r1030 - trunk

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Thu Apr 20 10:01:44 PDT 2006


Author: tushar
Date: 2006-04-20 11:01:42 -0600 (Thu, 20 Apr 2006)
New Revision: 1030

Added:
   trunk/wpa-service.txt
Removed:
   trunk/wpa-service
Modified:
   trunk/starting-and-stopping-fusesmb-with-kdm.txt
Log:
Updated: starting-and-stopping-fusesmb-with-kdm

Modified: trunk/starting-and-stopping-fusesmb-with-kdm.txt
===================================================================
--- trunk/starting-and-stopping-fusesmb-with-kdm.txt	2006-04-20 17:01:24 UTC (rev 1029)
+++ trunk/starting-and-stopping-fusesmb-with-kdm.txt	2006-04-20 17:01:42 UTC (rev 1030)
@@ -1,20 +1,19 @@
 AUTHOR: Stef Bon <stef at bononline dot nl>
 
-DATE: 2006-01-24
+DATE: 2006-04-15
 
 LICENSE: GNU Free Documentation License Version 1.2
 
-SYNOPSIS: Starting and stopping Fusesmb at a KDE-session using KDM and PAM.
+SYNOPSIS: Starting and stopping Fusesmb at a KDE-session using KDM.
 
 DESCRIPTION: 
 This hint is about starting the sessionpart of the fusesmb. 
 
 This is based on my hint 
-"Execute scripts at begin and end of a KDE-session using KDM and PAM".
+"Execute scripts at begin and end of a KDE-session using KDM".
 
 In this hint is described in general how scripts and commands are 
-started at the begin and end of a KDE session using KDM, and for password 
-sensitive commands support from PAM.
+started at the begin and end of a KDE session using KDM.
 
 
 ATTACHMENT:
@@ -32,7 +31,6 @@
 1.1 Installation of FUSE and FuseSMB.
 1.2 Starting fusesmb.
 1.3 Stopping fusesmb.
-1.4 Storing credentials in personal configurationfile.
 
 
 ---------------------------------------------------
@@ -42,18 +40,6 @@
 Very new is FUSE. At this moment the FUSE package contains a kernelmodule, a library and utilities.
 Soon the module will be standard in the kernel. For more information see the website of course.
 
-Pam_script has the ability (from version 0.1.5) to get the password provided at login, and provide this via an evironmentvariable PAM_AUTHTOK to scripts. A script for fusesmb can write this value to the configurationfile of fusesmb (~/.smb/fusesmb.conf) to browse the network with the credentials provided at login. 
-
-warning:
-
-This looks a little bit like Single Sign On, but it isn't!! The credentials are stored in 
-a subdirectory of the homedir (~/.smb/fusesmb.conf), with enough security at runtime.
-But somebody can still find them being root, or with a LiveCD. The credentials are stored
-plaintext, no encryption!!
-
-So, this should never be used in an environment where you can't trust your users!
-
-
 -------------------------------------
 1.1 Installation of FUSE and FuseSMB.
 -------------------------------------
@@ -123,7 +109,7 @@
 retcode=0;
 
 userid=$1
-userproperties=$(getent passwd | grep -E "^$userid")
+userproperties=$(getent passwd | grep -m 1-E "^$userid")
 homedir=$(echo $userproperties | cut -d ":" -f 6);
 gidnr=$(echo $userproperties | cut -d ":" -f 4);
 uidnr=$(echo $userproperties | cut -d ":" -f 3);
@@ -158,7 +144,10 @@
 **any** (not only KDE apps with kio's or GNOME with vfs) 
 application, like MC or vi.
 
+This configuration allows other users to enter the fusesmb filesystem. If you don't want this, you should remove 
+the "allow_other" flag.
 
+
 ------------------------
 1.3 Stopping of fusesmb.
 ------------------------
@@ -173,7 +162,7 @@
 retcode=0;
 
 userid=$1
-userproperties=$(getent passwd | grep -E "^$userid")
+userproperties=$(getent passwd | grep -m 1 -E "^$userid")
 homedir=$(echo $userproperties | cut -d ":" -f 6);
 gidnr=$(echo $userproperties | cut -d ":" -f 4);
 uidnr=$(echo $userproperties | cut -d ":" -f 3);
@@ -186,12 +175,6 @@
 
     fi;
 
-    if [ -e $homedir/.smb/fusesmb.conf ]; then
-
-	rm -f $homedir/.smb/fusesmb.conf
-
-    fi;
-
 fi;
 
 
@@ -203,79 +186,8 @@
 EOF
 
 
-------------------------------------------------------
-1.4 Storing credentials in personal configurationfile.
-------------------------------------------------------
 
-With files above you could already get a working sollution.
-To access the SMB servers where a username and a password are
-required, FuseSMB allows you to give credentials in the 
-~/.smb/fusesmb.conf file. Look for these and more options
-in the manpage of fusesmb.conf.
 
