For testing radius, use eapol_test.

From memory, the original app-wireless will validate with Radius as it is, no need for any fixing. I think the fixing is only needed if you are running remote access points, but I'm not sure if it works with Domain logins. I never tested that. I think only one or two fields are changed in hostapd to get radius working.

there is also a forum thread somewhere on using Radius to allocate wireless VLANs for guest use only.

I've shared the doc with you. My memory is a bit rusty on the details.

[edit]
There is a way of command-line testing, but I'm blowed if I can remember it. I may have it somewhere. Also the mailing lists are good but you must produce the debug output or they'll cane you.
[/edit]

can you send me the documentation to fix it?

It will probably have to be done in slow time.

Also, if you are using it, app-radius is broken so much from its design intent that it actually works (to an extent) but fails with domain authentication. I do have a document to fix it from about 2 years ago but there was no ROI to fix it. I only really know one user using it. It also uses a deprecated method for storing AP settings.

Please bring it to clearos.

work still needs to be done on the radius authentication.

Great. The start/stop button now works.

I've compiled your packages and have them on my server. I had to run "clearos spec" to regenerate the spec file which bumped the version and changed another couple of lines in it. They can be installed with:

wget https://www.howitts.co.uk/clearos/ClearOS_7.x/app-wireless-ap-1.1.0-1.devel.noarch.rpm

wget https://www.howitts.co.uk/clearos/ClearOS_7.x/app-wireless-ap-core-1.1.0-1.devel.noarch.rpm

yum localinstall app-wireless-ap*

If you want, I'll have to see about bringing then into ClearOS formally. I guess I'd need to clone your repos then set up koji to build them. Would you be interested?

It works now.

Hi Todd,
Did you ever get the start/stop button working at the same time as the "Running" indicator. I did try playing with your code but never cracked it. I'll have to have a look at some point.

I've made some updates to the wireless-ap code.
I fixed some of the glitches and tried to stream line the settings.

I usually do a prep before installing the rpm .

yum install -y \

hostapd \

wireless-tools \

m2crypto \

python2-future \

libntlm \

wpa_supplicant



# Regulatory Rules are @

# /usr/lib/udev/rules.d/85-regulatory.rules

ip link set dev wlp5s0 down

iw reg set US



#Set power to wifi modules

iw dev wlp5s0 set txpower fixed 20mBm 

iwconfig wlp5s0 txpower 20



# Turn off power saving features.

iw dev wlp5s0 set power_save off



#Check Power / Settings

iwconfig wlp5s0

 

rpm -ivh app-wireless*

I've worked out the reboot. I set to US with IW and through the interface then rebooted and it works on manual channel selection again but not automatic.

[root@microserver ~]# iw list

Wiphy phy0

        max # scan SSIDs: 4

        max scan IEs length: 2257 bytes

        max # sched scan SSIDs: 0

        max # match sets: 0

        RTS threshold: 2347

        Retry short limit: 7

        Retry long limit: 4

        Coverage class: 0 (up to 0m)

        Device supports RSN-IBSS.

        Supported Ciphers:

                * WEP40 (00-0f-ac:1)

                * WEP104 (00-0f-ac:5)

                * TKIP (00-0f-ac:2)

                * CCMP (00-0f-ac:4)

                * 00-0f-ac:10

                * GCMP (00-0f-ac:8)

                * 00-0f-ac:9

                * CMAC (00-0f-ac:6)

                * 00-0f-ac:13

                * 00-0f-ac:11

                * 00-0f-ac:12

        Available Antennas: TX 0 RX 0

        Supported interface modes:

                 * IBSS

                 * managed

                 * AP

                 * AP/VLAN

                 * monitor

                 * P2P-client

                 * P2P-GO

        Band 1:

                Capabilities: 0x186e

                        HT20/HT40

                        SM Power Save disabled

                        RX HT20 SGI

                        RX HT40 SGI

                        No RX STBC

                        Max AMSDU length: 7935 bytes

                        DSSS/CCK HT40

                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)

                Minimum RX AMPDU time spacing: 16 usec (0x07)

                HT Max RX data rate: 150 Mbps

                HT TX/RX MCS rate indexes supported: 0-7, 32

                Bitrates (non-HT):

                        * 1.0 Mbps

                        * 2.0 Mbps

                        * 5.5 Mbps

                        * 11.0 Mbps

                        * 6.0 Mbps

                        * 9.0 Mbps

                        * 12.0 Mbps

                        * 18.0 Mbps

                        * 24.0 Mbps

                        * 36.0 Mbps

                        * 48.0 Mbps

                        * 54.0 Mbps

                Frequencies:

                        * 2412 MHz [1] (20.0 dBm)

