Mageia Bugzilla – Attachment 13937 Details for
Bug 32160
aarch64 Wpa_supplicant default configuration contains errors
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
proposed mga default wpa_supplicant config file
wpa_supplicant.conf (text/plain), 5.91 KB, created by
David GEIGER
on 2023-08-10 09:45:24 CEST
(
hide
)
Description:
proposed mga default wpa_supplicant config file
Filename:
MIME Type:
Creator:
David GEIGER
Created:
2023-08-10 09:45:24 CEST
Size:
5.91 KB
patch
obsolete
>##### Default configuration file for wpa_supplicant.conf(5).##### > > ># Whether to allow wpa_supplicant to update (overwrite) configuration ># ># This option can be used to allow wpa_supplicant to overwrite configuration ># file whenever configuration is changed (e.g., new network block is added with ># wpa_cli or wpa_gui, or a password is changed). This is required for ># wpa_cli/wpa_gui to be able to store the configuration changes permanently. ># Please note that overwriting configuration file will remove the comments from ># it. >update_config=1 > > ># global configuration (shared by all network blocks) ># ># Parameters for the control interface. If this is specified, wpa_supplicant ># will open a control interface that is available for external programs to ># manage wpa_supplicant. The meaning of this string depends on which control ># interface mechanism is used. For all cases, the existence of this parameter ># in configuration is used to determine whether the control interface is ># enabled. ># ># For UNIX domain sockets (default on Linux and BSD): This is a directory that ># will be created for UNIX domain sockets for listening to requests from ># external programs (CLI/GUI, etc.) for status information and configuration. ># The socket file will be named based on the interface name, so multiple ># wpa_supplicant processes can be run at the same time if more than one ># interface is used. ># /run/wpa_supplicant is the recommended directory for sockets and by ># default, wpa_cli will use it when trying to connect with wpa_supplicant. ># ># Access control for the control interface can be configured by setting the ># directory to allow only members of a group to use sockets. This way, it is ># possible to run wpa_supplicant as root (since it needs to change network ># configuration and open raw sockets) and still allow GUI/CLI components to be ># run as non-root users. However, since the control interface can be used to ># change the network configuration, this access needs to be protected in many ># cases. By default, wpa_supplicant is configured to use gid 0 (root). If you ># want to allow non-root users to use the control interface, add a new group ># and change this value to match with that group. Add users that should have ># control interface access to this group. If this variable is commented out or ># not included in the configuration file, group will not be changed from the ># value it got by default when the directory or socket was created. ># ># When configuring both the directory and group, use following format: ># DIR=/run/wpa_supplicant GROUP=wheel ># DIR=/run/wpa_supplicant GROUP=0 ># (group can be either group name or gid) ># ># For UDP connections (default on Windows): The value will be ignored. This ># variable is just used to select that the control interface is to be created. ># The value can be set to, e.g., udp (ctrl_interface=udp) ># ># For Windows Named Pipe: This value can be used to set the security descriptor ># for controlling access to the control interface. Security descriptor can be ># set using Security Descriptor String Format (see http://msdn.microsoft.com/ ># library/default.asp?url=/library/en-us/secauthz/security/ ># security_descriptor_string_format.asp). The descriptor string needs to be ># prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty ># DACL (which will reject all connections). See README-Windows.txt for more ># information about SDDL string format. ># >ctrl_interface=/run/wpa_supplicant >#ctrl_interface_group=wheel > > ># IEEE 802.1X/EAPOL version ># wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines ># EAPOL version 2. However, there are many APs that do not handle the new ># version number correctly (they seem to drop the frames completely). In order ># to make wpa_supplicant interoperate with these APs, the version number is set ># to 1 by default. This configuration value can be used to set it to the new ># version (2). ># Note: When using MACsec, eapol_version shall be set to 3, which is ># defined in IEEE Std 802.1X-2010. >eapol_version=1 > > ># AP scanning/selection ># By default, wpa_supplicant requests driver to perform AP scanning and then ># uses the scan results to select a suitable AP. Another alternative is to ># allow the driver to take care of AP scanning and selection and use ># wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association ># information from the driver. ># 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to ># the currently enabled networks are found, a new network (IBSS or AP mode ># operation) may be initialized (if configured) (default) ># 0: This mode must only be used when using wired Ethernet drivers ># (including MACsec). ># 2: like 0, but associate with APs using security policy and SSID (but not ># BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to ># enable operation with hidden SSIDs and optimized roaming; in this mode, ># the network blocks in the configuration file are tried one by one until ># the driver reports successful association; each network block should have ># explicit security policy (i.e., only one option in the lists) for ># key_mgmt, pairwise, group, proto variables ># Note: ap_scan=0/2 should not be used with the nl80211 driver interface (the ># current Linux interface). ap_scan=1 is the only option working with nl80211. ># For finding networks using hidden SSID, scan_ssid=1 in the network block can ># be used with nl80211. ># When using IBSS or AP mode, ap_scan=2 mode can force the new network to be ># created immediately regardless of scan results. ap_scan=1 mode will first try ># to scan for existing networks and only if no matches with the enabled ># networks are found, a new IBSS or AP mode network is created. >ap_scan=1 > > ># EAP fast re-authentication ># By default, fast re-authentication is enabled for all EAP methods that ># support it. This variable can be used to disable fast re-authentication. ># Normally, there is no need to disable this. >fast_reauth=1 > > >##### Add here your networks.#####