-With PAM and the module pam_script it is possible to use the
-credentials provided at login. In my network the sambaservers
-use the same credentials as my normal login  (via OPENLDAP).
-
-cat >> /etc/session.d/pam/onauth/fusesmb.sh << "EOF"
-#!/bin/bash
-
-retcode=0;
-
-userid=$1
-service=$2
-authtok=$3
-
-userproperties=$(getent passwd | grep -E "^$userid")
-homedir=$(echo $userproperties | cut -d ":" -f 6);
-gidnr=$(echo $userproperties | cut -d ":" -f 4);
-uidnr=$(echo $userproperties | cut -d ":" -f 3);
-
-if [ -d $homedir ]; then
-
-
-	if [ ! -d $homedir/.smb ]; then
-
-	    mkdir -p $homedir/.smb
-	    chown $uidnr:$gidnr $homedir/.smb
-	    chmod 755 $homedir/.smb
-
-	fi
-
-	if [ -n "$authtok" ]; then
-
-	    rm -f $homedir/.smb/fusesmb.conf
-
-	    touch $homedir/.smb/fusesmb.conf
-	    chown $uidnr:$gidnr $homedir/.smb/fusesmb.conf
-	    chmod 600 $homedir/.smb/fusesmb.conf
-
-	    echo "[global]" > $homedir/.smb/fusesmb.conf
-	    echo "username = $userid" >> $homedir/.smb/fusesmb.conf
-	    echo "password = $authtok" >> $homedir/.smb/fusesmb.conf
-
-	fi;
-
-fi;
-
-
-if [ $retcode -ne 0 ]; then
-    echo "An error with fusesmb ($retcode)."
-fi;
-
-exit $retcode
-EOF
-
-
-Notes:
-
-- The fusesmb script in the onauth directory overwrites any existing fusesmb.conf in the ~/.smb 
-directory. I do not have any simple sollution to do otherwise. One way to do that is the use of 
-a template. In this template the variables username and password get inserted with 'sed'.
-- this script is executed before(!) any script started by KDM. So when fusesmb starts, it reads 
-this new configuration file.
-
-
 ACKNOWLEDGEMENTS:
 
 
@@ -284,4 +196,6 @@
   * Initial hint.
 [2006-01-30]
   * fixed some typos
+[2006-04-16]
+  * deleted everything about PAM
 

