# This is an example configuration file for xsupplicant versions after 0.8b.

##########################################################################
#                              GLOBAL SECTION                            #
##########################################################################

# List of configured networks to keep in memory, expressed as a comma 
# seperated list or the keyword 'all'. For efficiency, keep only the 
# networks you use in this list and make sure that it includes your 
# default network.

#network_list = default, test1, test2
network_list = all

# Default network name to use when there is not an explicit match

#default_netname = my_defaults
default_netname = default

# When using the startup_command, first_auth_command, and reauth_command 
# directives, "%i" will be expanded to the interface name. This allows a 
# single network profile to work across different interfaces.

# The command to run when xsupplicant is first started.

startup_command = <BEGIN_COMMAND>echo "xsupplicant startup"<END_COMMAND>

# The command to run when xsupplicant authenticates to a network for the
# first time.  This will usually be used to start a DHCP client process.

first_auth_command = <BEGIN_COMMAND>dhclient %i<END_COMMAND>

# The command to run when xsupplicant reauthenticates to a network.

#reauth_command = <BEGIN_COMMAND>echo "reauthenticated %i"<END_COMMAND>

# Where the supplicant should log to, (xsupplicant will create a new log 
# file on each invocation).
logfile = /var/log/xsupplicant.log

# The auth_period, held_period, and max_starts directives modify the 
# timers in the state machine. (Please reference the 802.1x spec for info
# on how they are used.) For most people, there is no reason to define 
# these values, as the defaults should work.

#auth_period = 30
#held_period = 30
#max_starts = 3

# For most people, the default setting for "allmulti" will work just fine.  
# In some cases however wireless cards have been known to not work when 
# ALLMULTI is enabled, (such as certain Orinoco cards with older drivers).
# If allmulti is set to no, xsupplicant will not attempt to change the state
# of the setting in the driver so you should make sure to do an "ifconfig 
# ethX -allmulti".

#allmulti = no

# Defining an interface in "allow_interfaces" will bypass the rules that
# xsupplicant uses to determine if an interface is valid.  For most people
# this setting shouldn't be needed.  It is useful for having xsupplicant
# attempt to authenticate on interfaces that don't appear to be true
# physical interfaces, (i.e. virtual interfaces such as eth0:1).

allow_interfaces = eth0

# Defining an interface in "deny_interfaces" will prevent xsupplicant from
# attempting to authenticate on a given interface.  This is useful if you
# know that you will never do 802.1x on a specific interface.  However,
# allows will take priority over denies, so defining the same interface in
# the allow_interfaces, and deny_interfaces will result in the interface
# being used.

#deny_interfaces = eth1

##########################################################################
#                             NETWORK SECTION                            #
##########################################################################

# the general format of the network section is a network name followed
# by a group of variables 

# network names may contain the following characters: a-z, A-Z, 0-9, '-', 
# '_', '\', and '/'. Those interested in having an SSID with ANY character
# in it can use the ssid tag within the network clause. Otherwise, your 
# ssid will be the name of the network.

## The default network is not a network itself. These values are the 
## default used for any network parameters not overridden in another 
## section. If it's not in your network configuration and not in your 
## default, it won't work!!

default  
{ 
  # The type of this network. wired or wireless, if this value is not set,
  # xsupplicant will attempt to determine if the interface is wired or
  # wireless.  In general, you should only need to define this when 
  # xsupplicant incorrectly identifies your network interface.
  type = wired

  # If this profile is forced to wired, this will not do anything. 
  # However, if the interface is forced, or detected to be wireless 
  # xsupplicant will take control of re/setting WEP keys when the machine 
  # first starts, and when it jumps to a different AP.  In general, you 
  # won't need to define, or set this value.
  #wireless_control = yes

  # Describes which EAP types this network will allow. The first type 
  # listed will be requested if the server tries to use something not in 
  # this list.
  #allow_types = eap_tls, eap_md5, eap_gtc, eap-otp
  allow_types = eap_tls

  # What to respond with when presented with an EAP Id Request. Typically,
  # this is the username for this network. Since this can be an arbitrary 
  # string, enclose within <BEGIN_ID> and <END_ID>
  identity = <BEGIN_ID>client<END_ID>

  # Force xsupplicant to send it's packets to this destination MAC address.
  # In most cases, this isn't needed, and shouldn't be defined.
  #dest_mac = 00:aA:bB:cC:dD:eE

  ## Method-specific parameters are kept in the method
  eap_tls {
      user_cert      = /etc/xsupplicant/tls/client.pem 
      user_key       = /etc/xsupplicant/tls/client.pem
      user_key_pass  = <BEGIN_PASS>passphrase de la clef privée<END_PASS>
      root_cert      = /etc/xsupplicant/tls/ca.pem
      #root_dir      = /etc/xsupplicant/ca/
      crl_dir        = /etc/xsupplicant/tls
      chunk_size     = 1398
      random_file    = /etc/xsupplicant/tls/random

      # To enable TLS session resumption, you need to set the following
      # value to "yes".  By default, session resumption is disabled.
      #session_resume = yes
  }

}

# In this network definition, "test1" is the friendly name.  It can match
# the essid of the network, which means you won't have to set the "ssid"
# variable.  However, if it doesn't match, you need to set the "ssid"
# variable in order for the network to be detected correctly.
#test1
#{
#  type = wired
#  # You should not define this unless you have characters other than those
#  # specified above in the ssid of your network
#  ssid = <BEGIN_SSID>mvemjsnp<END_SSID>
#
#  allow_types = all
#  identity = <BEGIN_ID>Check this out- any char!#$<END_ID>
#
#}


#test2
#{
#  # You should not define this unless you have characters other than those 
#  # specified above in the ssid of your network
#  ssid = <BEGIN_SSID>up to 32 character ASCII string<END_SSID>
#  identity = <BEGIN_ID>testuser@testnet.com<END_ID>
#
#  allow_types = eap-tls
#  type = wireless
#}

#test3
#{
#  # You should not define this unless you have characters other than those 
#  # specified above in the ssid of your network
#  ssid = <BEGIN_SSID>foo-network!<END_SSID>
#
#  type = wired
#
#  identity= <BEGIN_ID>this will work too<END_ID>
#}