> For the complete documentation index, see [llms.txt](https://huataihuang.gitbook.io/cloud-atlas-draft/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://huataihuang.gitbook.io/cloud-atlas-draft/os/linux/ubuntu/system_administration/network/802.1x_authentication.md). # 802.1x网络认证 `IEEE 802.1x`是网络认证主机的标准,通常在大型网络,如校园网络或公司网络中使用,用于无线或有线网络认证。 在配置无线网络时候,需要使用以下工具命令: * `wpa_supplicant` - `wpa_supplicant`是支持使用WPA和WPA2(IEEE 802.11i/RSN)协议的的Linux, BSD, Mac OS X,Windows工具命令。 * `iw` * `ip` * `ping` ## 软件包安装 Linux使用`wpa_supplicant`软件来实现 802.1x认证。在Ubuntu中,需要安装`wpasupplicant` ``` apt install wpasupplicant ``` ## 基本配置 * 编辑`/etc/wpa_supplicant.conf`添加以下内容 ```bash # Where is the control interface located? This is the default path: ctrl_interface=/var/run/wpa_supplicant # Who can use the WPA frontend? Replace "0" with a group name if you # want other users besides root to control it. # There should be no need to chance this value for a basic configuration: ctrl_interface_group=0 # IEEE 802.1X works with EAPOL version 2, but the version is defaults # to 1 because of compatibility problems with a number of wireless # access points. So we explicitly set it to version 2: eapol_version=2 # When configuring WPA-Supplicant for use on a wired network, we don’t need to # scan for wireless access points. See the wpa-supplicant documentation if # you are authenticating through 802.1x on a wireless network: ap_scan=0 ``` ### 无线网络配置 > 参考 [Configuring 802.1X Authentication in Linux](https://www.nowiressecurity.com/configure-8021x-authentication-linux) * 配置`/etc/wpa_supplicant.conf`添加 ``` network={ ssid="YOURSSID" key_mgmt=WPA-EAP eap=PEAP phase1="peaplabel=0" phase2="auth=MSCHAPV2" identity="user@your_domain" password="your_password" } ``` > 上述配置和[在MacBook上安装Gentoo](https://github.com/huataihuang/cloud-atlas-draft/tree/6f3204fffc11cf006abd394631e2598d98b415c3/os/linux/gentoo/install_gentoo_on_macbook/README.md)中有关配置802.1x相同,如果使用NetworkManager也可以参考[Ubuntu Touch手机设置802.1x无线网络](https://github.com/huataihuang/cloud-atlas-draft/tree/6f3204fffc11cf006abd394631e2598d98b415c3/os/develop/ubuntu_touch/802.1x_wireless_network_to_ubuntu_phone) 启动无线: ``` wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf ``` 无线认证通过后,启动dhclient ``` dhclient wlp3s0 ``` 也可以重新加载 network 脚本 ``` /etc/init.d/networking reload ``` * 上述手工执行任务成功以后,就可以修改成启动配置:修改`/etc/network/interfaces` ``` auto wlp3s0 iface wlp3s0 inet dhcp pre-up wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf post-down killall -q wpa_supplicant ``` ### 有线网络配置 以下案例为有线网络IEEE 802.1x,使用EAP-Tunnelled传输层安全,使用PAP和MD5作为认证协议,不使用证书: ``` network={ key_mgmt=IEEE8021X eap=TTLS MD5 identity="myloginname" anonymous_identity="myloginname" password="mypassword" phase1="auth=MD5" phase2="auth=PAP password=mypassword" eapol_flags=0 } ``` 测试网络: ``` sudo wpa_supplicant -c /etc/wpa_supplicant.conf -D wired -i eth0 ``` ## 连接Pretected EAP(PEAP) > 参考[How to connect to Protected EAP (PEAP) wifi via terminal](https://askubuntu.com/questions/682135/how-to-connect-to-protected-eap-peap-wifi-via-terminal) * 修改`/etc/network/interfaces` ``` auto lo iface lo inet loopback auto wlan0 iface wlan0 inet dhcp wireless-mode Managed wpa-ssid **censored** wpa-ap-scan 1 wpa-proto RSN WPA wpa-pairwise CCMP TKIP wpa-group CCMP TKIP wpa-key-mgmt WPA-EAP wpa-eap PEAP wpa-identity **censored** wpa-password **censored** wpa-phase1 fast_provisioning=1 wpa-pac-file /home/kyle/Downloads/chain2.cer ``` * 执行以下命令连接 ``` sudo ifconfig wlan0 down sudo ifconfig wlan0 up sudo dhclient wlan0 -v ``` ## 参考 * [Configuring 802.1X Authentication in Linux](https://www.nowiressecurity.com/configure-8021x-authentication-linux) * [Network802.1xAuthentication](https://help.ubuntu.com/community/Network802.1xAuthentication) * [How to connect to Protected EAP (PEAP) wifi via terminal](https://askubuntu.com/questions/682135/how-to-connect-to-protected-eap-peap-wifi-via-terminal) * [Connect to WiFi network from command line in Linux](https://www.blackmoreops.com/2014/09/18/connect-to-wifi-network-from-command-line-in-linux/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://huataihuang.gitbook.io/cloud-atlas-draft/os/linux/ubuntu/system_administration/network/802.1x_authentication.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.