                        * 2417 MHz [2] (20.0 dBm)

                        * 2422 MHz [3] (20.0 dBm)

                        * 2427 MHz [4] (20.0 dBm)

                        * 2432 MHz [5] (20.0 dBm)

                        * 2437 MHz [6] (20.0 dBm)

                        * 2442 MHz [7] (20.0 dBm)

                        * 2447 MHz [8] (20.0 dBm)

                        * 2452 MHz [9] (20.0 dBm)

                        * 2457 MHz [10] (20.0 dBm)

                        * 2462 MHz [11] (20.0 dBm)

                        * 2467 MHz [12] (disabled)

                        * 2472 MHz [13] (disabled)

                        * 2484 MHz [14] (disabled)

        Supported commands:

                 * new_interface

                 * set_interface

                 * new_key

                 * start_ap

                 * new_station

                 * set_bss

                 * authenticate

                 * associate

                 * deauthenticate

                 * disassociate

                 * join_ibss

                 * remain_on_channel

                 * set_tx_bitrate_mask

                 * frame

                 * frame_wait_cancel

                 * set_wiphy_netns

                 * set_channel

                 * set_wds_peer

                 * probe_client

                 * set_noack_map

                 * register_beacons

                 * start_p2p_device

                 * set_mcast_rate

                 * connect

                 * disconnect

                 * set_qos_map

                 * Unknown command (121)

        Supported TX frame types:

                 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0

                 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0

                 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0

                 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0

                 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0

                 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0

                 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0

                 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0

        Supported RX frame types:

                 * IBSS: 0x40 0xb0 0xc0 0xd0

                 * managed: 0x40 0xd0

                 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0

                 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0

                 * mesh point: 0xb0 0xc0 0xd0

                 * P2P-client: 0x40 0xd0

                 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0

                 * P2P-device: 0x40 0xd0

        software interface modes (can always be added):

                 * AP/VLAN

                 * monitor

        interface combinations are not supported

        HT Capability overrides:

                 * MCS: ff ff ff ff ff ff ff ff ff ff

                 * maximum A-MSDU length

                 * supported channel width

                 * short GI for 40 MHz

                 * max A-MPDU length exponent

                 * min MPDU start spacing

        Device supports TX status socket option.

        Device supports HT-IBSS.

        Device supports SAE with AUTHENTICATE command

        Device supports low priority scan.

        Device supports scan flush.

        Device supports AP scan.

        Device supports per-vif TX power setting

        Driver supports full state transitions for AP/GO clients

        Driver supports a userspace MPM

        Device supports configuring vdev MAC-addr on create.

I'll reset back to EU and reboot, but I'm going out soon for the evening.

you need to reboot for the country code to take effect.

Can you run "iw list" and post the output.

I've done:

iw reg set EU

and put channel selection back to auto. Hostapd starts for about 10s then fails:

[root@microserver ~]

# service hostapd-multi status
Redirecting to /bin/systemctl status hostapd-multi.service
● hostapd-multi.service - Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Loaded: loaded (/usr/lib/systemd/system/hostapd-multi.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2019-08-14 19:11:46 BST; 9s ago
Process: 31721 ExecStartPost=/usr/bin/systemctl unset-environment HOSTAPD_CONFIGS (code=exited, status=0/SUCCESS)
Process: 31708 ExecStart=/usr/sbin/hostapd $HOSTAPD_CONFIGS -P /run/hostapd.pid -B (code=exited, status=0/SUCCESS)
Process: 31670 ExecStartPre=/usr/sbin/hostapd-multi (code=exited, status=0/SUCCESS)
Main PID: 31719 (hostapd)
Tasks: 1
Memory: 608.0K
CGroup: /system.slice/hostapd-multi.service
└─31719 /usr/sbin/hostapd /etc/hostapd/hostapd-wlp0s16u3.conf -P /run/hostapd.pid -B

Aug 14 19:11:46 microserver.howitts.local hostapd[31708]: Configuration file: /etc/hostapd/hostapd-wlp0...nf
Aug 14 19:11:46 microserver.howitts.local hostapd[31708]: wlp0s16u3: interface state UNINITIALIZED->COU...TE
Hint: Some lines were ellipsized, use -l to show in full.

