In this example, wireless client is assumed to run the Fedora Core 5 distribution.
The Wireless Tools is a collection of tools to manipulate wireless drivers at runtime. The sources were already download in Section 2.3.4, “Wireless Configuration (wireless_tools)”. This time unpack, compile and install them on the client machine. (2BD in Fedora Core 6, use yum install wireless_tools)
tar -C $HOME -xvzf $DL_DIR/wireless_tools.28.tar.gz cd $HOME/wireless_tools.28 make clean make install
My client laptop (Dell Inspiron 5100) uses a Broadcom bcm4306 (Dell Truemobile 1400) WiFI miniPCI card. At the time of this writing bcm43xx-fwcutter was not ready for prime time. Instead we use ndiswrapper together with Broadcom's proprietary Windows/XP driver (bcmwl5a.inf 3.40.73). (2BD in Fedora Core 6, use yum install ndiswrapper)
yum install kernel-devel # download ndiswrapper from http://ndiswrapper.sourceforge.net/ tar -C $HOME -xvzf ndiswrapper-1.43.tar.gz cd $HOME/ndiswrapper-1.43 # was 1.27 make install rmmod ndiswrapper # just to make sure ndiswrapper -i /etc/ndiswrapper_drivers/bcmw15a.inf ndiswrapper -m # ensure that /etc/modprobe.conf contains "alias wlan0 ndiswrapper" modprobe ndiswrapper dmesg | tail
Some warnings that you may encounter:
Kernel's 4k stack size, during compilation.
While valid, the bcm4306 driver does well despite the
small stack size.
Forcing parameter IBSSGMODE, during
driver installation. Again, it it runs fine despite this.
ADDRCONF(NETDEV_UP): wlan0: link is not
ready, merely means what it says: the link is not
up yet. The link will be up once wpa_supplicant negotiated
Verify functionality of the driver using:
iwconfig wlan0 should show the
properties of the wireless network interface.
iwlist wlan0 scan should
show you a list of access points nearby.
Create a configuration file for the wireless network interface. For an example refer to Example F.9, “wpa-supplicant:/etc/sysconfig/network-scripts/ifcfg-wlan0”. Note that the key is only needed for WEP.
Even if you plan to use WPA for the final configuration, you may first want to test connecting to a WEP access point using:
ifup wlan0 # to verify: iwconfig wlan0 # ESSID is only shown once the card is associated ip link show dev wlan0 ip address show dev wlan0
Generate X.509 CA and a certificate for the client as described in Section 7.2, “Certificates”. Then copy the certificate and unencrypted key to the client, and create the 8-byte hash for the CA certificate, so that OpenSSL will recognize it.
SSL_DIR=$PRJ_DIR/openssl CLIENT_DIR=/etc/sysconfig/wpa_supplicant.d ssh root@
crox.lan.vonkmkdir $CLIENT_DIR scp "$SSL_DIR/certs/
crox.vonk-cert.pem" \ "$SSL_DIR/certs/
crox.vonk-key.pem" \ "$SSL_DIR/ca/CAcert.pem" \ "$SSL_DIR/ca/CRL.pem" root@
The supplicant implementation used in this example is hostap's
wpa_supplicant. Version 0.4.4 did not recognize SISO as a WPA
enabled access point. In debug mode it reported
skip - no WPA/RSN IE" errors.
Download and extract the sources; copy the
.config; and start the compilation and
.config can be found in
Example F.5, “wpa_supplicant .config”.
(2BD in Fedora Core 6: first rpm -e wpa_supplicant NetworkManager NetworkManager-gnome)
wget -P $DL_DIR http://hostap.epitest.fi/releases/wpa_supplicant-0.6.1.tar.gz # was 0.5.5 tar -C $HOME -xvzf wpa_supplicant-0.6.1.tar.gz cd $HOME/wpa_supplicant-0.6.1 make clean # configure .config make install # installs in /usr/local/sbin/
(2BD) cp: cannot stat `dynamic_eap_methods': No such file or directory
Pre-authentication is disabled. Enabling it causes the WPA Information Elements in the beacon/probe-response to list that capability, while the WPA IEs in the key handshake do not. This caused wpa_supplicant to abort the handshake.
The first time you should start the wpa_supplicant in the foreground
and enable additional debug (-dd). Once this is working you can
enable and start the wpa_supplicant service as shown below.
In my specific case, I also had to increase the maximum loop
count from 10 to 75 in
Example files are:
Example F.6, “wpa-supplicant:/etc/init.d/wpa_supplicant” starts and stops the service
Example F.7, “wpa-supplicant:/etc/sysconfig/wpa_supplicant” specifies the network interface. DRIVERS is not assigned, because this caused the supplicant to fail the association with the driver.
Example F.8, “wpa-supplicant:/etc/wpa_supplicant/wpa_supplicant.conf” shows the use of X.509 certificates
wpa_supplicant as a service.
chkconfig --level 345 wpa_supplicant on service wpa_supplicant start ifup wlan0 # to verify: iwconfig wlan0 # ESSID is only shown once the card is associated ip link show dev wlan0 ip address show dev wlan0