Deleted: trunk/wpa-service
===================================================================
--- trunk/wpa-service	2006-04-20 17:01:24 UTC (rev 1029)
+++ trunk/wpa-service	2006-04-20 17:01:42 UTC (rev 1030)
@@ -1,412 +0,0 @@
-AUTHOR: Eloi Primaux eloi AT bliscat dot org
-
-DATE: 2006-03-31
-
-LICENSE: GNU Free Documentation License Version 2
-
-SYNOPSIS:
-Setting up a wifi interface using wpa_supplicant and LFS IP services
-
-DESCRIPTION:
-
-ATTACHMENTS:
-
-http://www.linuxfromscratch.org/hints/downloads/attachments/wpa-service/wpa-service
-http://www.linuxfromscratch.org/hints/downloads/attachments/wpa-service/wpa-service-conf
-http://www.linuxfromscratch.org/hints/downloads/attachments/wpa-service/wpa-init
-http://www.linuxfromscratch.org/hints/downloads/attachments/wpa-service/autopid-service
-
-
-PREREQUISITES:
-
-1)   A working LFS-6.1 system or newer with wireless capabilities  
-1.a) Linux kernel 2.6.14 or newest                          (0)
-1.b) Wireless Cards Drivers
-2)   An IP service
-2.a) Static IP service                                      (1)
-2.b) Dynamic IP service                                     (1)
-2.c) Static IP discovering helper                           (2)
-3)   Wireless Networks helper programs
-3.a) Wireless tools                           
-3.b) wpa_supplicant    
-4)   This hint with its 4 files                   
-5)   A working firewall
-5.a) Basic firewalling capabilities                         (1)(2)
-5.b) Shoreline firewall                                     (2)
-
-(0) The Linux kernels shipped with LFS-6.1 and 6.1.1 are too old,
-    please consider upgrading to 2.14 or 2.16 kernels.
-    The Linux kernel maintainers have changed some references in
-    the 2.6.16 .config file, thus firewalling capabilities will be disable
-    when using a .config from a 2.14 kernel or older.
-(1) See BLFS book
-(2) Not needed but recommended
- 
-HINT:
-
-1) A working LFS-6.1 system or newer with wireless capabilities
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-1.a) The Wireless Capabilities of the Linux kernel
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Configuring the kernel:
-
-Networking  ---> 
-[*] Networking support
- <M>   Generic IEEE 802.11 Networking Stack
- <M>     IEEE 802.11 WEP encryption (802.1x)
- <M>     IEEE 802.11i CCMP support
- <M>     IEEE 802.11i TKIP encryption    
-Device Drivers  --->
-    Network device support  --->
-        Wireless LAN (non-hamradio)  --->
-        [*] Wireless LAN drivers (non-hamradio) & Wireless Extensions
-   << and select your driver from the list if shipped with the Linux Kernel >>
-Cryptographic options  --->
- <M>   AES cipher algorithms
-
-Now compile, install , enable your new kernel in your boot loader and restart
-using it.
-
-1.b) The Wireless Cards Drivers
-If your driver wasn't shipped with the Linux Kernel then you need to install a
-third party driver.
-
-Be aware that most of those independent driver are in development stage and they
-probably won't be available in tarballs but from a CVS repository or from a
-subversion one. Then you will need those tools to download it, both of cvs and
-svn installations are explained in the BLFS book.
-
-Please also consider reading the "Wireless LAN resources for Linux" HOWTO for
-chipsets driver name.
-
-As an example, most Artheos cards are supported by the madwifi project: link:
-http://madwifi.org/wiki without doing advertising for them this wiki is full of
-information and links referring to WPA encrypted networks
-
-2) The IP services
-~~~~~~~~~~~~~~~~~~
-
-You should know that networks interfaces need IP addresses and also that some
-networks have DHCP servers some other don't. Without explaining the benefit of
-having a DHCP server, i will just say that a DHCP server provides IP to all
-attached network interfaces (it also provides the IP of the gateway, the network
-mask and the IP of DNS servers)
-
-Essentials IP services installation and configuration are in the BLFS Book.  You
-will size the benefit of the wpa-service when you will understand that this
-service only attach your card to an wireless WPA network and when it did it, it
-simply launch the desired IP service as if your system were setting up usual
-network cards.
-
-Then, you only have to know which IP service your network uses : Is it a STATIC
-or a DYNAMIC network ?
-
-2.a) Static IP service
-~~~~~~~~~~~~~~~~~~~~~~
-        IP service will be ipv4-static
-This service is shipped with the LFS Book (6.1 and newer)
-
-2.b) Dynamic IP service
-~~~~~~~~~~~~~~~~~~~~~~~
-        IP service will be dhcpcd
-This service is described in the BLFS Book (6.1 and newer)
-
-2.c) Static IP discovering helper (Zeroconf like)
-Use it when you really don't know what to do
