Saturday, August 31, 2013

Configuring CENTOS 6.4 minimal install for Wireless without NetworkManager using WPA_Supplicant

I found myself configuring a lot of CentOS based devices as nodes for my lab environment. Sometimes it is easier to connect them wirelessly than having a bunch of cables around. Since I use this nodes with CentOS 6.4 minimal install, getting the wireless to be the primary uplink interface requires a series of steps.

First we need to install the wireless tools and other tools that we need for wireless encryption configuration and so on. So, the first step is this:

yum install wireless-tools wpa_supplicant dbus

Once you have those installed in your system, then edit the ifcfg-wlan0 with the correct parameters. There are many parameters that are not needed but I kept them in case I want to use NetworkManager or similar tool in the future. Your wireless NIC configuration should look something like this:

[edited: May 2014]
/etc/sysconfig/network-scripts/ifcfg-wlan0

DEVICE=wlan0
HWADDR=<your-mac-address>
TYPE=Wireless
UUID=<an-optional-uuid>
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=dhcp
PEERDNS=yes
USERCTL=yes
NETWORKING_IPV6=no
ESSID=<your-ssid>
CHANNEL=<ssid-channel>
MODE=Managed
RATE=Auto

Disable NetworkManager

 # chkconfig NetworkManager off

If you don't know the wireless channel for your SSID you can use the iwlist command to scan and find out the channel information.

# iwlist wlan0 scan

Then you have to configure the wpa_supplicant options and devices:

/etc/sysconfig/wpa_supplicant

INTERFACES="-iwlan0"
DRIVERS="-Dnl80211"
OTHER_ARGS="-u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid"

Notice than I'm using the n180211 driver since the wext is considered legacy.

Now, lets create an entry for our SSID at the wpa_supplicant configuration. If you are using a passphrase you have to write the heximal representation for the configuration. Fortunately there is a tool that helps us with that. The tool generates the basic network configuration so you can append it to the wpa_supplicant.conf file directly.

Format:
# wpa_passphrase <ssid> <passphrase> >> /etc/wpa_supplicant/wpa_supplicant.conf

Using ssid=MyESSID with passphrase=12345678 the command will be:
# wpa_passphrase MyESSID 12345678 >> /etc/wpa_supplicant/wpa_supplicant.conf


For this example I'm using WPA PSK for my local wireless network so I have to add those parameters as well. In this case I'm adding the key_mgmt and scan_ssid statements.

/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel

network={
        ssid="MyESSID"
  scan_ssid=1
key_mgmt=WPA-PSK
        #psk="12345678"
        psk=843f314c3357dd62e8f1865fa8d6a06918e26c0e7bdc0b4208b49d975333fce
}

Other common configuration options for wpa_supplicat are:

Plain text (no encryption) network
network={
 ssid="MyESSID"
 key_mgmt=NONE
}

Static WEP keys
network={
 ssid="MyESSID"
 key_mgmt=NONE
 wep_key0="abcde"
 wep_key1=0102030405
 wep_tx_keyidx=0
}

IEEE 802.1x with dynamic WEP keys using EAP-PEAP/MSCHAPv2
network={
 ssid="MyESSID"


 key_mgmt=IEEE8021X
 eap=PEAP
 phase2="auth=MSCHAPV2"
 identity="user name"
 password="password"
 ca_cert="/etc/cert/ca.pem"
}



WPA-PSK/TKIP

network={


 ssid="MyESSID"

 key_mgmt=WPA-PSK
 proto=WPA
 pairwise=TKIP
 group=TKIP
 psk="secret passphrase"
}
WPA2-EAP/CCMP using EAP-TLS

network={


 ssid="MyESSID"

 key_mgmt=WPA-EAP
 proto=WPA2
 pairwise=CCMP
 group=CCMP
 eap=TLS
 ca_cert="/etc/cert/ca.pem"
 private_key="/etc/cert/user.p12"
 private_key_passwd="PKCS#12 passhrase"
}




Finally, make sure DBUS and WAP Supplicant services are set to start automatically with the system and/or manually start them for a test.