[root@microserver ~]# service hostapd-multi status -l
Redirecting to /bin/systemctl status -l hostapd-multi.service
● hostapd-multi.service - Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Loaded: loaded (/usr/lib/systemd/system/hostapd-multi.service; disabled; vendor preset: disabled)
Active: inactive (dead)

Aug 14 11:35:53 microserver.howitts.local hostapd[3699]: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf
Aug 14 11:35:53 microserver.howitts.local hostapd[3699]: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE
Aug 14 11:46:18 microserver.howitts.local hostapd[3718]: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf
Aug 14 11:46:18 microserver.howitts.local hostapd[3718]: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE
Aug 14 11:46:57 microserver.howitts.local hostapd[5889]: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf
Aug 14 11:46:57 microserver.howitts.local hostapd[5889]: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE
Aug 14 12:19:05 microserver.howitts.local hostapd[8855]: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf
Aug 14 12:19:05 microserver.howitts.local hostapd[8855]: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE
Aug 14 19:11:46 microserver.howitts.local hostapd[31708]: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf
Aug 14 19:11:46 microserver.howitts.local hostapd[31708]: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE
[/code]

Starting hostapd in debug mode (adding -dd to the unit file) gives:

Aug 14 19:21:03 microserver hostapd: random: Trying to read entropy from /dev/random

Aug 14 19:21:03 microserver hostapd: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf

Aug 14 19:21:03 microserver hostapd: ctrl_interface_group=0

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:1

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:5

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:2

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:4

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:10

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:8

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:9

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:6

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:13

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:11

Aug 14 19:21:03 microserver hostapd: nl80211: Supported cipher 00-0f-ac:12

Aug 14 19:21:03 microserver hostapd: nl80211: Using driver-based off-channel TX

Aug 14 19:21:03 microserver hostapd: nl80211: Driver-advertised extended capabilities (default) - hexdump(len=8): 00 00 00 00 00 00 00 40

Aug 14 19:21:03 microserver hostapd: nl80211: Driver-advertised extended capabilities mask (default) - hexdump(len=8): 00 00 00 00 00 00 00 40

Aug 14 19:21:03 microserver hostapd: nl80211: interface wlp0s16u3 in phy phy0

Aug 14 19:21:03 microserver hostapd: nl80211: Set mode ifindex 4 iftype 3 (AP)

Aug 14 19:21:03 microserver hostapd: nl80211: Setup AP(wlp0s16u3) - device_ap_sme=0 use_monitor=0

Aug 14 19:21:03 microserver hostapd: nl80211: Subscribe to mgmt frames with AP handle 0x231e010

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) nl_handle=0x231e010 match=

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0x0 (WLAN_FC_STYPE_ASSOC_REQ) nl_handle=0x231e010 match=

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0x20 (WLAN_FC_STYPE_REASSOC_REQ) nl_handle=0x231e010 match=

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xa0 (WLAN_FC_STYPE_DISASSOC) nl_handle=0x231e010 match=

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xc0 (WLAN_FC_STYPE_DEAUTH) nl_handle=0x231e010 match=

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0x40 (WLAN_FC_STYPE_PROBE_REQ) nl_handle=0x231e010 match=

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=04

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=0501

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=0503

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=0504

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=06

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=08

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=09

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=0a

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=11

Aug 14 19:21:03 microserver hostapd: nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x231e010 match=7f

Aug 14 19:21:03 microserver hostapd: rfkill: initial event: idx=0 type=1 op=0 soft=0 hard=0

Aug 14 19:21:03 microserver hostapd: nl80211: Add own interface ifindex 4 (ifidx_reason -1)

Aug 14 19:21:03 microserver hostapd: nl80211: if_indices[16]: 4(-1)

Aug 14 19:21:03 microserver hostapd: phy: phy0

Aug 14 19:21:03 microserver hostapd: BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)

Aug 14 19:21:03 microserver hostapd: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE

Aug 14 19:21:03 microserver hostapd: Previous country code 00, new country code EU

Aug 14 19:21:03 microserver hostapd: Continue interface setup after channel list update

Aug 14 19:21:03 microserver hostapd: ctrl_iface not configured!

Now I can't get it to start with manual channel selection and changing the country code to US does not help. I guess I need to investigate the last message.

I also notice in the system log:

Aug 14 19:11:57 microserver engine: exception: error: /usr/clearos/apps/base/libraries/Shell.php (227): /bin/ls: cannot access /var/run/hostapd.pid: No such file or directory

Aug 14 19:11:57 microserver engine: exception: debug backtrace: /usr/clearos/apps/base/libraries/File.php (434): execute

Aug 14 19:11:57 microserver engine: exception: debug backtrace: /usr/clearos/apps/base/libraries/File.php (228): get_size

Aug 14 19:11:57 microserver engine: exception: debug backtrace: /usr/clearos/apps/base/libraries/File.php (210): get_contents_as_array

Aug 14 19:11:57 microserver engine: exception: debug backtrace: /usr/clearos/apps/base/libraries/Daemon.php (342): get_contents