-        IP service will be autoipd-service
-This service is not yet shipped anywhere for LFS systems then i did it
-
-2.c.1) The Howl installation
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Refer you to :
-link: http://www.porchdogsoft.com/products/howl/InstallUnix.html
-But set the prefix to /usr
-
-Now copy the autoipd-service to the network service directory:
-
-cp autoipd-service /etc/sysconfig/network-devices/services
-And make it executable:
-
-chmod 755 -c /etc/sysconfig/network-devices/services/autoipd-service
-
-3) Wireless Networks helper programs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-3.a) Wireless tools
-~~~~~~~~~~~~~~~~~~~
-This helper is not need by the wpa-service but can be really helpful.
-
-Then, download the latest development version of this tool named
-'wireless_tools' execute the following command in its directory :
-
-find ./ -name 'Makefile' -exec sed 's,/usr/local,/usr,g' &&
-make &&
-make install
-
-3.b) wpa_supplicant 'The core'
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This is NOT an usual step if you omit something here you won't be able to attach
-your device to any access point
-
-Please use the 0.4.8 version or newer and NOT the 0.4.7, available at: link:
-http://hostap.epitest.fi/wpa_supplicant
-
-Again, i strongly recommend you to read its README before doing anything.
-wpa_supplicant may need the source of your drivers then edit the .config file as
-described in the README and set all constants according to your system.  also
-when ready install it by executing :
-
-find ./ -name 'Makefile' -exec sed 's,/usr/local,/usr,g' &&
-make &&
-make install
-
-4) This Hints
-~~~~~~~~~~~~~
-
-wpa_supplicant is designed to be a "daemon" program that runs in the background
-and acts as the back-end component controlling the wireless connection.
-wpa_supplicant supports separate front-end programs and a text-based front-end
-(wpa_cli) is included with wpa_supplicant.
-
-4.1) The wpa-init file
-~~~~~~~~~~~~~~~~~~~~~~
-
-The wpa-service will use the text-based front-end to controls the wpa_supplicant
-daemon. This requires wpa_supplicant daemon running. Thus copy the wpa-init file
-to the init script directory and make it executable:
-
-cp wpa-init /etc/rc.d/init.d
-chmod 755 -c /etc/rc.d/init.d/wpa-init
-
-According to the last lfs-bootscript, link it to some run levels:
-
-ln -sv /etc/rc.d/init.d/wpa-init /etc/rc.d/rc3.d/S15wpa-init
-ln -sv /etc/rc.d/init.d/wpa-init /etc/rc.d/rc5.d/S15wpa-init
-ln -sv /etc/rc.d/init.d/wpa-init /etc/rc.d/rc0.d/K75wpa-init
-ln -sv /etc/rc.d/init.d/wpa-init /etc/rc.d/rc6.d/K65wpa-init
-
-4.2) The wpa-service file
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This step is similar to the autoipd-service:
-
-Copy the wpa-service to the network service directory:
-
-cp wpa-service /etc/sysconfig/network-devices/services
-
-And make it executable:
-
-chmod 755 -c /etc/sysconfig/network-devices/services/wpa-service
-
-
-4.3) Configuring the wireless interface
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-4.3.a) The wireless network config file wpa-service-conf
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-According to your driver manual, you should have a specific device name for your
-interface, it could be eth[X],wlan[X],ath[X],... (where [X] is a number)
-  
-Following the LFS Book, you need to create a directory in the network directory
-where will be placed the wpa-service-conf, here is an example: create the
-directory /etc/sysconfig/network-devices/ifconfig.wlan[X] :
-
-install -d /etc/sysconfig/network-devices/ifconfig.wlan[X]
-
-copy the sample config file wpa-service-conf to the upper created directory:
-
-cp wpa-service-conf /etc/sysconfig/network-devices/ifconfig.wlan[X]
-
-Edit this file to fit with your driver and IP service with the services names
-proposed in section 2)
-
-4.3.b) The wpa_supplicant.conf (The network description) 
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-a) Limitations
-~~~~~~~~~~~~~~
-
-The wpa_supplicant README and wiki explain the composition of this file.  But
-wpa-service have some limitation due to strings substitution. Indeed password or
-protocol list can comport space characters, which may be altered by the service
-script if not correctly quoted and then mess up the wpa_cli front-end. I did'nt
-yet found a script solution but if you take care to correctly quote strings
-containing space characters you won't have any trouble.
-
-b) Specific quoting
-~~~~~~~~~~~~~~~~~~~
-A space string MUST be quoted like that:
-'"This is a string containing some space characters"'
-
-c) File syntax
-~~~~~~~~~~~~~~
-
-The file syntax is the wpa_supplicant.conf file syntax, it is specific to the
