\documentclass[a4paper]{article} \usepackage{ifpdf} \usepackage{linuxdoc-sgml} \usepackage{qwertz} \usepackage{url} %%\usepackage[@CHARSET@]{inputenc} \usepackage[T1]{fontenc} \usepackage[colorlinks=true,urlcolor=blue,linkcolor=blue]{hyperref} \pdfcompresslevel=9 \usepackage[english]{babel} \usepackage{epsfig} \usepackage{null} \def\addbibtoc{ \addcontentsline{toc}{section}{\numberline{\mbox{}}\relax\bibname} }%end-preamble \setcounter{page}{1} \title{MADWIFI-WPA\_SUPPLICANT(RSN/WPA-PSK/CCMP) Guide} \author{André Pfeiler $<$andrep@translever.com$>$ } \date{version 1.0.0, 29. May 2006 - last revised 30. May 2006} \abstract{{\bfseries madwifi-ng and wpa\_supplicant with RSN/WPA-PSK/CCMP authentification in some configurations gives an error like:} State: SCANNING -$>$ ASSOCIATING, wpa\_driver\_madwifi\_associate, ioctl{[}unknown???{]}: Invalid argument, Association request to the driver failed. Here is a little description how it works for me with an Atheros Chipset, kernel-2.6.16.18 Debian GNU/Linux testing.} \begin{document} \maketitle \tableofcontents \section{What you need} \begin{itemize} \item wireless-tools \item kernel needs to be compiled with AES support. 'modprobe aes' or check in the kernel config if option CONFIG\_CRYPTO\_AES=m or y \item \ifpdf \href{http://madwifi.org/}{madwifi} \else \onlynameurl{madwifi} \fi \item \ifpdf \href{http://hostap.epitest.fi/wpa_supplicant/}{wpa\_supplicant} \else \onlynameurl{wpa\_supplicant} \fi \end{itemize} \subsection{Getting this document} Download this document \ifpdf \href{./madwifi-wpa_supplicant_RSN_howto.pdf}{PDF} \else \onlynameurl{PDF} \fi , \ifpdf \href{./madwifi-wpa_supplicant_RSN_howto.ps}{PS} \else \onlynameurl{PS} \fi , \ifpdf \href{./madwifi-wpa_supplicant_RSN_howto.txt}{Text} \else \onlynameurl{Text} \fi , \ifpdf \href{./madwifi-wpa_supplicant_RSN_howto.tex}{TeX} \else \onlynameurl{TeX} \fi , \ifpdf \href{./madwifi-wpa_supplicant_RSN_howto.sgml}{sgml} \else \onlynameurl{sgml} \fi version or all as \ifpdf \href{./madwifi-wpa_supplicant_RSN_howto.tar.bz2}{tar.bz2 package} \else \onlynameurl{tar.bz2 package} \fi including the configuration files. \subsection{Download, compile and install the madwifi driver} use the latest madwifi-ng subversion checkout \begin{verbatim} # cd /usr/src # svn checkout http://svn.madwifi.org/trunk madwifi-ng # cd madwifi-ng # make # make install \end{verbatim} \subsection{Download, configure, compile and install wpa\_supplicant} use the latest wpa\_supplicant version \begin{verbatim} # cd /usr/src # wget http://hostap.epitest.fi/wpa_supplicant/wpa_supplicant-0.4.9.tar.gz # tar xvfz wpa_supplicant-0.4.9.tar.gz # cd wpa_supplicant-0.4.9 # touch .config \end{verbatim} -----------------insert these lines into the newly created .config file ------------------- \begin{verbatim} CONFIG_DRIVER_MADWIFI=y # Change include directories to match with the local setup CFLAGS += -I/usr/src/madwifi-ng CONFIG_DRIVER_WEXT=y CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 (automatically included if EAP-TTLS is enabled) CONFIG_EAP_MD5=y # EAP-MSCHAPv2 (automatically included if EAP-PEAP is enabled) CONFIG_EAP_MSCHAPV2=y # EAP-TLS CONFIG_EAP_TLS=y # EAL-PEAP CONFIG_EAP_PEAP=y # EAP-TTLS CONFIG_EAP_TTLS=y # EAP-GTC CONFIG_EAP_GTC=y # EAP-OTP CONFIG_EAP_OTP=y # LEAP CONFIG_EAP_LEAP=y # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y # Include control interface for external programs, e.g, wpa_cli CONFIG_CTRL_IFACE=y \end{verbatim} ---------------------------------------------------------------------------------------------------------------- \begin{verbatim} # make # make install \end{verbatim} \section{Configure your network device} example configuration with static ip: \begin{verbatim} ########################################## # AtherosG AR5212 802.11abg NIC (rev 01) # ########################################## auto ath0 iface ath0 inet static address 192.168.1.112 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 \end{verbatim} \subsection{Bringing up your network device} if done, bring up your network device \begin{verbatim} # /etc/init.d/networking restart \end{verbatim} or \begin{verbatim} # ifconfig ath up \end{verbatim} \section{Configure wpa\_supplicant for RSN/WPA-PSK/CCMP} create this file \begin{verbatim} # touch /etc/wpa_supplicant.conf \end{verbatim} insert the following lines \#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\# \begin{verbatim} ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 eapol_version=1 # 2 works for me too ap_scan=1 fast_reauth=1 network={ ssid="hacktheplanet" # this should be your ESSID key_mgmt=WPA-PSK proto=RSN pairwise=CCMP TKIP group=CCMP TKIP scan_ssid=0 #psk="YourPassphrase" # use 'wpa_passphrase yourEssid' and enter your passphrase up to 64 chars psk=********** } \end{verbatim} \#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\# \section{Check loaded kernel modules} \begin{verbatim} # lsmod Module Size Used by wlan_ccmp 6528 3 fglrx 376012 0 lp 7840 0 wlan_xauth 1536 0 wlan_tkip 10368 0 wlan_scan_sta 10496 1 ath_pci 74660 0 ath_rate_sample 9600 1 ath_pci wlan 153820 7 wlan_ccmp,wlan_xauth,wlan_tkip,wlan_scan_sta,ath_pci,ath_rate_sample ath_hal 189392 3 ath_pci,ath_rate_sample \end{verbatim} \subsection{load kernel modules in needed} if not all modules are loaded, especially wlan\_xauth and wlan\_tkip, try \begin{verbatim} # modprobe wlan_xauth # modprobe wlan_tkip \end{verbatim} \section{Starting wpa\_supplicant} Now you should be able to start wpa\_supplicant and auth to your hotspot. \begin{verbatim} # wpa_supplicant -dd -D madwifi -i ath0 -c /etc/wpa_supplicant.conf \end{verbatim} you should see something like this: \begin{verbatim} State: GROUP_HANDSHAKE -> COMPLETED CTRL-EVENT-CONNECTED - Connection to 00:14:a5:8d:34:94 completed (auth) EAPOL: External notification - portValid=1 EAPOL: External notification - EAP success=1 EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state SUCCESS EAP: EAP entering state DISABLED EAPOL: SUPP_PAE entering state AUTHENTICATED EAPOL: SUPP_BE entering state IDLE \end{verbatim} if everything works as expected, replace the -dd by -B to start wpa\_supplicant in daemon mode. \end{document}