802.1x网络认证
IEEE 802.1x
是网络认证主机的标准,通常在大型网络,如校园网络或公司网络中使用,用于无线或有线网络认证。
在配置无线网络时候,需要使用以下工具命令:
wpa_supplicant
-wpa_supplicant
是支持使用WPA和WPA2(IEEE 802.11i/RSN)协议的的Linux, BSD, Mac OS X,Windows工具命令。iw
ip
ping
软件包安装
Linux使用wpa_supplicant
软件来实现 802.1x认证。在Ubuntu中,需要安装wpasupplicant
apt install wpasupplicant
基本配置
编辑
/etc/wpa_supplicant.conf
添加以下内容
# Where is the control interface located? This is the default path:
ctrl_interface=/var/run/wpa_supplicant
# Who can use the WPA frontend? Replace "0" with a group name if you
# want other users besides root to control it.
# There should be no need to chance this value for a basic configuration:
ctrl_interface_group=0
# IEEE 802.1X works with EAPOL version 2, but the version is defaults
# to 1 because of compatibility problems with a number of wireless
# access points. So we explicitly set it to version 2:
eapol_version=2
# When configuring WPA-Supplicant for use on a wired network, we don’t need to
# scan for wireless access points. See the wpa-supplicant documentation if
# you are authenticating through 802.1x on a wireless network:
ap_scan=0
无线网络配置
配置
/etc/wpa_supplicant.conf
添加
network={
ssid="YOURSSID"
key_mgmt=WPA-EAP
eap=PEAP
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
identity="user@your_domain"
password="your_password"
}
上述配置和在MacBook上安装Gentoo中有关配置802.1x相同,如果使用NetworkManager也可以参考Ubuntu Touch手机设置802.1x无线网络
启动无线:
wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf
无线认证通过后,启动dhclient
dhclient wlp3s0
也可以重新加载 network 脚本
/etc/init.d/networking reload
上述手工执行任务成功以后,就可以修改成启动配置:修改
/etc/network/interfaces
auto wlp3s0
iface wlp3s0 inet dhcp
pre-up wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf
post-down killall -q wpa_supplicant
有线网络配置
以下案例为有线网络IEEE 802.1x,使用EAP-Tunnelled传输层安全,使用PAP和MD5作为认证协议,不使用证书:
network={
key_mgmt=IEEE8021X
eap=TTLS MD5
identity="myloginname"
anonymous_identity="myloginname"
password="mypassword"
phase1="auth=MD5"
phase2="auth=PAP password=mypassword"
eapol_flags=0
}
测试网络:
sudo wpa_supplicant -c /etc/wpa_supplicant.conf -D wired -i eth0
连接Pretected EAP(PEAP)
修改
/etc/network/interfaces
auto lo
iface lo inet loopback
auto wlan0
iface wlan0 inet dhcp
wireless-mode Managed
wpa-ssid **censored**
wpa-ap-scan 1
wpa-proto RSN WPA
wpa-pairwise CCMP TKIP
wpa-group CCMP TKIP
wpa-key-mgmt WPA-EAP
wpa-eap PEAP
wpa-identity **censored**
wpa-password **censored**
wpa-phase1 fast_provisioning=1
wpa-pac-file /home/kyle/Downloads/chain2.cer
执行以下命令连接
sudo ifconfig wlan0 down
sudo ifconfig wlan0 up
sudo dhclient wlan0 -v
参考
Last updated
Was this helpful?