-wpa_supplicant program and only depend of the programmer choice, thus instead of
-explaining you of how this file is read, i will show you a set of command to
-create a config file with wpa_supplicant.
-
-in a bash shell execute:
-
-wpa_passphrase <ssid> [passphrase] > wpa_supplicant.conf
-
-Where <ssid> is the name of the access point and where [pasphrase] is your ...
-pass-phrase.
-
-Now edit the newly created wpa_supplicant.conf file:
-Which should contains something similar to:
-
-network={
-        ssid="ssid"
-        #psk="passphrase"
-
-psk=2b1d17284c5410ee5eaae7151290e9744af2182b0eb8af20dd4ebb415928f726
-}
-
-Please quote correctly the strings containing the space characters
-
-you will directly see that you can define more than one network in this file,
-that's why wpa_supplicant is very nice: it chooses automatically in its
-configuration file the best (aka secure and available) network to connect.
-
-But at this time your network need to be tuned:
-
-open a new console and launch in the foreground wpa_supplicant in debug mode:
-
-wpa_supplicant -g/var/run/wpa_supplicant-global \
-               -P/var/run/wpa_supplicant.pid -ddd
-
-this will make wpa_supplicant to output anything to us.
-
-Now start the wpa_cli :
-
-wpa_cli -g/var/run/wpa_supplicant-global interface_add wlan[X]
-"" [driver] \
-        /var/run/wpa_supplicant
-
-Where wlan[X] is the device name of your network interface and where [driver] is
-the name of your driver
-
-examples:
-wpa_cli -g/var/run/wpa_supplicant-global interface_add ath0 "" madwifi \
-        /var/run/wpa_supplicant
-wpa_cli -g/var/run/wpa_supplicant-global interface_add eth1 "" wext \
-        /var/run/wpa_supplicant
-
-if it fail, please have a look to the output of the wpa_supplicant daemon
-
-wpa_cli -iwlan[X] -p/var/run/wpa_supplicant
-
-Then in wpa_cli type :
-
-scan
-
-and after some seconds type
-
-scan_result
-
-This will output a list of available networks.
-
-As an example:
-
-
-root at bliscat:/home/eloi# wpa_cli -iath0 -p/var/run/wpa_supplicant
-wpa_cli v0.4.8
-Copyright (c) 2004-2005, Jouni Malinen <jkmaline at cc.hut.fi> and
-contributors
-
-This program is free software. You can distribute it and/or modify it
-under the terms of the GNU General Public License version 2.
-
-Alternatively, this software may be distributed under the terms of the
-BSD license. See README and COPYING for more details.
-
-
-Selected interface 'ath0'
-
-Interactive mode
-
-> scan
-OK
-> scan_result
-bssid / frequency / signal level / flags / ssid
-00:0f:b5:ee:af:8f       2437    212     [WPA2-PSK-CCMP-preauth] MY_net
-00:10:c6:eb:95:11       2457    205     [WEP]   Wanadoo_5441
-
-
-you can see that my network 'My_net' use WPA2-PSK-CCMP which is WPA-PSK with
-CCMP as group and pairwise
-
-type exit to quit wpa_cli
-
-
-With this output we can now feed the wpa_supplicant.conf file:
-
-network={
-        ssid="ssid"
-        ssid='essid' # please quote '""' when you have a space character
-        scan_ssid=1
-        key_mgmt=WPA-PSK
-        proto=WPA2
-        pairwise=CCMP
-        group=CCMP
-        #psk='"passphrase"'
-
-psk=2b1d17284c5410ee5eaae7151290e9744af2182b0eb8af20dd4ebb415928f726
-character
-}
-
-
-Note if you wish you can only use the human readable pass-phrase, then uncomment
-it and comment the hexadecimal pass-phrase
-
-Now kill the last instance of the wpa_supplicant:
-
-killall wpa_supplicant
-
-And test your new configuration file:
-
-wpa_supplicant -dmadwifi -iath0 -c./wpa_supplicant.conf -dd
-
-If you see something like SUCCESS it's done, kill it again and copy the config
-file to a secure directory:
-
-install -d /etc/sysconfig/wpa_supplicant
-chmod 700 -c /etc/sysconfig/wpa_supplicant
-cp wpa_supplicant.conf /etc/sysconfig/wpa_supplicant/wpa_supplicant.conf
-chmod 600 -c /etc/sysconfig/wpa_supplicant/wpa_supplicant.conf
-
-5) The firewall
-~~~~~~~~~~~~~~~
-
-You should understand that connecting to a network is never secure (even with a
-WPA encrypted network) especially without firewall. Then having a firewall will
-ever be a good thing, i strongly recommend the use of Shorewall.  You will find
-lots of help on its website.
-
-
-6) The End
-~~~~~~~~~~
-execute:
-
-/etc/rc.d./init.d/wpa-init restart
-/etc/rc.d/init.d/network restart
-
-if there is no errors, and your system is connected, then you can safely restart
-your computer to see it setting up your wireless card at boot time.
-
-ACKNOWLEDGMENTS:
- The wireless hint
- The Wireless HOWTO
- wpa_supplicant README
- The madwifi wiki
- The LFS/BLFS Books
-
-
-CHANGELOG:
-2006 03 10 Second release, first send to lfshint
-2006 03 16 added some words to help wpa-supplicant.conf writing
-2006 03 18 fix wrong paths
-2006 03 31 Rewritten and try to match the LFS-standard thank's to
-archaic's help
-

