FreeBSD Manual Pages

home | help
HOSTAPD.CONF(5)		    BSD	File Formats Manual	       HOSTAPD.CONF(5)

NAME
     hostapd.conf -- configuration file	for hostapd(8) utility

DESCRIPTION
     The hostapd(8) utility is an authenticator	for IEEE 802.11	networks.  It
     provides full support for WPA/IEEE	802.11i	and can	also act as an IEEE
     802.1X Authenticator with a suitable backend Authentication Server	(typi-
     cally FreeRADIUS).

     The configuration file consists of	global parameters and domain specific
     configuration:
	   o   IEEE 802.1X-2004
	   o   RADIUS client
	   o   RADIUS authentication server
	   o   WPA/IEEE	802.11i

GLOBAL PARAMETERS
     The following parameters are recognized:

     interface
	     Interface name.  Should be	set in "hostap"	mode.  Make certain
	     that there	are no spaces after the	interface name,	or hostapd
	     will complain that	the interface does not exist.

     debug   Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps,
	     4 = excessive.

     dump_file
	     Dump file for state information (on SIGUSR1).

     ctrl_interface
	     The pathname of the directory in which hostapd(8) creates UNIX
	     domain socket files for communication with	frontend programs such
	     as	hostapd_cli(8).

     ctrl_interface_group
	     A group name or group ID to use in	setting	protection on the con-
	     trol interface file.  This	can be set to allow non-root users to
	     access the	control	interface files.  If no	group is specified,
	     the group ID of the control interface is not modified and will,
	     typically,	be the group ID	of the directory in which the socket
	     is	created.

IEEE 802.1X-2004 PARAMETERS
     The following parameters are recognized:

     ieee8021x
	     Require IEEE 802.1X authorization.

     eap_message
	     Optional displayable message sent with EAP	Request-Identity.

     wep_key_len_broadcast
	     Key lengths for broadcast keys.

     wep_key_len_unicast
	     Key lengths for unicast keys.

     wep_rekey_period
	     Rekeying period in	seconds.

     eapol_key_index_workaround
	     EAPOL-Key index workaround	(set bit7) for WinXP Supplicant.

     eap_reauth_period
	     EAP reauthentication period in seconds.  To disable reauthentica-
	     tion, use "0".

RADIUS CLIENT PARAMETERS
     The following parameters are recognized:

     own_ip_addr
	     The own IP	address	of the access point (used as NAS-IP-Address).

     nas_identifier
	     Optional NAS-Identifier string for	RADIUS messages.

     auth_server_addr, auth_server_port, auth_server_shared_secret
	     RADIUS authentication server parameters.  Can be defined twice
	     for secondary servers to be used if primary one does not reply to
	     RADIUS packets.

     acct_server_addr, acct_server_port, acct_server_shared_secret
	     RADIUS accounting server parameters.  Can be defined twice	for
	     secondary servers to be used if primary one does not reply	to RA-
	     DIUS packets.

     radius_retry_primary_interval
	     Retry interval for	trying to return to the	primary	RADIUS server
	     (in seconds).

     radius_acct_interim_interval
	     Interim accounting	update interval.  If this is set (larger than
	     0)	and acct_server	is configured, hostapd(8) will send interim
	     accounting	updates	every N	seconds.

RADIUS AUTHENTICATION SERVER PARAMETERS
     The following parameters are recognized:

     radius_server_clients
	     File name of the RADIUS clients configuration for the RADIUS
	     server.  If this is commented out,	RADIUS server is disabled.

     radius_server_auth_port
	     The UDP port number for the RADIUS	authentication server.

     radius_server_ipv6
	     Use IPv6 with RADIUS server.

WPA/IEEE 802.11i PARAMETERS
     The following parameters are recognized:

     wpa     Enable WPA.  Setting this variable	configures the AP to require
	     WPA (either WPA-PSK or WPA-RADIUS/EAP based on other configura-
	     tion).

     wpa_psk, wpa_passphrase
	     WPA pre-shared keys for WPA-PSK.  This can	be either entered as a
	     256-bit secret in hex format (64 hex digits), wpa_psk, or as an
	     ASCII passphrase (8..63 characters) that will be converted	to
	     PSK.  This	conversion uses	SSID so	the PSK	changes	when ASCII
	     passphrase	is used	and the	SSID is	changed.

     wpa_psk_file
	     Optionally, WPA PSKs can be read from a separate text file	con-
	     taining a list of PSK and MAC address pairs.

     wpa_key_mgmt
	     Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or
	     both).

     wpa_pairwise
	     Set of accepted cipher suites (encryption algorithms) for pair-
	     wise keys (unicast	packets).  See the example file	for more in-
	     formation.

     wpa_group_rekey
	     Time interval for rekeying	GTK (broadcast/multicast encryption
	     keys) in seconds.

     wpa_strict_rekey
	     Rekey GTK when any	STA that possesses the current GTK is leaving
	     the BSS.

     wpa_gmk_rekey
	     Time interval for rekeying	GMK (master key	used internally	to
	     generate GTKs), in	seconds.

SEE ALSO
     hostapd(8), hostapd_cli(8)

HISTORY
     The hostapd.conf manual page and hostapd(8) functionality first appeared
     in	FreeBSD	6.0.

AUTHORS
     This manual page is derived from the README and hostapd.conf files	in the
     hostapd distribution provided by Jouni Malinen <j@w1.fi>.

BSD			       September 2, 2006			   BSD
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=hostapd.conf&sektion=5&manpath=FreeBSD+13.0-RELEASE+and+Ports>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