Enabling the services at boot time:

# chkconfig messagebus on
# chkconfig wpa_supplicant on

During the init boot process the network script will be executed before the messagebus and wpa_supplicant scripts so the wlan0 activation will fail. You should add "ifup wlan0" to your rc.local if you want for the wlan0 to be your primary connectivity.

echo "ifup wlan0" >> /etc/rc.local

Testing the configuration:

# service messagebus start
# service wpa_supplicant start
# ifup wlan0

Done. That should do it!

Posted by William Caban at 8:32 PM
Labels: , , ,

13 comments:

  1. Тавинцев ВалераJanuary 4, 2014 at 11:28 AM

    Sorry for my bad english. :)

    1. file: /etc/sysconfig/network-scripts/ifcfg-wlan0
    NM_CONTROLLED=yes - this fatal error! need: NM_CONTROLLED=no
    ESSID= - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    CHANNEL= - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    MODE=Managed - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    RATE=Auto - this is right into: /etc/wpa_supplicant/wpa_supplicant.conf
    2. metod:
    echo "ifup wlan0" >> /etc/rc.local
    - is not right!
    success execute internal metod OS! :)

    If exist question or ... please e-mail:
    tvlm00@mail.ru

    ReplyDelete
  2. Sneha HeartinMarch 18, 2014 at 11:41 AM

    It throws the error "cannot find the repo:base". Since wireless is not enabled, it cannot dynamically connect to mirrorlist url. Is there any way to download all those mirrorlist .
    Which all files are required?
    Thanks in advance
    Sneha

    ReplyDelete
    Replies
    1. Sneha HeartinMarch 18, 2014 at 11:43 AM

      Adding to above:running the basic command "yum install wireless tools" itself throws the above error

      Delete
  3. Alfredo CarpioApril 15, 2014 at 6:47 PM

    Good job bro. Centos 6.5
    UUID= Don´t used
    USERCTL=yes >>>> Don´t used
    NM_CONTROLLED=no >>>>>> and >>>> chkconfig NetworkManager on

    That´s it.!!!!

    ReplyDelete
  4. rosyid daimanMay 1, 2015 at 8:48 AM

    I like your article,
    bisnis online gratis bisnis online gratis bisnis online gratis blog health and business blog health beauty blog health and beauty judul skripsi pai jilbab murah game online cyst how to newest how to newest
    very good gan

    ReplyDelete
  5. mayazoeFebruary 25, 2017 at 10:31 PM

    Securing information you transmit while using a wireless device has never been easier. I wish this was not the case but in the real world this happens every day, people go down to their local electronics store, buy a wireless router put the box under their arm and off they go.RouterReset

    ReplyDelete
  6. Jack SonOctober 15, 2017 at 10:41 PM

    Which means if you just take it out of the box and use it you could be allowing your neighbor, a person sitting in a vehicle down the road to access your now wireless Internet. www.wolffofcanada.com

    ReplyDelete
  7. Jims lindaJanuary 27, 2018 at 12:18 PM

    Just pure brilliance from you here. I have never expected something less than this from you and you have not disappointed me at all. I suppose you will keep the quality work going on. Best Wireless Router

    ReplyDelete
  8. preethi ShettyFebruary 27, 2018 at 5:03 AM

    This is the one I am looking for since days ago. Thank you very much for sharing such an awesome article.
    For Web Services Training

    ReplyDelete
  9. Kavin CookApril 9, 2018 at 4:20 AM

    If it's a second-hand router you may need to hard reset it to get it back to it's default. Hard resetting usually involves poking a paper clip into a tiny hole in the back of the router and holding it for 15 to 30 seconds and releasing.wireless routers review

    ReplyDelete
  10. UnknownJuly 21, 2018 at 3:58 AM

    Thank you so much williams,you have clarified my doubts!nice putting efforts. visit my site for more information.

    ReplyDelete
  11. Sneha ReddyAugust 8, 2018 at 5:11 AM

    Thank you For Your Wonderful Information Sir Thanks for Sharing..

    https://seshajobs.com/classroom-training/
    https://seshajobs.com/online-training/

    ReplyDelete
  12. Street viewOctober 5, 2018 at 8:47 PM

    You have posted a very detail document. I read all of your article and I really like it, I understand your point of view.
    - USPS Tracking

    ReplyDelete

Subscribe to: Post Comments (Atom)