168
168
Since the example configuration used Atheros WLAN card, the middle one
169
169
is the correct interface in this case. The interface name for -i
170
command line option is the full string following "ifname:". In other
171
words, wpa_supplicant would be started with following command:
170
command line option is the full string following "ifname:" (the
171
"\Device\NPF_" prefix can be removed). In other words, wpa_supplicant
172
would be started with the following command:
173
# wpa_supplicant.exe -i'\Device\NPF_{769E012B-FD17-4935-A5E3-8090C38E25D2}' -c wpa_supplicant.conf -d
174
# wpa_supplicant.exe -i'{769E012B-FD17-4935-A5E3-8090C38E25D2}' -c wpa_supplicant.conf -d
175
176
-d optional enables some more debugging (use -dd for even more, if
176
177
needed). It can be left out if debugging information is not needed.
198
199
scanning; this allows APs with hidden SSIDs to be used)
201
wpa_cli.exe can be used to interact with the wpa_supplicant.exe
202
program in the same way as with Linux. Note that ctrl_interface is
203
using UNIX domain sockets when build for cygwin, but the native build
204
for Windows uses UDP sockets and the contents of the ctrl_interface
205
configuration item is ignore for this case. Anyway, this variable has
206
to be included in the configuration to enable the control interface.
202
wpa_cli.exe and wpa_gui.exe can be used to interact with the
203
wpa_supplicant.exe program in the same way as with Linux. Note that
204
ctrl_interface is using UNIX domain sockets when built for cygwin, but
205
the native build for Windows uses named pipes and the contents of the
206
ctrl_interface configuration item is used to control access to the
207
interface. Anyway, this variable has to be included in the configuration
208
to enable the control interface.
211
Example SDDL string formats:
213
(local admins group has permission, but nobody else):
215
ctrl_interface=SDDL=D:(A;;GA;;;BA)
217
("A" == "access allowed", "GA" == GENERIC_ALL == all permissions, and
218
"BA" == "builtin administrators" == the local admins. The empty fields
219
are for flags and object GUIDs, none of which should be required in this
222
(local admins and the local "power users" group have permissions,
225
ctrl_interface=SDDL=D:(A;;GA;;;BA)(A;;GA;;;PU)
227
(One ACCESS_ALLOWED ACE for GENERIC_ALL for builtin administrators, and
228
one ACCESS_ALLOWED ACE for GENERIC_ALL for power users.)
230
(close to wide open, but you have to be a valid user on
233
ctrl_interface=SDDL=D:(A;;GA;;;AU)
235
(One ACCESS_ALLOWED ACE for GENERIC_ALL for the "authenticated users"
238
This one would allow absolutely everyone (including anonymous
239
users) -- this is *not* recommended, since named pipes can be attached
240
to from anywhere on the network (i.e. there's no "this machine only"
241
like there is with 127.0.0.1 sockets):
243
ctrl_interface=SDDL=D:(A;;GA;;;BU)(A;;GA;;;AN)
245
(BU == "builtin users", "AN" == "anonymous")
247
See also [1] for the format of ACEs, and [2] for the possible strings
248
that can be used for principal names.
251
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/ace_strings.asp
253
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/sid_strings.asp
209
256
Starting wpa_supplicant as a Windows service (wpasvc.exe)
221
268
HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant. This level includes global
222
269
parameters and a 'interfaces' subkey with all the interface configuration
223
270
(adapter to confname mapping). Each such mapping is a subkey that has
224
'adapter' and 'config' values.
271
'adapter', 'config', and 'ctrl_interface' values.
226
273
This program can be run either as a normal command line application,
227
274
e.g., for debugging, with 'wpasvc.exe app' or as a Windows service.
228
275
Service need to be registered with 'wpasvc.exe reg <full path to
229
wpasvc.exe>'. After this, it can be started like any other Windows
230
service (e.g., 'net start wpasvc') or it can be configured to start
231
automatically through the Services tool in administrative tasks. The
232
service can be unregistered with 'wpasvc.exe unreg'.
276
wpasvc.exe>'. Alternatively, 'wpasvc.exe reg' can be used to register
277
the service with the current location of wpasvc.exe. After this, wpasvc
278
can be started like any other Windows service (e.g., 'net start wpasvc')
279
or it can be configured to start automatically through the Services tool
280
in administrative tasks. The service can be unregistered with
234
283
If the service is set to start during system bootup to make the
235
284
network connection available before any user has logged in, there may