802.1x网络认证
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
IEEE 802.1x
是网络认证主机的标准,通常在大型网络,如校园网络或公司网络中使用,用于无线或有线网络认证。
在配置无线网络时候,需要使用以下工具命令:
wpa_supplicant
- wpa_supplicant
是支持使用WPA和WPA2(IEEE 802.11i/RSN)协议的的Linux, BSD, Mac OS X,Windows工具命令。
iw
ip
ping
Linux使用wpa_supplicant
软件来实现 802.1x认证。在Ubuntu中,需要安装wpasupplicant
apt install wpasupplicant
编辑/etc/wpa_supplicant.conf
添加以下内容
# Where is the control interface located? This is the default path:
ctrl_interface=/var/run/wpa_supplicant
# Who can use the WPA frontend? Replace "0" with a group name if you
# want other users besides root to control it.
# There should be no need to chance this value for a basic configuration:
ctrl_interface_group=0
# IEEE 802.1X works with EAPOL version 2, but the version is defaults
# to 1 because of compatibility problems with a number of wireless
# access points. So we explicitly set it to version 2:
配置/etc/wpa_supplicant.conf
添加
network={
ssid="YOURSSID"
key_mgmt=WPA-EAP
eap=PEAP
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
identity="user@your_domain"
password="your_password"
}
上述配置和在MacBook上安装Gentoo中有关配置802.1x相同,如果使用NetworkManager也可以参考Ubuntu Touch手机设置802.1x无线网络
启动无线:
wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf
无线认证通过后,启动dhclient
dhclient wlp3s0
也可以重新加载 network 脚本
/etc/init.d/networking reload
上述手工执行任务成功以后,就可以修改成启动配置:修改/etc/network/interfaces
auto wlp3s0
iface wlp3s0 inet dhcp
pre-up wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf
post-down killall -q wpa_supplicant
以下案例为有线网络IEEE 802.1x,使用EAP-Tunnelled传输层安全,使用PAP和MD5作为认证协议,不使用证书:
network={
key_mgmt=IEEE8021X
eap=TTLS MD5
identity="myloginname"
anonymous_identity="myloginname"
password="mypassword"
phase1="auth=MD5"
phase2="auth=PAP password=mypassword"
eapol_flags=0
}
测试网络:
sudo wpa_supplicant -c /etc/wpa_supplicant.conf -D wired -i eth0
修改/etc/network/interfaces
auto lo
iface lo inet loopback
auto wlan0
iface wlan0 inet dhcp
wireless-mode Managed
wpa-ssid **censored**
wpa-ap-scan 1
wpa-proto RSN WPA
wpa-pairwise CCMP TKIP
wpa-group CCMP TKIP
wpa-key-mgmt WPA-EAP
wpa-eap PEAP
wpa-identity **censored**
wpa-password **censored**
wpa-phase1 fast_provisioning=1
wpa-pac-file /home/kyle/Downloads/chain2.cer
执行以下命令连接
sudo ifconfig wlan0 down
sudo ifconfig wlan0 up
sudo dhclient wlan0 -v