802.1x网络认证

IEEE 802.1x是网络认证主机的标准,通常在大型网络,如校园网络或公司网络中使用,用于无线或有线网络认证。

在配置无线网络时候,需要使用以下工具命令:

  • wpa_supplicant - wpa_supplicant是支持使用WPA和WPA2(IEEE 802.11i/RSN)协议的的Linux, BSD, Mac OS X,Windows工具命令。

  • iw

  • ip

  • ping

软件包安装

Linux使用wpa_supplicant软件来实现 802.1x认证。在Ubuntu中,需要安装wpasupplicant

apt install wpasupplicant

基本配置

  • 编辑/etc/wpa_supplicant.conf添加以下内容

# Where is the control interface located? This is the default path:
ctrl_interface=/var/run/wpa_supplicant

# Who can use the WPA frontend? Replace "0" with a group name if you
#   want other users besides root to control it.
# There should be no need to chance this value for a basic configuration:
ctrl_interface_group=0

# IEEE 802.1X works with EAPOL version 2, but the version is defaults 
#   to 1 because of compatibility problems with a number of wireless
#   access points. So we explicitly set it to version 2:
eapol_version=2

# When configuring WPA-Supplicant for use on a wired network, we don’t need to
#   scan for wireless access points. See the wpa-supplicant documentation if
#   you are authenticating through 802.1x on a wireless network:
ap_scan=0

无线网络配置

  • 配置/etc/wpa_supplicant.conf添加

network={
    ssid="YOURSSID"
    key_mgmt=WPA-EAP
    eap=PEAP
    phase1="peaplabel=0"
    phase2="auth=MSCHAPV2"
    identity="user@your_domain"
    password="your_password"
}

启动无线:

wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf

无线认证通过后,启动dhclient

dhclient wlp3s0

也可以重新加载 network 脚本

/etc/init.d/networking reload

  • 上述手工执行任务成功以后,就可以修改成启动配置:修改/etc/network/interfaces

auto wlp3s0
iface wlp3s0 inet dhcp
    pre-up wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant.conf
    post-down killall -q wpa_supplicant

有线网络配置

以下案例为有线网络IEEE 802.1x,使用EAP-Tunnelled传输层安全,使用PAP和MD5作为认证协议,不使用证书:

network={
        key_mgmt=IEEE8021X
        eap=TTLS MD5
        identity="myloginname"
        anonymous_identity="myloginname"
        password="mypassword"
        phase1="auth=MD5"
        phase2="auth=PAP password=mypassword"
        eapol_flags=0
}

测试网络:

sudo wpa_supplicant -c /etc/wpa_supplicant.conf -D wired -i eth0

连接Pretected EAP(PEAP)

  • 修改/etc/network/interfaces

auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet dhcp
wireless-mode Managed
wpa-ssid **censored**
wpa-ap-scan 1
wpa-proto RSN WPA
wpa-pairwise CCMP TKIP
wpa-group CCMP TKIP
wpa-key-mgmt WPA-EAP
wpa-eap PEAP
wpa-identity **censored**
wpa-password **censored**
wpa-phase1 fast_provisioning=1
wpa-pac-file /home/kyle/Downloads/chain2.cer

  • 执行以下命令连接

sudo ifconfig wlan0 down
sudo ifconfig wlan0 up
sudo dhclient wlan0 -v

参考

PreviousUbuntu基本网络配置NextArch

Last updated

Was this helpful?