1 .\" Copyright (c) 2005 Sam Leffler <sam@errno.com>
2 .\" All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .Nd "text-based frontend program for interacting with wpa_supplicant"
33 .Op Fl p Ar path_to_ctrl_sockets
36 .Op Fl a Ar action_file
38 .Op Fl g Ar global_ctrl
39 .Op Fl G Ar ping_interval
45 is a text-based frontend program for interacting with
46 .Xr wpa_supplicant 8 .
47 It is used to query current status,
51 request interactive user input.
57 current authentication status,
59 mode, dot11 and dot1x MIBs, etc.
62 can configure EAPOL state machine
63 parameters and trigger events such as reassociation
64 and IEEE 802.1X logoff/logon.
69 provides an interface to supply authentication information
70 such as username and password when it is not provided in the
71 .Xr wpa_supplicant.conf 5
73 This can be used, for example, to implement
74 one-time passwords or generic token card
75 authentication where the authentication is based on a
76 challenge-response that uses an external device for generating the
82 supports two modes: interactive and command line.
83 Both modes share the same command set and the main difference
84 is in interactive mode providing access to unsolicited messages
85 (event messages, username/password requests).
87 Interactive mode is started when
89 is executed without any parameters on the command line.
90 Commands are then entered from the controlling terminal in
94 In command line mode, the same commands are
95 entered as command line arguments.
97 The control interface of
99 can be configured to allow
100 non-root user access by using the
101 .Va ctrl_interface_group
104 .Xr wpa_supplicant.conf 5
106 This makes it possible to run
108 with a normal user account.
109 .Sh AUTHENTICATION PARAMETERS
112 needs authentication parameters, such as username and password,
113 that are not present in the configuration file, it sends a
114 request message to all attached frontend programs, e.g.,
120 shows these requests with a
121 .Dq Li CTRL-REQ- Ns Ao Ar type Ac Ns Li - Ns Ao Ar id Ac Ns : Ns Aq Ar text
125 .Li IDENTITY , PASSWORD ,
130 is a unique identifier for the current network,
132 is a description of the request.
135 (One-Time Password) request,
136 it includes the challenge from the authentication server.
140 the needed parameters in response to these requests.
143 .Bd -literal -offset indent
144 CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
145 > password 1 mysecretpassword
147 Example request for generic token card challenge-response:
149 CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
153 These options are available:
154 .Bl -tag -width indent
156 Control sockets path.
157 This should match the
160 .Xr wpa_supplicant.conf 5 .
162 .Pa /var/run/wpa_supplicant .
164 Interface to be configured.
165 By default, the first interface found in the socket path is used.
169 Show version information.
171 Run the daemon in the background.
172 .It Fl a Ar action_file
173 Run in daemon mode, executing the action file based on events from
174 .Xr wpa_supplicant 8 .
177 .It Fl g Ar global_ctrl
178 Use a global control interface to
180 rather than the default Unix domain sockets.
181 .It Fl G Ar ping_interval
184 seconds before sending each ping to
185 .Xr wpa_supplicant 8 .
190 See available commands in the next section.
193 These commands can be supplied on the command line
194 or at a prompt when operating interactively.
195 .Bl -tag -width indent
197 Report the current WPA/EAPOL/EAP status for the current interface.
199 Show the current interface name.
200 The default interface is the first interface found in the socket path.
205 This command can be used to test the status of the
209 Report MIB variables (dot1x, dot11) for the current interface.
212 .It Ic interface Op Ar ifname
213 Show available interfaces and/or set the current interface
214 when multiple interfaces are available.
215 .It Ic level Ar debug_level
216 Change the debugging level in
217 .Xr wpa_supplicant 8 .
218 Larger numbers generate more messages.
220 Display the full license for
223 Send the IEEE 802.1X EAPOL state machine into the
227 Send the IEEE 802.1X EAPOL state machine into the
230 .It Ic set Op Ar settings
232 When no arguments are supplied, the known variables and their settings
235 Show the contents of the PMKSA cache.
237 Force a reassociation to the current access point.
241 to re-read its configuration file.
242 .It Ic preauthenticate Ar BSSID
243 Force preauthentication of the specified
245 .It Ic identity Ar network_id identity
246 Configure an identity for an SSID.
247 .It Ic password Ar network_id password
248 Configure a password for an SSID.
249 .It Ic new_password Ar network_id password
250 Change the password for an SSID.
251 .It Ic PIN Ar network_id pin
252 Configure a PIN for an SSID.
253 .It Ic passphrase Ar network_id passphrase
254 Configure a private key passphrase for an SSID.
255 .It Ic bssid Ar network_id bssid
256 Set a preferred BSSID for an SSID
257 .It Ic blacklist Op Ar bssid | clear
258 Add a BSSID to the blacklist.
259 When invoked without any extra arguments, display the blacklist.
264 to clear the blacklist.
266 List configured networks.
267 .It Ic select_network Ar network_id
268 Select a network and disable others.
269 .It Ic enable_network Ar network_id
271 .It Ic disable_network Ar network_id
275 .It Ic remove_network Ar network_id
277 .It Ic set_network Op Ar network_id variable value
278 Set network variables.
279 Shows a list of variables when run without arguments.
280 .It Ic get_network Ar network_id variable
281 Get network variables.
283 Disconnect and wait for reassociate/reconnect command before connecting.
287 but only takes effect if already disconnected.
289 Request new BSS scan.
291 Get the latest BSS scan results.
292 This command can be invoked after running a BSS scan with
294 .It Ic bss Op Ar idx | bssid
295 Get a detailed BSS scan result for the network identified by
299 .It Ic otp Ar network_id password
300 Configure a one-time password for an SSID.
305 .It Ic interface_add Ar ifname Op Ar confname driver ctrl_interface driver_param bridge_name
306 Add a new interface with the given parameters.
307 .It Ic interface_remove Ar ifname
308 Remove the interface.
309 .It Ic interface_list
310 List available interfaces.
316 .Xr wpa_supplicant.conf 5 ,
321 utility first appeared in
326 utility was written by
327 .An Jouni Malinen Aq Mt j@w1.fi .
328 This manual page is derived from the
332 files included in the