##### Default configuration file for wpa_supplicant.conf(5).##### # Whether to allow wpa_supplicant to update (overwrite) configuration # # This option can be used to allow wpa_supplicant to overwrite configuration # file whenever configuration is changed (e.g., new network block is added with # wpa_cli or wpa_gui, or a password is changed). This is required for # wpa_cli/wpa_gui to be able to store the configuration changes permanently. # Please note that overwriting configuration file will remove the comments from # it. update_config=1 # global configuration (shared by all network blocks) # # Parameters for the control interface. If this is specified, wpa_supplicant # will open a control interface that is available for external programs to # manage wpa_supplicant. The meaning of this string depends on which control # interface mechanism is used. For all cases, the existence of this parameter # in configuration is used to determine whether the control interface is # enabled. # # For UNIX domain sockets (default on Linux and BSD): This is a directory that # will be created for UNIX domain sockets for listening to requests from # external programs (CLI/GUI, etc.) for status information and configuration. # The socket file will be named based on the interface name, so multiple # wpa_supplicant processes can be run at the same time if more than one # interface is used. # /run/wpa_supplicant is the recommended directory for sockets and by # default, wpa_cli will use it when trying to connect with wpa_supplicant. # # Access control for the control interface can be configured by setting the # directory to allow only members of a group to use sockets. This way, it is # possible to run wpa_supplicant as root (since it needs to change network # configuration and open raw sockets) and still allow GUI/CLI components to be # run as non-root users. However, since the control interface can be used to # change the network configuration, this access needs to be protected in many # cases. By default, wpa_supplicant is configured to use gid 0 (root). If you # want to allow non-root users to use the control interface, add a new group # and change this value to match with that group. Add users that should have # control interface access to this group. If this variable is commented out or # not included in the configuration file, group will not be changed from the # value it got by default when the directory or socket was created. # # When configuring both the directory and group, use following format: # DIR=/run/wpa_supplicant GROUP=wheel # DIR=/run/wpa_supplicant GROUP=0 # (group can be either group name or gid) # # For UDP connections (default on Windows): The value will be ignored. This # variable is just used to select that the control interface is to be created. # The value can be set to, e.g., udp (ctrl_interface=udp) # # For Windows Named Pipe: This value can be used to set the security descriptor # for controlling access to the control interface. Security descriptor can be # set using Security Descriptor String Format (see http://msdn.microsoft.com/ # library/default.asp?url=/library/en-us/secauthz/security/ # security_descriptor_string_format.asp). The descriptor string needs to be # prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty # DACL (which will reject all connections). See README-Windows.txt for more # information about SDDL string format. # ctrl_interface=/run/wpa_supplicant #ctrl_interface_group=wheel # IEEE 802.1X/EAPOL version # wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines # EAPOL version 2. However, there are many APs that do not handle the new # version number correctly (they seem to drop the frames completely). In order # to make wpa_supplicant interoperate with these APs, the version number is set # to 1 by default. This configuration value can be used to set it to the new # version (2). # Note: When using MACsec, eapol_version shall be set to 3, which is # defined in IEEE Std 802.1X-2010. eapol_version=1 # AP scanning/selection # By default, wpa_supplicant requests driver to perform AP scanning and then # uses the scan results to select a suitable AP. Another alternative is to # allow the driver to take care of AP scanning and selection and use # wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association # information from the driver. # 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to # the currently enabled networks are found, a new network (IBSS or AP mode # operation) may be initialized (if configured) (default) # 0: This mode must only be used when using wired Ethernet drivers # (including MACsec). # 2: like 0, but associate with APs using security policy and SSID (but not # BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to # enable operation with hidden SSIDs and optimized roaming; in this mode, # the network blocks in the configuration file are tried one by one until # the driver reports successful association; each network block should have # explicit security policy (i.e., only one option in the lists) for # key_mgmt, pairwise, group, proto variables # Note: ap_scan=0/2 should not be used with the nl80211 driver interface (the # current Linux interface). ap_scan=1 is the only option working with nl80211. # For finding networks using hidden SSID, scan_ssid=1 in the network block can # be used with nl80211. # When using IBSS or AP mode, ap_scan=2 mode can force the new network to be # created immediately regardless of scan results. ap_scan=1 mode will first try # to scan for existing networks and only if no matches with the enabled # networks are found, a new IBSS or AP mode network is created. ap_scan=1 # EAP fast re-authentication # By default, fast re-authentication is enabled for all EAP methods that # support it. This variable can be used to disable fast re-authentication. # Normally, there is no need to disable this. fast_reauth=1 ##### Add here your networks.#####
View Attachment As Raw
Actions:
View
Attachments on
bug 32160
: 13937