Aug 14 19:11:57 microserver engine: exception: debug backtrace: /usr/clearos/apps/base/libraries/Daemon.php (303): get_process_id

Aug 14 19:11:57 microserver engine: exception: debug backtrace: /usr/clearos/apps/base/libraries/Daemon.php (424): get_running_state

Aug 14 19:11:57 microserver engine: exception: debug backtrace: /usr/clearos/apps/base/controllers/daemon.php (105): get_status

Aug 14 19:11:57 microserver engine: exception: debug backtrace: GUI (0): status

Aug 14 19:11:57 microserver engine: exception: debug backtrace: /usr/clearos/framework/system/core/CodeIgniter.php (535): call_user_func_array

Aug 14 19:11:57 microserver engine: exception: debug backtrace: /usr/clearos/framework/htdocs/app/index.php (224): require_once

I think this is the start/stop widget.

My adapter is 802.11n but the app wouldn't start with automatic channel selection.

I made the update to the file watch utility

I'm using the app-wireless_ap name space because I want to create another app for app-wireless_client.
I'm trying to make something to replace cradle point.


You might have to set your country code before Automatic channel selection works. ( Maybe your adapter doesn't supported it, I'll have to see how to check if an adapter supports it)

Set your country by using

iw reg set US

I added country update to the code.


I think its safe to safe that if the adapter doesn't support 802.11n , then it probably doesn't support automatic channel selection. Since ACS is required by 802.11n, I'll only enable it if ht40 is detected.
https://wireless.wiki.kernel.org/en/users/Documentation/acs


I could also parse the supported ciphers list to give better options on the wpa key
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP (00-0f-ac:4)
* CMAC (00-0f-ac:6)
* 00-0f-ac:13
* 00-0f-ac:11
* 00-0f-ac:12

I can also add multiple ssid support by parsing
valid interface combinations:
* #{ AP, mesh point } <= 8, #{ managed } <= 1,
total <= 8, #channels <= 1, STA/AP BI must match

Hmm. I now cannot even start it at the command line. Not quite true. It starts then pretty much immediately dies.

[root@microserver ~]# service hostapd-multi start

Redirecting to /bin/systemctl start hostapd-multi.service



[root@microserver ~]# service hostapd-multi status -l

Redirecting to /bin/systemctl status  -l hostapd-multi.service

● hostapd-multi.service - Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator

   Loaded: loaded (/usr/lib/systemd/system/hostapd-multi.service; disabled; vendor preset: disabled)

   Active: active (running) since Wed 2019-08-14 11:18:14 BST; 7s ago

  Process: 552 ExecStartPost=/usr/bin/systemctl unset-environment HOSTAPD_CONFIGS (code=exited, status=0/SUCCESS)

  Process: 534 ExecStart=/usr/sbin/hostapd $HOSTAPD_CONFIGS -P /run/hostapd.pid -B (code=exited, status=0/SUCCESS)

  Process: 512 ExecStartPre=/usr/sbin/hostapd-multi (code=exited, status=0/SUCCESS)

 Main PID: 535 (hostapd)

    Tasks: 1

   Memory: 608.0K

   CGroup: /system.slice/hostapd-multi.service

           └─535 /usr/sbin/hostapd /etc/hostapd/hostapd-wlp0s16u3.conf -P /run/hostapd.pid -B



Aug 14 11:18:14 microserver.howitts.local hostapd[534]: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf

Aug 14 11:18:14 microserver.howitts.local hostapd[534]: HT (IEEE 802.11n) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling HT capabilities

Aug 14 11:18:14 microserver.howitts.local hostapd[534]: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE



[root@microserver ~]# service hostapd-multi status -l

Redirecting to /bin/systemctl status  -l hostapd-multi.service

● hostapd-multi.service - Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator

   Loaded: loaded (/usr/lib/systemd/system/hostapd-multi.service; disabled; vendor preset: disabled)

   Active: inactive (dead)



Aug 14 11:16:59 microserver.howitts.local hostapd[26933]: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf

Aug 14 11:16:59 microserver.howitts.local hostapd[26933]: HT (IEEE 802.11n) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling HT capabilities

Aug 14 11:16:59 microserver.howitts.local hostapd[26933]: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE

Aug 14 11:18:14 microserver.howitts.local hostapd[534]: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf

Aug 14 11:18:14 microserver.howitts.local hostapd[534]: HT (IEEE 802.11n) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling HT capabilities

Aug 14 11:18:14 microserver.howitts.local hostapd[534]: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE

/var/log/messages gives:

Aug 14 11:18:14 microserver hostapd: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf

Aug 14 11:18:14 microserver hostapd: HT (IEEE 802.11n) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling HT capabilities

Aug 14 11:18:14 microserver hostapd: wlp0s16u3: interface state UNINITIALIZED->COUNTRY_UPDATE

Not much help. You'd have thought that even disabling HT, it would work with 802.11g

More playing. Adding:

wpa_pairwise=TKIP CCMP

to the .conf gets rid of the HT/802.11n problem, but I think only CCMP is recommended now for WPA2 (I am learning as I am problem solving.....).

