## This is a sample configuration file for xsupplicant that explains
## All currently configurable functionality. In general, this file is a
## series of tag-value pairs. In addition to a tag and a value, there is
## also a "network id" to group different tag-value pairs together.
## the file is parsed linearly, so redundant tags with the same network
## id will take the value of the last line. If no network name is provided
## on the command line (using the -n flag) then the network id "default"
## is parsed.
# the id tag indicates what value to return for an EAP Identity request
# in the case of EAP-SIM, this is the IMSI.
default:id =
xsupplicant-user@somedomain.com #comment here
## spaces don't matter, this will work too
# default : id =
xsupplicant-uesr@somedomain.com
## the path to the certificate file to be used for the above user
## this option is only useful for TLS authentication
## this should be the path of your user-certificate
default : cert = /etc/1x/certs/xsupplicant-user.cer
## the path to the private key of the user for the user certificate
## this option is only useful for TLS authentication
default : key = /home/xsupplicant-user/myprivatekey.pem
## the path to file containing all valid CAroots
## This option is needed for all TLS-based authentication types:
## TLS, TTLS, PEAP, etc...
default :root = /etc/1x/certs/CAroot.pem
## I have no idea if this does anything
default :auth = none
#default:auth = EAP
## Force this connection to wired or wireless.
## Needed in situations where wired drivers answer ioctls for wireless cards.
## Specifically, some intel cards with current drivers.
## YOU SHOULDN'T USE THIS WITH THE DEFAULT PROFILE! IT WILL PREVENT
## ANY WIRELESS CARDS FROM WORKING! USE THE -w SWITCH INSTEAD!
#default:type = wireless
#default:type = wired
## preferred auth type
## Valid types are: TLS, MD5, TTLS, MSCHAPV2, PEAP, and SIM*
## * - SIM requires --enable-eap-sim at configure time.
default : pref = tls
## password for the connection. This is optional, if you want the supplicant
## to authenticate without prompting for a password.
#default : password = <password>
## Phase 2 auth method for TTLS. (Currently, PAP, CHAP, MS-CHAP, or MS-CHAPv2)
## For PEAP, there is only MS-CHAPv2, so this does nothing.
default : phase2auth = PAP
## Phase 2 username (for using anonymous in the phase 1 piece).
## If this isn't defined, it defaults to the same as the phase 1 piece.
#default : phase2id =
username@domain.org
## chunk size
default : chunk_size = 1398
## random file to use
default : random_file = /dev/random
## Shell command to run after the FIRST successful authentication
## command MUST begin with a "/" (absolute path)
default : first_auth = "/sbin/dhclient eth0"
## shell command to run after ALL successful authentications
## the current semantics are that if first_auth is also defined,
## only it is run the first time and after_auth is run ever other time
## if first_auth is not defined, after_auth is run after ALL authentications
## including the first.
## command MUST begin with a "/" (absolute path)
default : after_auth = "/bin/echo I authenticated"