Copied: trunk/wpa-service.txt (from rev 1028, trunk/wpa-service)
===================================================================
--- trunk/wpa-service.txt	                        (rev 0)
+++ trunk/wpa-service.txt	2006-04-20 17:01:42 UTC (rev 1030)
@@ -0,0 +1,411 @@
+AUTHOR: Eloi Primaux eloi AT bliscat dot org
+
+DATE: 2006-03-31
+
+LICENSE: GNU Free Documentation License Version 2
+
+SYNOPSIS: Setting up a wifi interface using wpa_supplicant and LFS IP services
+
+DESCRIPTION:
+
+ATTACHMENTS:
+
+http://www.linuxfromscratch.org/hints/downloads/attachments/wpa-service/wpa-service
+http://www.linuxfromscratch.org/hints/downloads/attachments/wpa-service/wpa-service-conf
+http://www.linuxfromscratch.org/hints/downloads/attachments/wpa-service/wpa-init
+http://www.linuxfromscratch.org/hints/downloads/attachments/wpa-service/autopid-service
+
+
+PREREQUISITES:
+
+1)   A working LFS-6.1 system or newer with wireless capabilities  
+1.a) Linux kernel 2.6.14 or newest                          (0)
+1.b) Wireless Cards Drivers
+2)   An IP service
+2.a) Static IP service                                      (1)
+2.b) Dynamic IP service                                     (1)
+2.c) Static IP discovering helper                           (2)
+3)   Wireless Networks helper programs
+3.a) Wireless tools                           
+3.b) wpa_supplicant    
+4)   This hint with its 4 files                   
+5)   A working firewall
+5.a) Basic firewalling capabilities                         (1)(2)
+5.b) Shoreline firewall                                     (2)
+
+(0) The Linux kernels shipped with LFS-6.1 and 6.1.1 are too old,
+    please consider upgrading to 2.14 or 2.16 kernels.
+    The Linux kernel maintainers have changed some references in
+    the 2.6.16 .config file, thus firewalling capabilities will be disable
+    when using a .config from a 2.14 kernel or older.
+(1) See BLFS book
+(2) Not needed but recommended
+ 
+HINT:
+
+1) A working LFS-6.1 system or newer with wireless capabilities
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+1.a) The Wireless Capabilities of the Linux kernel
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Configuring the kernel:
+
+Networking  ---> 
+[*] Networking support
+ <M>   Generic IEEE 802.11 Networking Stack
+ <M>     IEEE 802.11 WEP encryption (802.1x)
+ <M>     IEEE 802.11i CCMP support
+ <M>     IEEE 802.11i TKIP encryption    
+Device Drivers  --->
+    Network device support  --->
+        Wireless LAN (non-hamradio)  --->
+        [*] Wireless LAN drivers (non-hamradio) & Wireless Extensions
+   << and select your driver from the list if shipped with the Linux Kernel >>
+Cryptographic options  --->
+ <M>   AES cipher algorithms
+
+Now compile, install , enable your new kernel in your boot loader and restart
+using it.
+
+1.b) The Wireless Cards Drivers
+If your driver wasn't shipped with the Linux Kernel then you need to install a
+third party driver.
+
+Be aware that most of those independent driver are in development stage and they
+probably won't be available in tarballs but from a CVS repository or from a
+subversion one. Then you will need those tools to download it, both of cvs and
+svn installations are explained in the BLFS book.
+
+Please also consider reading the "Wireless LAN resources for Linux" HOWTO for
+chipsets driver name.
+
+As an example, most Artheos cards are supported by the madwifi project: link:
+http://madwifi.org/wiki without doing advertising for them this wiki is full of
+information and links referring to WPA encrypted networks
+
+2) The IP services
+~~~~~~~~~~~~~~~~~~
+
+You should know that networks interfaces need IP addresses and also that some
+networks have DHCP servers some other don't. Without explaining the benefit of
+having a DHCP server, i will just say that a DHCP server provides IP to all
+attached network interfaces (it also provides the IP of the gateway, the network
+mask and the IP of DNS servers)
+
+Essentials IP services installation and configuration are in the BLFS Book.  You
+will size the benefit of the wpa-service when you will understand that this
+service only attach your card to an wireless WPA network and when it did it, it
+simply launch the desired IP service as if your system were setting up usual
+network cards.
+
+Then, you only have to know which IP service your network uses : Is it a STATIC
+or a DYNAMIC network ?
+
+2.a) Static IP service
+~~~~~~~~~~~~~~~~~~~~~~
+        IP service will be ipv4-static
+This service is shipped with the LFS Book (6.1 and newer)
+
+2.b) Dynamic IP service
+~~~~~~~~~~~~~~~~~~~~~~~
+        IP service will be dhcpcd
+This service is described in the BLFS Book (6.1 and newer)
+
+2.c) Static IP discovering helper (Zeroconf like)
+Use it when you really don't know what to do