I solved the startup issue by changing the Channel Selection from Automatic to a manually allocated channel. I have not researched this any more so I don't know why automatic would not be working. If it helps I can give you an "iw list" for the adaptor.

The Start/Stop button does nothing (it probably tries hostapd but my hostapd.conf is missing for the moment). I've no idea where the behaviour of the button is kept - possibly /usr/clearos/apps/wireless_ap/controllers/wireless_ap.php but changing hostapd to hostapd-multi breaks the status and does not fix the button. Trying to debug this, looking at the hostapd docs for ctrl_interface, you hay have been able to run multiple instances of hostapd, so one per interface, by changing this line. It may also have allowed hostapd and hostapd-multi to run side-by-side. Also, in your systemd unit file would it be better to use a pid file of hostapd-multi? Again it did not fix the button so I am shooting in the dark.

The file watcher is probably a little incorrect as it is watching for changes to:

.*\.conf

That should probably be:

hostapd-.*\.conf

or

hostapd-w.*\.conf

to exclude hostapd.conf, but otherwise appears to work quite nicely if I change settings through the Webconfig or manually.

I have spoken to Dave and he is happy for your app to take over the app-wireless name space, although your app possibly just needs testing with Radius. It may also give a bit of a nightmare (slight overstatement) as you may have to find a way of copying his hostapd.conf into your interface specific one with a deploy/upgrade script which fires once only (maintain a state file in /var/clearos/wireless which you just touch when installing your app once you have done the migration and test for its existence and don't do the upgrade script if the file exists. This is pretty standard for some of the deploy/upgrade scripts)

I think I address your issues.

I added the checks
detect 5260 MHz channel , display 5.0 GHz as an option
detect 2412 MHz channel, display 2.4 GHz as an option
Detect HT40 -> display 802.11n
Detect VHT Capabilities -> display 802.11ac

Technically your wifi can see 802.11n and 802.11ac but cannot transmit in either protocol.

according to
https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf

VHT capabilites indicate 802.11ac support. Maybe your wifi adapter implemented only viewing 802.11ac netrwork.

# Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz),
# g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used
# with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this
# needs to be set to hw_mode=a. When using ACS (see channel parameter), a
# special value "any" can be used to indicate that any support band can be used.
# This special case is currently supported only with drivers with which
# offloaded ACS is used.

If I remove the line, hostapd-multi starts OK.

The Webconfig Start/Stop widget, however, tries to start hostapd and not hostapd-multi.

In the Settings screen, the Network Type looks wrong. See the screenshot.

Remove the last line from the config file
hostapd_configuasdfd

That's a variable left over from debugging. I removed the variable, it should write the config file correctly. now.

I'll make the changes.

I can parse devices capabilities to determine if it supports 2.4ghz, 5.0ghz, 802.11n or 802.11ac.

Hi Todd,
I've had a little play and I can't quickly get going:
1 - Please change the filename "gitignore.txt" to ".gitignore"
2 - you have a typo in a couple of places in the Webconfig. "Eanble" should read "Enable"
3 - When I tried to start the app it failed giving an error relating to the configuration in hostapd.conf which I did not think you were reading
4 - The webconfig allows you to add configs not valid for your NIC. My NIC is only 802.11n on 2.4GHz, but the webconfig defaults to 5Ghz and 802.11ac enabled.
5 - The app seems to be starting hostapd even if I manually do a "service hostapd-multi start", so I had to move my hostapd.conf out of the way.
6 - The app appears to give a faulty config:

[root@microserver ~]# service hostapd-multi start

Redirecting to /bin/systemctl start hostapd-multi.service

Job for hostapd-multi.service failed because the control process exited with error code. See "systemctl status hostapd-multi.service" and "journalctl -xe" for details.



