.11a/b/g (rev 03)

The last line is my wireless LAN card.

Good luck!

dragon
4th May 2005, 12:46 AM
I did find a 64-bit broadcom driver, but there seems to be a memory leak somewhere in the network (I suspect the driver, but cannot prove it). I found the driver here <http://ubuntuforums.org/attachment.php?attachmentid=186>. Also, for me it has only worked with the as-distributed FC3 2.6.9 kernel. When I updated to 2.6.10, it stopped working...

meganbg,

I believe it's necessary to recompile ndiswrapper and reinstall the drivers when you upgrade the kernel. Try this and see how you go.

dragon
4th May 2005, 12:56 AM
Also, I have noticed that my system locks up with the Broadcom 4306 rev. 3 driver (14e4:4320) and the 2.6.10 kernel so meganbg isn't alone.

Regards,
Christian

Christian,

The freeze may be caused by the driver being too large for the Fedora kernel. This is known as the 4K stack issue, where Fedora will freeze if you attempt to load a driver larger than 4K (although ndiswrapper will load, many Windows drivers are larger than this and this will cause the freeze).

There are two possible solutions:
1) Upgrade to a 16k stack kernel (16 k stack Fedora kernels provided at: http://ndiswrapper.sourceforge.net/phpwiki/index.php/Fedora)
2) Use a Windows 98 driver instead of 2000 / XP. Some of these are smaller, and so don't cause the prolem with the 4k stacks. See: http://ndiswrapper.sourceforge.net/phpwiki/index.php/List. This page provides suggestions as to which driver files to use (please note that multiple versions may be packaged in the same driver download, so you may need to pick out the individual driver files to install).

Hope it helps.

micha
4th May 2005, 12:53 PM
meganbg,

I believe it's necessary to recompile ndiswrapper and reinstall the drivers when you upgrade the kernel. Try this and see how you go.You have to compile ndiswrapper for each kernel you install, since ndiswrapper is a kernel module...

gavinw6662
5th May 2005, 06:50 AM
I have been trying to WPA set up for a little while, it is a pain in the ... I can't tell ya. My work uses WPA with tkit (i think it was) and PEAP authentication. When I set up the config file, I don't understand what settings are needed. I can authenticate and very easily set up (and access) the WEP network, but not the WPA network. Quit irritating as they built the WPA network on G, and the WEP network on B.

dragon
5th May 2005, 03:15 PM
Gavin,

Which driver / driver enabler are you using? (ndiswrapper, madwifi etc...) I believe you may need to use the WPA Supplicant in conjunction with your driver (please see http://hostap.epitest.fi/wpa_supplicant/).

You also need to check if the driver you are using is compatible with WEP.

gavinw6662
5th May 2005, 03:44 PM
The setup i went with was the ipw2200BG drivers (linux version) as that also works with the WEP wireless setup (So i assumed I could use the same drivers, no). Then I installed the WPA supplicant, and started to work with the config file. But I can't find an example that works specifically with my problem. Like I said, our business uses a SSO with PEAP TKIT and it doesn't allow automatic host login, we have to logon with our SSO's. All of the examples I have seen with PEAP and TKIP setup the config file pointing to and SSL certificate, but I don't have one. If I read everything correctly, that is because with that setup, either the WAP serves up and SSL certificate to the client, or the other config is the client has a local SSL cert that is authenticated with the one on the server. I am assuming we use the first of the 2. I was thinking about giving it another go with ndiswrapper though sometime. Any more suggestions???

stretch21
11th May 2005, 06:10 PM
I am experiencing a number of error messages, and no connectivity after having followed the instructions in the tutorial. I am running FC3 on an IBM T41 using a Netgear WG511 (version 1). This card appears as eth1/wlan0, while the integrated nic appears as eth0. I am not wire connected when I try starting up the system.

The errors I experience on eth1 are as follows.

1) eth1: Line 1: Invalid configuration line 'ctrl_interface=/var/run/wpa_supplicant' I have looked and the file /var/run/wpa_supplicant does not exist.

2) Failed to read configuration file '/etc/wpa_supplicant.conf'. This file definitely exists, owned by root:root and the perms are -rw-r--r--.

3) The system is reporting that it cannot find SIOCSIFFLAGS.

Any and all assistance in troubleshooting this problem is greatly appreciated.

Thanks!

wlanmike
30th May 2005, 04:39 AM
It looks like you have two diffrent issues happening at once. Understand that first you must connect to the AP so that your Authentication traffic can go to the RADIUS server to be Authenticated.
1st make sure you are actually connected to the AP (Associated), you mention TKIP, this is a modification to the WPA protocols, you need to make sure how the AP is configured. Last I checked TKIP wasn't part of the WiFi Certification process, so if you are using one vendor's NIC and the compay has a diffrent manufacture's AP you may have a problem. I have had problems using the same vendor but firmware that did not match between the AP and NIC.