+        IP service will be autoipd-service
+This service is not yet shipped anywhere for LFS systems then i did it
+
+2.c.1) The Howl installation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Refer you to :
+link: http://www.porchdogsoft.com/products/howl/InstallUnix.html
+But set the prefix to /usr
+
+Now copy the autoipd-service to the network service directory:
+
+cp autoipd-service /etc/sysconfig/network-devices/services
+And make it executable:
+
+chmod 755 -c /etc/sysconfig/network-devices/services/autoipd-service
+
+3) Wireless Networks helper programs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+3.a) Wireless tools
+~~~~~~~~~~~~~~~~~~~
+This helper is not need by the wpa-service but can be really helpful.
+
+Then, download the latest development version of this tool named
+'wireless_tools' execute the following command in its directory :
+
+find ./ -name 'Makefile' -exec sed 's,/usr/local,/usr,g' &&
+make &&
+make install
+
+3.b) wpa_supplicant 'The core'
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is NOT an usual step if you omit something here you won't be able to attach
+your device to any access point
+
+Please use the 0.4.8 version or newer and NOT the 0.4.7, available at: link:
+http://hostap.epitest.fi/wpa_supplicant
+
+Again, i strongly recommend you to read its README before doing anything.
+wpa_supplicant may need the source of your drivers then edit the .config file as
+described in the README and set all constants according to your system.  also
+when ready install it by executing :
+
+find ./ -name 'Makefile' -exec sed 's,/usr/local,/usr,g' &&
+make &&
+make install
+
+4) This Hints
+~~~~~~~~~~~~~
+
+wpa_supplicant is designed to be a "daemon" program that runs in the background
+and acts as the back-end component controlling the wireless connection.
+wpa_supplicant supports separate front-end programs and a text-based front-end
+(wpa_cli) is included with wpa_supplicant.
+
+4.1) The wpa-init file
+~~~~~~~~~~~~~~~~~~~~~~
+
+The wpa-service will use the text-based front-end to controls the wpa_supplicant
+daemon. This requires wpa_supplicant daemon running. Thus copy the wpa-init file
+to the init script directory and make it executable:
+
+cp wpa-init /etc/rc.d/init.d
+chmod 755 -c /etc/rc.d/init.d/wpa-init
+
+According to the last lfs-bootscript, link it to some run levels:
+
+ln -sv /etc/rc.d/init.d/wpa-init /etc/rc.d/rc3.d/S15wpa-init
+ln -sv /etc/rc.d/init.d/wpa-init /etc/rc.d/rc5.d/S15wpa-init
+ln -sv /etc/rc.d/init.d/wpa-init /etc/rc.d/rc0.d/K75wpa-init
+ln -sv /etc/rc.d/init.d/wpa-init /etc/rc.d/rc6.d/K65wpa-init
+
+4.2) The wpa-service file
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This step is similar to the autoipd-service:
+
+Copy the wpa-service to the network service directory:
+
+cp wpa-service /etc/sysconfig/network-devices/services
+
+And make it executable:
+
+chmod 755 -c /etc/sysconfig/network-devices/services/wpa-service
+
+
+4.3) Configuring the wireless interface
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+4.3.a) The wireless network config file wpa-service-conf
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+According to your driver manual, you should have a specific device name for your
+interface, it could be eth[X],wlan[X],ath[X],... (where [X] is a number)
+  
+Following the LFS Book, you need to create a directory in the network directory
+where will be placed the wpa-service-conf, here is an example: create the
+directory /etc/sysconfig/network-devices/ifconfig.wlan[X] :
+
+install -d /etc/sysconfig/network-devices/ifconfig.wlan[X]
+
+copy the sample config file wpa-service-conf to the upper created directory:
+
+cp wpa-service-conf /etc/sysconfig/network-devices/ifconfig.wlan[X]
+
+Edit this file to fit with your driver and IP service with the services names
+proposed in section 2)
+
+4.3.b) The wpa_supplicant.conf (The network description) 
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+a) Limitations
+~~~~~~~~~~~~~~
+
+The wpa_supplicant README and wiki explain the composition of this file.  But
+wpa-service have some limitation due to strings substitution. Indeed password or
+protocol list can comport space characters, which may be altered by the service
+script if not correctly quoted and then mess up the wpa_cli front-end. I did'nt
+yet found a script solution but if you take care to correctly quote strings
+containing space characters you won't have any trouble.
+
+b) Specific quoting
+~~~~~~~~~~~~~~~~~~~
+A space string MUST be quoted like that:
+'"This is a string containing some space characters"'
+
+c) File syntax
+~~~~~~~~~~~~~~
+
+The file syntax is the wpa_supplicant.conf file syntax, it is specific to the
+wpa_supplicant program and only depend of the programmer choice, thus instead of
