Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
HOSTAPD.CONF(5)		      File Formats Manual	       HOSTAPD.CONF(5)

NAME
       hostapd.conf -- configuration file for hostapd(8) utility

DESCRIPTION
       The  hostapd(8)	utility	 is an authenticator for IEEE 802.11 networks.
       It provides full	support	for WPA/IEEE 802.11i and can also  act	as  an
       IEEE 802.1X Authenticator with a	suitable backend Authentication	Server
       (typically FreeRADIUS).

       The  configuration  file	 consists of global parameters and domain spe-
       cific configuration:
	     	 IEEE 802.1X-2004
	     	 RADIUS	client
	     	 RADIUS	authentication server
	     	 WPA/IEEE 802.11i

GLOBAL PARAMETERS
       The following parameters	are recognized:

       interface
	       Interface name.	Should be set in "hostap" mode.	 Make  certain
	       that  there  are	no spaces after	the interface name, or hostapd
	       will complain that the interface	does not exist.

       debug   Debugging mode: 0 = no, 1 = minimal,  2	=  verbose,  3	=  msg
	       dumps, 4	= excessive.

       dump_file
	       Dump file for state information (on SIGUSR1).

       ctrl_interface
	       The  pathname of	the directory in which hostapd(8) creates Unix
	       domain socket files for communication  with  frontend  programs
	       such as hostapd_cli(8).

       ctrl_interface_group
	       A  group	 name  or group	ID to use in setting protection	on the
	       control interface file.	This can  be  set  to  allow  non-root
	       users  to  access  the control interface	files.	If no group is
	       specified, the group ID of the control interface	is  not	 modi-
	       fied  and  will,	typically, be the group	ID of the directory in
	       which the socket	is created.

IEEE 802.1X-2004 PARAMETERS
       The following parameters	are recognized:

       ieee8021x
	       Require IEEE 802.1X authorization.

       eap_message
	       Optional	displayable message sent with EAP Request-Identity.

       wep_key_len_broadcast
	       Key lengths for broadcast keys.

       wep_key_len_unicast
	       Key lengths for unicast keys.

       wep_rekey_period
	       Rekeying	period in seconds.

       eapol_key_index_workaround
	       EAPOL-Key index workaround (set bit7) for WinXP Supplicant.

       eap_reauth_period
	       EAP reauthentication period in seconds.	To disable reauthenti-
	       cation, use "0".

RADIUS CLIENT PARAMETERS
       The following parameters	are recognized:

       own_ip_addr
	       The own IP address of the  access  point	 (used	as  NAS-IP-Ad-
	       dress).

       nas_identifier
	       Optional	NAS-Identifier string for RADIUS messages.

       auth_server_addr, auth_server_port, auth_server_shared_secret
	       RADIUS  authentication server parameters.  Can be defined twice
	       for secondary servers to	be used	if primary one does not	 reply
	       to RADIUS packets.

       acct_server_addr, acct_server_port, acct_server_shared_secret
	       RADIUS  accounting server parameters.  Can be defined twice for
	       secondary servers to be used if primary one does	not  reply  to
	       RADIUS packets.

       radius_retry_primary_interval
	       Retry  interval	for  trying  to	 return	 to the	primary	RADIUS
	       server (in seconds).

       radius_acct_interim_interval
	       Interim accounting update interval.  If	this  is  set  (larger
	       than 0) and acct_server is configured, hostapd(8) will send in-
	       terim accounting	updates	every N	seconds.

RADIUS AUTHENTICATION SERVER PARAMETERS
       The following parameters	are recognized:

       radius_server_clients
	       File  name  of  the RADIUS clients configuration	for the	RADIUS
	       server.	If this	is commented out, RADIUS server	is disabled.

       radius_server_auth_port
	       The UDP port number for the RADIUS authentication server.

       radius_server_ipv6
	       Use IPv6	with RADIUS server.

WPA/IEEE 802.11i PARAMETERS
       The following parameters	are recognized:

       wpa     Enable WPA.  Setting this variable configures the AP to require
	       WPA (either WPA-PSK or WPA-RADIUS/EAP based on other configura-
	       tion).

       wpa_psk,	wpa_passphrase
	       WPA pre-shared keys for WPA-PSK.	 This can be either entered as
	       a 256-bit secret	in hex format (64 hex digits), wpa_psk,	or  as
	       an  ASCII  passphrase (8..63 characters)	that will be converted
	       to PSK.	This conversion	uses SSID  so  the  PSK	 changes  when
	       ASCII passphrase	is used	and the	SSID is	changed.

       wpa_psk_file
	       Optionally, WPA PSKs can	be read	from a separate	text file con-
	       taining a list of PSK and MAC address pairs.

       wpa_key_mgmt
	       Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or
	       both).

       wpa_pairwise
	       Set of accepted cipher suites (encryption algorithms) for pair-
	       wise keys (unicast packets).  See the example file for more in-
	       formation.

       wpa_group_rekey
	       Time  interval for rekeying GTK (broadcast/multicast encryption
	       keys) in	seconds.

       wpa_strict_rekey
	       Rekey GTK when any STA that possesses the current GTK is	 leav-
	       ing the BSS.

       wpa_gmk_rekey
	       Time  interval  for rekeying GMK	(master	key used internally to
	       generate	GTKs), in seconds.

SEE ALSO
       hostapd(8), hostapd_cli(8)

HISTORY
       The hostapd.conf	manual page and	 hostapd(8)  functionality  first  ap-
       peared in FreeBSD 6.0.

AUTHORS
       This  manual  page is derived from the README and hostapd.conf files in
       the hostapd distribution	provided by Jouni Malinen <j@w1.fi>.

FreeBSD	14.3		       September 2, 2006	       HOSTAPD.CONF(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=hostapd.conf&sektion=5&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help