2nd PEAP is just part how the tunnel is build to hide your creditials. Find out what creditials are being used. Chap 2, or TLS, if it is TLS, you must makesure the Certificates can be validated. Chapv2 you must make sure the hash matches. If say the companies servers are Win 2K, or Win2k3 you need to know exactly what they are looking for.

WPA, and PEAP sound nice, they are nice when they work, however if one thing does not match exactly the whole setup falls apart.

Good Luck

mjbanks
26th June 2005, 05:20 AM
Does anyone know if the SSID needs to be broadcast from the router? I have mine set to not broadcast and also have MAC filtering enabled. The MAC of the card is set in the router already and works under WinXP, but I'm having trouble getting it to work under FC4. Any suggestions?

micha
26th June 2005, 01:57 PM
Does anyone know if the SSID needs to be broadcast from the router? I have mine set to not broadcast and also have MAC filtering enabled. The MAC of the card is set in the router already and works under WinXP, but I'm having trouble getting it to work under FC4. Any suggestions?I had the same configuration (no SSID broadcast, MAC address filter) and I couldn't connect with FC3. I just broadcast the SSID again, and the problem was gone.
So if you got problem to connect, broadcast the SSID. Using WPA encryption and MAC address filtering should be enough security.

wlanmike
27th June 2005, 05:40 AM
I realize much of the media out there talks about hidding SSID, and MAC Filtering. Basicly forget those. they are only a minor bump if someone is trying to break-in to your network. They are both major operational head aches. Wireless is by design, by standard an open network. the "Hidden" SSID is replacing the real Network name with Nulls during the required overhead traffic. This is non-standard, is a "Trick" with the 802.11 protocols. The real-world problem is that many device drivers can not deal with this trick.

If you want to see how easy it is to by-pass hidden SSID / MAC's try Kismet, and Ethereal.

If you want to secure your network use WPA-RADIUS as a minimum. You don't have to buy a full RADIUS. If your router is Linksys, the router code is Open GUL. There is also a firmware upgrade called "Tiny PEAP", this allows you to take advantage of the Linksys Router's capabilities. Check out www.linksysinfo.org, there are some very good discussions in the forums.
If you don't have a Linksys router, look at www.freeradius.org, it's not difficult to setup.

Realize that the current tools Aircrack will break WEP in less than 10 minutes (WPA uses Dynamic WEP encryption for data). Upgrade to WP2-RADIUS as soon as possable. Anything short of this or 3DES IPSEC is crackable, like a push button door lock.

micha
27th June 2005, 01:24 PM
Totally agree.
Reputation++ (ooops where's the reputation button ;))

Darkmage
9th November 2005, 11:35 AM
Thanks for the nice write-up. I finally got my wpa encryption working.

adat7378
13th February 2007, 03:24 PM
Hi
I am new in linux. I cannot configure my intel pro wireless 200 BG card. I have installed fedora core 6, then updated it to the latest using yum. From system>administration>network I can see two network connection.

one of them is eth0 which is using broadcom ethernet card and and is active. The other one is eth1 which is using intel pro wireless 200 BG, which cannot be activated even by editing the configuration.

Anyway I have installed
ipw2200-1.2.0-45.1.fc6.at.i386
ipw2200-kmdl-2.6.19-1.2895.fc6-1.2.0-45.1.fc6.at.i686
ipw2200-firmware-3.0-9.at.noarch
ieee80211-kmdl-2.6.19-1.2895.fc6-1.2.16-17.fc6.at.i686
wpa_supplicant-0.4.9-1.fc6.i386

# File: wpa_supplicant.conf
#
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
network={
ssid="mynet"
key_mgmt=WPA-PSK
psk="mypass"
}
#
# File: /etc/sysconfig/wpa_supplicant
#
INTERFACES="-ieth1"
DRIVERS="-Dwext"

#
# File: /etc/sysconfig/wpa_supplicant
#
INTERFACES="-iwlan0"
DRIVERS="-Dndiswrapper"

[root@bigboy tmp]# service wpa_supplicant restart
[root@bigboy tmp]# chkconfig wpa_supplicant on



This configuaration did not work. Tried with 'NetworkManager'. It shows the all the wireless network including my one, but does not connect?

Tried your way system>administration>network>new>wireless> does not show my wireless card. if i go to ethernet it shows my under ethernet instead of wireless. Can u help??

Win xp driver i have installed is WIRELESS_V10.5.2.0_WIN_DRIVERS.
two ini files i installed is
NETw39x5
w29n51

even tried this config

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1

ap_scan=2
fast_reauth=1

network={
ssid="mynet"
proto=WPA
key_mgmt=WPA-PSK
pairwise=TKIP
group=TKIP
psk="mypass"
}