[root@microserver ~]# service hostapd-multi status -l

Redirecting to /bin/systemctl status  -l hostapd-multi.service

● hostapd-multi.service - Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator

   Loaded: loaded (/usr/lib/systemd/system/hostapd-multi.service; disabled; vendor preset: disabled)

   Active: failed (Result: exit-code) since Tue 2019-08-13 15:53:41 BST; 16s ago

  Process: 18721 ExecStart=/usr/sbin/hostapd $HOSTAPD_CONFIGS -P /run/hostapd.pid -B (code=exited, status=1/FAILURE)

  Process: 18703 ExecStartPre=/usr/sbin/hostapd-multi (code=exited, status=0/SUCCESS)



Aug 13 15:53:41 microserver.howitts.local hostapd[18721]: Configuration file: /etc/hostapd/hostapd-wlp0s16u3.conf

Aug 13 15:53:41 microserver.howitts.local hostapd[18721]: Line 57: unknown configuration item 'hostapd_configuasdfd'

Aug 13 15:53:41 microserver.howitts.local hostapd[18721]: HT (IEEE 802.11n) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling HT capabilities

Aug 13 15:53:41 microserver.howitts.local hostapd[18721]: 1 errors found in configuration file '/etc/hostapd/hostapd-wlp0s16u3.conf'

Aug 13 15:53:41 microserver.howitts.local hostapd[18721]: Failed to set up interface with /etc/hostapd/hostapd-wlp0s16u3.conf

Aug 13 15:53:41 microserver.howitts.local hostapd[18721]: Failed to initialize interface

Aug 13 15:53:41 microserver.howitts.local systemd[1]: hostapd-multi.service: control process exited, code=exited status=1

Aug 13 15:53:41 microserver.howitts.local systemd[1]: Failed to start Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator.

Aug 13 15:53:41 microserver.howitts.local systemd[1]: Unit hostapd-multi.service entered failed state.

Aug 13 15:53:41 microserver.howitts.local systemd[1]: hostapd-multi.service failed.

This suggests a config file issue. hostapd-wlp0s16u3.conf reads:

interface=wlp0s16u3

driver=nl80211

ctrl_interface=/var/run/hostapd

ctrl_interface_group=0

wds_sta=1

ssid=Microserver

hw_mode=g

channel=acs

max_num_sta=128

disassoc_low_ack=1

auth_algs=1

wpa=2

wpa_key_mgmt=WPA-PSK

wpa_passphrase=******

country_code=EU

ieee80211n=1

ht_capab=[DSSS_CCK-40][MAX-AMSDU-7935][SHORT-GI-40][SHORT-GI-20]

vht_capab=[MAX-A-MPDU-LEN-EXP3]

uapsd_advertisement_enabled=1

wmm_enabled=1

wmm_ac_bk_cwmin=4

wmm_ac_bk_cwmax=10

wmm_ac_bk_aifs=7

wmm_ac_bk_txop_limit=0

wmm_ac_bk_acm=0

wmm_ac_be_aifs=3

wmm_ac_be_cwmin=4

wmm_ac_be_cwmax=10

wmm_ac_be_txop_limit=0

wmm_ac_be_acm=0

wmm_ac_vi_aifs=2

wmm_ac_vi_cwmin=3

wmm_ac_vi_cwmax=4

wmm_ac_vi_txop_limit=9

wmm_ac_vi_acm=0

wmm_ac_vo_aifs=2

wmm_ac_vo_cwmin=2

wmm_ac_vo_cwmax=3

wmm_ac_vo_txop_limit=47

wmm_ac_vo_acm=0

tx_queue_data3_aifs=7

tx_queue_data3_cwmin=15

tx_queue_data3_cwmax=1023

tx_queue_data3_burst=0

tx_queue_data2_aifs=3

tx_queue_data2_cwmin=15

tx_queue_data2_cwmax=63

tx_queue_data2_burst=0

tx_queue_data1_aifs=1

tx_queue_data1_cwmin=7

tx_queue_data1_cwmax=15

tx_queue_data1_burst=3.0

tx_queue_data0_aifs=1

tx_queue_data0_cwmin=3

tx_queue_data0_cwmax=7

tx_queue_data0_burst=1.5

hostapd_configuasdfd=/etc/hostapd/hostapd-wlp0s16u3.conf

chanlist=9 8 7 6 5 4 3 2 1 

7 - A language line appears to be missing for current_chanlist

I rewrote the wireless ap. Its allot cleaner now. I was also very careful make expensive calls only once.

https://gitlab.com/gs_clearos/app-wireless-ap/tree/master

I did notice 2 glitches in clearsos.
1st. You can not develop javascript in the dev inviroment. it keeps trying to redirect the javascript to
/apps/approot/wireless_ap/htdocs/wireless_ap.js.php
instead of
/app/wireless_ap/htdocs/wireless_ap.js.php

2. When trying edit the settings, the div tags for the header are not closed correctly.
I have to close 2 div tags or else it doesn't display correctly.

The headers on the main app page don't have this issue.

.... Also, if you're right about the regexes, perhaps ".*\.conf" would be better than ".*.conf" (which is just about the same as .*conf)

I've just edited my php code. I missed a couple of lines.