+explaining you of how this file is read, i will show you a set of command to
+create a config file with wpa_supplicant.
+
+in a bash shell execute:
+
+wpa_passphrase <ssid> [passphrase] > wpa_supplicant.conf
+
+Where <ssid> is the name of the access point and where [pasphrase] is your ...
+pass-phrase.
+
+Now edit the newly created wpa_supplicant.conf file:
+Which should contains something similar to:
+
+network={
+        ssid="ssid"
+        #psk="passphrase"
+
+psk=2b1d17284c5410ee5eaae7151290e9744af2182b0eb8af20dd4ebb415928f726
+}
+
+Please quote correctly the strings containing the space characters
+
+you will directly see that you can define more than one network in this file,
+that's why wpa_supplicant is very nice: it chooses automatically in its
+configuration file the best (aka secure and available) network to connect.
+
+But at this time your network need to be tuned:
+
+open a new console and launch in the foreground wpa_supplicant in debug mode:
+
+wpa_supplicant -g/var/run/wpa_supplicant-global \
+               -P/var/run/wpa_supplicant.pid -ddd
+
+this will make wpa_supplicant to output anything to us.
+
+Now start the wpa_cli :
+
+wpa_cli -g/var/run/wpa_supplicant-global interface_add wlan[X]
+"" [driver] \
+        /var/run/wpa_supplicant
+
+Where wlan[X] is the device name of your network interface and where [driver] is
+the name of your driver
+
+examples:
+wpa_cli -g/var/run/wpa_supplicant-global interface_add ath0 "" madwifi \
+        /var/run/wpa_supplicant
+wpa_cli -g/var/run/wpa_supplicant-global interface_add eth1 "" wext \
+        /var/run/wpa_supplicant
+
+if it fail, please have a look to the output of the wpa_supplicant daemon
+
+wpa_cli -iwlan[X] -p/var/run/wpa_supplicant
+
+Then in wpa_cli type :
+
+scan
+
+and after some seconds type
+
+scan_result
+
+This will output a list of available networks.
+
+As an example:
+
+
+root at bliscat:/home/eloi# wpa_cli -iath0 -p/var/run/wpa_supplicant
+wpa_cli v0.4.8
+Copyright (c) 2004-2005, Jouni Malinen <jkmaline at cc.hut.fi> and
+contributors
+
+This program is free software. You can distribute it and/or modify it
+under the terms of the GNU General Public License version 2.
+
+Alternatively, this software may be distributed under the terms of the
+BSD license. See README and COPYING for more details.
+
+
+Selected interface 'ath0'
+
+Interactive mode
+
+> scan
+OK
+> scan_result
+bssid / frequency / signal level / flags / ssid
+00:0f:b5:ee:af:8f       2437    212     [WPA2-PSK-CCMP-preauth] MY_net
+00:10:c6:eb:95:11       2457    205     [WEP]   Wanadoo_5441
+
+
+you can see that my network 'My_net' use WPA2-PSK-CCMP which is WPA-PSK with
+CCMP as group and pairwise
+
+type exit to quit wpa_cli
+
+
+With this output we can now feed the wpa_supplicant.conf file:
+
+network={
+        ssid="ssid"
+        ssid='essid' # please quote '""' when you have a space character
+        scan_ssid=1
+        key_mgmt=WPA-PSK
+        proto=WPA2
+        pairwise=CCMP
+        group=CCMP
+        #psk='"passphrase"'
+
+psk=2b1d17284c5410ee5eaae7151290e9744af2182b0eb8af20dd4ebb415928f726
+character
+}
+
+
+Note if you wish you can only use the human readable pass-phrase, then uncomment
+it and comment the hexadecimal pass-phrase
+
+Now kill the last instance of the wpa_supplicant:
+
+killall wpa_supplicant
+
+And test your new configuration file:
+
+wpa_supplicant -dmadwifi -iath0 -c./wpa_supplicant.conf -dd
+
+If you see something like SUCCESS it's done, kill it again and copy the config
+file to a secure directory:
+
+install -d /etc/sysconfig/wpa_supplicant
+chmod 700 -c /etc/sysconfig/wpa_supplicant
+cp wpa_supplicant.conf /etc/sysconfig/wpa_supplicant/wpa_supplicant.conf
+chmod 600 -c /etc/sysconfig/wpa_supplicant/wpa_supplicant.conf
+
+5) The firewall
+~~~~~~~~~~~~~~~
+
+You should understand that connecting to a network is never secure (even with a
+WPA encrypted network) especially without firewall. Then having a firewall will
+ever be a good thing, i strongly recommend the use of Shorewall.  You will find
+lots of help on its website.
+
+
+6) The End
+~~~~~~~~~~
+execute:
+
+/etc/rc.d./init.d/wpa-init restart
+/etc/rc.d/init.d/network restart
+
+if there is no errors, and your system is connected, then you can safely restart
+your computer to see it setting up your wireless card at boot time.
+
+ACKNOWLEDGMENTS:
+ The wireless hint
+ The Wireless HOWTO
+ wpa_supplicant README
+ The madwifi wiki
+ The LFS/BLFS Books
+
+
+CHANGELOG:
+2006 03 10 Second release, first send to lfshint
+2006 03 16 added some words to help wpa-supplicant.conf writing
+2006 03 18 fix wrong paths
+2006 03 31 Rewritten and try to match the LFS-standard thank's to
+archaic's help
+




More information about the hints mailing list