128 lines
4.8 KiB
Groff
128 lines
4.8 KiB
Groff
.\" Manpage for hostapd.conf.
|
|
.\" Original scrape of https://www.daemon-systems.org/man/hostapd.conf.5.html
|
|
.\" Contact linville@redhat.com to correct errors or typos.
|
|
.TH hostapd.conf 5 "10 Feb 2021" "1.0" "hostapd.conf man page"
|
|
.SH NAME
|
|
hostapd.conf \- configuration file for hostapd(8) utility
|
|
.SH DESCRIPTION
|
|
The hostapd.conf utility is an authenticator for IEEE 802.11 networks.
|
|
It provides full support for WPA/IEEE 802.11i and can also act as an IEEE
|
|
802.1X Authenticator with a suitable backend Authentication Server
|
|
(typically FreeRADIUS).
|
|
The configuration file consists of global parameters and domain specific
|
|
configuration:
|
|
.P
|
|
\(bu IEEE 802.1X-2004
|
|
.P
|
|
\(bu RADIUS client
|
|
.P
|
|
\(bu RADIUS authentication server
|
|
.P
|
|
\(bu WPA/IEEE 802.11i
|
|
.SH GLOBAL PARAMETERS
|
|
The following parameters are recognized:
|
|
.SS interface
|
|
Interface name. Should be set in "hostap" mode.
|
|
.SS debug
|
|
Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps,
|
|
4 = excessive.
|
|
.SS dump_file
|
|
Dump file for state information (on SIGUSR1).
|
|
.SS ctrl_interface
|
|
The pathname of the directory in which hostapd(8) creates UNIX
|
|
domain socket files for communication with frontend programs such
|
|
as hostapd_cli(8).
|
|
.SS ctrl_interface_group
|
|
A group name or group ID to use in setting protection on the
|
|
control interface file. This can be set to allow non-root users
|
|
to access the control interface files. If no group is specified,
|
|
the group ID of the control interface is not modified and will,
|
|
typically, be the group ID of the directory in which the socket
|
|
is created.
|
|
.SH IEEE 802.1X-2004 PARAMETERS
|
|
The following parameters are recognized:
|
|
.SS ieee8021x
|
|
Require IEEE 802.1X authorization.
|
|
.SS eap_message
|
|
Optional displayable message sent with EAP Request-Identity.
|
|
.SS wep_key_len_broadcast
|
|
Key lengths for broadcast keys.
|
|
.SS wep_key_len_unicast
|
|
Key lengths for unicast keys.
|
|
.SS wep_rekey_period
|
|
Rekeying period in seconds.
|
|
.SS eapol_key_index_workaround
|
|
EAPOL-Key index workaround (set bit7) for WinXP Supplicant.
|
|
.SS eap_reauth_period
|
|
EAP reauthentication period in seconds. To disable
|
|
reauthentication, use "0".
|
|
.SH RADIUS CLIENT PARAMETERS
|
|
The following parameters are recognized:
|
|
.SS own_ip_addr
|
|
The own IP address of the access point (used as NAS-IP-Address).
|
|
.SS nas_identifier
|
|
Optional NAS-Identifier string for RADIUS messages.
|
|
.SS auth_server_addr, auth_server_port, auth_server_shared_secret
|
|
RADIUS authentication server parameters. Can be defined twice
|
|
for secondary servers to be used if primary one does not reply to
|
|
RADIUS packets.
|
|
.SS acct_server_addr, acct_server_port, acct_server_shared_secret
|
|
RADIUS accounting server parameters. Can be defined twice for
|
|
secondary servers to be used if primary one does not reply to
|
|
RADIUS packets.
|
|
.SS radius_retry_primary_interval
|
|
Retry interval for trying to return to the primary RADIUS server
|
|
(in seconds).
|
|
.SS radius_acct_interim_interval
|
|
Interim accounting update interval. If this is set (larger than
|
|
0) and acct_server is configured, hostapd(8) will send interim
|
|
accounting updates every N seconds.
|
|
.SH RADIUS AUTHENTICATION SERVER PARAMETERS
|
|
The following parameters are recognized:
|
|
.SS radius_server_clients
|
|
File name of the RADIUS clients configuration for the RADIUS
|
|
server. If this is commented out, RADIUS server is disabled.
|
|
.SS radius_server_auth_port
|
|
The UDP port number for the RADIUS authentication server.
|
|
.SS radius_server_ipv6
|
|
Use IPv6 with RADIUS server.
|
|
.SH WPA/IEEE 802.11i PARAMETERS
|
|
The following parameters are recognized:
|
|
.SS wpa
|
|
Enable WPA. Setting this variable configures the AP to require
|
|
WPA (either WPA-PSK or WPA-RADIUS/EAP based on other
|
|
configuration).
|
|
.SS wpa_psk, wpa_passphrase
|
|
WPA pre-shared keys for WPA-PSK. This can be either entered as a
|
|
256-bit secret in hex format (64 hex digits), wpa_psk, or as an
|
|
ASCII passphrase (8..63 characters) that will be converted to
|
|
PSK. This conversion uses SSID so the PSK changes when ASCII
|
|
passphrase is used and the SSID is changed.
|
|
.SS wpa_psk_file
|
|
Optionally, WPA PSKs can be read from a separate text file
|
|
(containing a list of (PSK,MAC address) pairs.
|
|
.SS wpa_key_mgmt
|
|
Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or
|
|
both).
|
|
.SS wpa_pairwise
|
|
Set of accepted cipher suites (encryption algorithms) for
|
|
pairwise keys (unicast packets). See the example file for more
|
|
information.
|
|
.SS wpa_group_rekey
|
|
Time interval for rekeying GTK (broadcast/multicast encryption
|
|
keys) in seconds.
|
|
.SS wpa_strict_rekey
|
|
Rekey GTK when any STA that possesses the current GTK is leaving
|
|
the BSS.
|
|
.SS wpa_gmk_rekey
|
|
Time interval for rekeying GMK (master key used internally to
|
|
generate GTKs (in seconds).
|
|
.SH SEE ALSO
|
|
hostapd(8), hostapd_cli(8), /usr/share/examples/hostapd/hostapd.conf
|
|
.SH HISTORY
|
|
The hostapd.conf manual page and hostapd(8) functionality first appeared
|
|
in NetBSD 4.0.
|
|
.SH AUTHORS
|
|
This manual page is derived from the README and hostapd.conf files in the
|
|
hostapd distribution provided by Jouni Malinen <jkmaline@cc.hut.fi>.
|