Never mind. I saw what I did wrong. Had the irregular expression all wrong.
It works. now.

<?xml version="1.0" encoding="ISO-8859-1"?>

<!-- ClearSync Hostapd Configuration Watch -->

<plugin name="HostapdConfigurationWatch" library="libcsplugin-filewatch.so" stack-size="65536">

  <action-group name="HostapdRestart" delay="3">

    <action>sudo /usr/bin/systemctl condrestart hostapd-multi</action>

  </action-group>



  <on-modify type="pattern" path="/etc/hostapd" action-group="HostapdRestart">.*.conf</on-modify>

  <on-create type="pattern" path="/etc/hostapd" action-group="HostapdRestart">.*.conf</on-create>

  <on-delete type="pattern" path="/etc/hostapd" action-group="HostapdRestart">.*.conf</on-delete>

</plugin>

<!--

  vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2

-->

I think it ready to be tested by others now.
I think I'm going to go back and clean up the code, now that I have an idea of what I'm doing.

I'll have to have a play tomorrow with the watcher.

Doing a restart in your code is also OK. In the classes section of your code add:

use \clearos\apps\base\Shell as Shell;

clearos_load_library('base/Shell');

Then you can do a:

$shell = new Shell();

$shell->Execute('/usr/bin/systemctl', 'restart hostapd-multi', TRUE);

[edit]
I missed a couple of lines
[/edit]

It doesn't. I can't figure it out. I guess I can do a execute a shell command to restart the service, but that doesn't seem like the most secure thing to do.
Plus, i think I would have to add service command in the suder file. Doesn't seem secure.

..... and does it work now?

Thanks for the help.
Updated the file to

<?xml version="1.0" encoding="ISO-8859-1"?>

<!-- ClearSync Hostapd Configuration Watch -->

<plugin name="HostapdConfigurationWatch" library="libcsplugin-filewatch.so" stack-size="65536">

  <action-group name="HostapdRestart" delay="3">

    <action>sudo /usr/bin/systemctl condrestart hostapd-multi</action>

  </action-group>



  <on-modify type="pattern" path="/etc/hostapd" action-group="HostapdRestart">*.conf</on-modify>

  <on-create type="pattern" path="/etc/hostapd" action-group="HostapdRestart">*.conf</on-create>

  <on-delete type="pattern" path="/etc/hostapd" action-group="HostapdRestart">*.conf</on-delete>

</plugin>

<!--

  vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2

-->

You shouldn't have to restart the clearsync service as there is a watcher for new files, but it is buggy. I can fix it with a horrible kludge, but no one is happy with the kludge. (The problem is that clearsync is not allowed to restart itself; my workaround is for clearsync to kill itself, at which point it starts itself up again; messy). Perhaps you can restart it as part of the deploy/install script,

You have not spotted the problem with my file. Lines ending </on-create> and </on-delete> should also start <on-create> and <on-delete> and not <on-modify>. A classic c&p error.

As usual I am just shutting down so can't look until tomorrow.

I can't get the filewatch to work.

To test. I manually credit the file in
/etc/clearsync.d

<?xml version="1.0" encoding="ISO-8859-1"?>

<!-- ClearSync Hostapd Configuration Watch -->

<plugin name="HostapdConfigurationWatch" library="libcsplugin-filewatch.so" stack-size="65536">

  <action-group name="HostapdRestart" delay="3">

    <action>sudo /usr/bin/systemctl condrestart hostapd-multi</action>

  </action-group>



  <on-modify type="pattern" path="/etc/hostapd" action-group="HostapdRestart">*.conf</on-modify>

  <on-modify type="pattern" path="/etc/hostapd" action-group="HostapdRestart">*.conf</on-create>

  <on-modify type="pattern" path="/etc/hostapd" action-group="HostapdRestart">*.conf</on-delete>

</plugin>

<!--

  vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2

-->

I then reloaded clearsync

 /bin/systemctl restart clearsync.service

For your file watcher (reloading the service after any change), create a file, /etc/clearsync.d/filewatch-hostapd-multi.conf and in it put something like:

<?xml version="1.0" encoding="ISO-8859-1"?>

<?xml version="1.0" encoding="ISO-8859-1"?>

<!-- ClearSync Hostapd Configuration Watch -->

<plugin name="HostapdConfigurationWatch" library="libcsplugin-filewatch.so" stack-size="65536">

  <action-group name="HostapdRestart" delay="3">

    <action>sudo /usr/bin/systemctl condrestart hostapd-multi</action>

  </action-group>



  <on-modify type="pattern" path="/etc/hostapd" action-group="HostapdRestart">^hostapd-.*\.conf</on-modify>

