NetWorld Tips from William Caban: Configuring CENTOS 6.4 minimal install for Wireless without NetworkManager using WPA

Saturday, August 31, 2013

Configuring CENTOS 6.4 minimal install for Wireless without NetworkManager using WPA_Supplicant

I found myself configuring a lot of CentOS based devices as nodes for my lab environment. Sometimes it is easier to connect them wirelessly than having a bunch of cables around. Since I use this nodes with CentOS 6.4 minimal install, getting the wireless to be the primary uplink interface requires a series of steps.

First we need to install the wireless tools and other tools that we need for wireless encryption configuration and so on. So, the first step is this:

yum install wireless-tools wpa_supplicant dbus

Once you have those installed in your system, then edit the ifcfg-wlan0 with the correct parameters. There are many parameters that are not needed but I kept them in case I want to use NetworkManager or similar tool in the future. Your wireless NIC configuration should look something like this:

[edited: May 2014]

/etc/sysconfig/network-scripts/ifcfg-wlan0

DEVICE=wlan0

HWADDR=<your-mac-address>

TYPE=Wireless

UUID=<an-optional-uuid>

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=dhcp

PEERDNS=yes

USERCTL=yes

NETWORKING_IPV6=no

ESSID=<your-ssid>

CHANNEL=<ssid-channel>

MODE=Managed

RATE=Auto

Disable NetworkManager

# chkconfig NetworkManager off

If you don't know the wireless channel for your SSID you can use the iwlist command to scan and find out the channel information.

# iwlist wlan0 scan

Then you have to configure the wpa_supplicant options and devices:

/etc/sysconfig/wpa_supplicant

INTERFACES="-iwlan0"

DRIVERS="-Dnl80211"

OTHER_ARGS="-u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid"

Notice than I'm using the n180211 driver since the wext is considered legacy.

Now, lets create an entry for our SSID at the wpa_supplicant configuration. If you are using a passphrase you have to write the heximal representation for the configuration. Fortunately there is a tool that helps us with that. The tool generates the basic network configuration so you can append it to the wpa_supplicant.conf file directly.

Format:

# wpa_passphrase <ssid> <passphrase> >> /etc/wpa_supplicant/wpa_supplicant.conf

Using ssid=MyESSID with passphrase=12345678 the command will be:

# wpa_passphrase MyESSID 12345678 >> /etc/wpa_supplicant/wpa_supplicant.conf

For this example I'm using WPA PSK for my local wireless network so I have to add those parameters as well. In this case I'm adding the key_mgmt and scan_ssid statements.

/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=wheel

network={

ssid="MyESSID"

scan_ssid=1

key_mgmt=WPA-PSK

#psk="12345678"

psk=843f314c3357dd62e8f1865fa8d6a06918e26c0e7bdc0b4208b49d975333fce

}

Other common configuration options for wpa_supplicat are:

Plain text (no encryption) network

network={

 ssid="MyESSID"
 key_mgmt=NONE
}

Static WEP keys

network={

 ssid="MyESSID"
 key_mgmt=NONE
 wep_key0="abcde"
 wep_key1=0102030405
 wep_tx_keyidx=0
}

IEEE 802.1x with dynamic WEP keys using EAP-PEAP/MSCHAPv2

network={

 ssid="MyESSID"

 key_mgmt=IEEE8021X
 eap=PEAP
 phase2="auth=MSCHAPV2"
 identity="user name"
 password="password"
 ca_cert="/etc/cert/ca.pem"
}

WPA-PSK/TKIP


network={

 ssid="MyESSID"
 key_mgmt=WPA-PSK
 proto=WPA
 pairwise=TKIP
 group=TKIP
 psk="secret passphrase"
}

WPA2-EAP/CCMP using EAP-TLS


network={

 ssid="MyESSID"
 key_mgmt=WPA-EAP
 proto=WPA2
 pairwise=CCMP
 group=CCMP
 eap=TLS
 ca_cert="/etc/cert/ca.pem"
 private_key="/etc/cert/user.p12"
 private_key_passwd="PKCS#12 passhrase"
}

For detailed explanations on wpa supplicant options visit:
http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/wpa_supplicant.conf

and

http://hostap.epitest.fi/wpa_supplicant/

Finally, make sure DBUS and WAP Supplicant services are set to start automatically with the system and/or manually start them for a test.

Enabling the services at boot time:

# chkconfig messagebus on

# chkconfig wpa_supplicant on

During the init boot process the network script will be executed before the messagebus and wpa_supplicant scripts so the wlan0 activation will fail. You should add "ifup wlan0" to your rc.local if you want for the wlan0 to be your primary connectivity.

echo "ifup wlan0" >> /etc/rc.local

Testing the configuration:

# service messagebus start

# service wpa_supplicant start

# ifup wlan0

Done. That should do it!

10 comments:

Тавинцев ВалераJanuary 4, 2014 at 11:28 AM
Sorry for my bad english. :)

1. file: /etc/sysconfig/network-scripts/ifcfg-wlan0
NM_CONTROLLED=yes - this fatal error! need: NM_CONTROLLED=no
ESSID= - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
CHANNEL= - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
MODE=Managed - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
RATE=Auto - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
2. metod:
echo "ifup wlan0" >> /etc/rc.local
- is not right!
success execute internal metod OS! :)

If exist question or ... please e-mail:
tvlm00@mail.ru
ReplyDelete
Sneha HeartinMarch 18, 2014 at 11:41 AM
It throws the error "cannot find the repo:base". Since wireless is not enabled, it cannot dynamically connect to mirrorlist url. Is there any way to download all those mirrorlist .
Which all files are required?
Thanks in advance
Sneha
ReplyDelete
Replies
Alfredo CarpioApril 15, 2014 at 6:47 PM
Good job bro. Centos 6.5
UUID= Don´t used
USERCTL=yes >>>> Don´t used
NM_CONTROLLED=no >>>>>> and >>>> chkconfig NetworkManager on

That´s it.!!!!
ReplyDelete
rosyid daimanMay 1, 2015 at 8:48 AM
I like your article,
bisnis online gratis bisnis online gratis bisnis online gratis blog health and business blog health beauty blog health and beauty judul skripsi pai jilbab murah game online cyst how to newest how to newest
very good gan
ReplyDelete
mayazoeFebruary 25, 2017 at 10:31 PM
Securing information you transmit while using a wireless device has never been easier. I wish this was not the case but in the real world this happens every day, people go down to their local electronics store, buy a wireless router put the box under their arm and off they go.RouterReset
ReplyDelete
Jack SonOctober 15, 2017 at 10:41 PM
Which means if you just take it out of the box and use it you could be allowing your neighbor, a person sitting in a vehicle down the road to access your now wireless Internet. www.wolffofcanada.com
ReplyDelete
Jims lindaJanuary 27, 2018 at 12:18 PM
Just pure brilliance from you here. I have never expected something less than this from you and you have not disappointed me at all. I suppose you will keep the quality work going on. Best Wireless Router
ReplyDelete
preethi ShettyFebruary 27, 2018 at 5:03 AM
This is the one I am looking for since days ago. Thank you very much for sharing such an awesome article.
For Web Services Training
ReplyDelete
Kavin CookApril 9, 2018 at 4:20 AM
If it's a second-hand router you may need to hard reset it to get it back to it's default. Hard resetting usually involves poking a paper clip into a tiny hole in the back of the router and holding it for 15 to 30 seconds and releasing.wireless routers review
ReplyDelete

Add comment