[daily][netctl] netctl有线网络连接使用802.1x进行验证上网

 

由于企业安全管理要求,需要验证上网。验证方式是账号密码+802.1x

 

目前先调研了一下方案,还没有实施,大概调研结果如下:

先参考:https://jlk.fjfi.cvut.cz/arch/manpages/man/netctl.profile.5

以及:https://wiki.archlinux.org/index.php/WPA_supplicant#Advanced_usage

https://jlk.fjfi.cvut.cz/arch/manpages/man/wpa_supplicant.conf.5

 

netctl的关键选项:

Next to the ip options, the following are understood for connections of the ‘ethernet’ type:
Auth8021X=
Set to ‘yes’ to use 802.1x authentication.
WPAConfigFile=
Path to a wpa_supplicant configuration file. Defaults to /etc/wpa_supplicant.conf.
WPADriver=
The wpa_supplicant driver to use for 802.1x authentication. Defaults to ‘wired’.

wpa的关键选项:

/etc/wpa_supplicant/wpa_supplicant-wired-adapter.conf

ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
network={
  key_mgmt=IEEE8021X
  eap=PEAP
  identity="user_name"
  password="user_password"
  phase2="autheap=MSCHAPV2"
}

 

测试一下,好使了,如图:

 

 

如果同样的配置换成无线网卡呢?

只需要调整wpa_supplicant.conf即可

[root@T7 netctl]# cat /etc/wpa_supplicant.conf 
ctrl_interface=DIR=/var/run/wpa_supplicant
network={
        ssid="XX"
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="cxxxxxx"
        password="Cxxxxx"
        phase2="autheap=MSCHAPV2"
}

 

见:man wpa_supplicant.conf 中的配置例子二。

 

posted on 2018-04-04 18:37  toong  阅读(1392)  评论(0编辑  收藏  举报