  <on-modify type="pattern" path="/etc/hostapd" action-group="HostapdRestart">^hostapd-.*\.conf</on-create>

  <on-modify type="pattern" path="/etc/hostapd" action-group="HostapdRestart">^hostapd-.*\.conf</on-delete>

</plugin>

<!--

  vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2

-->

Remember to add it to info.php. In Gitlab it needs to go under /packaging. Check the filename regex that you are watching is right. I'd also think about reducing the 3 second delay. This is all based on cribbing without full knowledge so some of my modding of /etc/clearsync.d/filewatch-firewall.conf may be wrong and it has not been tested. You can test by modifying the action to perhaps do a "logger" message (if the sudoers permit it) then touching and deleting files and so on

I can't help with the start/stop button.

You also need a deploy/upgrade script to do your daemon-reload and a deploy/uninstall to remove your own conf files in /etc/hostapd, but leave hostapd.conf there.

I made the changes.

Only thing left is to get the start and stop button working. Right now, clicking it does nothing.
I also need to reload the service after any file change.

I've just been looking at the systemctl documentation, and it looks like you can do a "systemctl is-active hostapd" in your /usr/bin/hostapd-multi, or even "systemctl is-active hostapd --quiet" if you just wanted to test the return code. Either will save your grepping and sed bits.

Looking at your RPM's, there is no deploy/upgrade. Create a really simple one:

#!/bin/sh



# Do a daemon-reload for a new unit file

#---------------------------------------



/usr/bin/systemctl daemon-reload

This should get packaged automatically when you run the "clearos spec" command, but remember to give it 0755 permissions before you commit it.

You also need to package your daemon monitor, if this is what you mean by the configlet which watches for changes to the hostapd-*.conf files. Assuming you have called it filewatch-hostapd-multi.conf, you need to put it in your packaging folder. Then try changing info.php from:

$app['core_file_manifest'] = array(

    'hostapd-multi.php'=> array('target' => '/var/clearos/base/daemon/hostapd.php'),

    'hostapd-multi.service'=> array(

        'target' => '/usr/lib/systemd/system/hostapd-multi.service',

        'mode' => '0755'

    ),

    'hostapd-multi'=> array(

        'target' => '/usr/sbin/hostapd-multi',

        'mode' => '0755'

    ),

);

to:

$app['core_file_manifest'] = array(

    'hostapd-multi.php'=> array('target' => '/var/clearos/base/daemon/hostapd.php'),

    'hostapd-multi.service'=> array(

        'target' => '/usr/lib/systemd/system/hostapd-multi.service',

        'mode' => '0755'

    ),

    'hostapd-multi'=> array(

        'target' => '/usr/sbin/hostapd-multi',

        'mode' => '0755'

    ),

    'filewatch-hostapd-multi.conf'=> array('target' => '/etc/clearsync.d/filewatch-hostapd-multi.conf'),

);

I don't think permissions (mode) are important in this case as I think they default to 0644 which is what you want. Once you've done this, you'll need to run "clearos spec" to regenerate your spec file.

Note I don't think your change to:

    'hostapd-multi.service'=> array(

        'target' => '/usr/lib/systemd/system/hostapd-multi.service',

        'mode' => '0755'

    ),

is correct. Systemd will complain if the unit file has any execute permissions. They are best left as 0644, so you can revert the line to mine.

BTW, you can change /nextcloud/ in .gitignore file to /app-wireless/. That was a c&p error of mine.

I uploaded the files to dropbox

I've attached the rpm files.

1 - What do you mean by daemon-monitor
2 - put the daemon-reload command in a deploy/upgrade script and remember to give it 0755 permissions before you package it.

Can you share your RPM? I know we have TZ problem so I won't be able to look at it until tomorrow.

I installed the clearos dev environment and created the rpms. I worked out some of the package install bugs.
The 2 issues I have with install rpm is
1. The daemon monitor no longer works.
2. I have to manually type " systemctl daemon-reload" to get the new hostapd-multi service to start working.

[edit]
.... or push your changes to your repo so I can then pick them up.
[/edit]

For development work in ClearOS, have a look at ClearOS Developer, especially the "Step 4 - Create Your Development Environment" section. Put your app under /home/{your_development_username}/aps/your_app_name. If the app you are developing is app-wireless, your_app_name is just "wireless". This keeps all your PHP code (really, anything which installs under /usr/clearos/apps) isolated from the original code. Where it won't help is with things like your listener or conf files which fall outside the folder structure.

For the SSID, a google of "SSID regex" turned up this. You'd have to convert it to PHP, but there are quite a few regex testing sites that you could check your regex with such as Regex101.com

thanks for all the help.