|
|
我在论坛上搜了一下,基本上没有实达DHCP上网的贴子,就伊甸园有一篇贴子讨论过,但是用实达的拨号上网的人肯定很多,特别是学校里,我希望同我一样情况的人大家一起讨论讨论,搞定的人共享一下经验.
我在win下用Star Supplicant 2.31通过网卡拨到交换机上认证上网,即DHCP了,在linux找了两个软件xsupplicant和mdc-ssd,后一个听说不能在2.6的内核下运行,所以就选择xsupplicant了,依赖openssl-0.9.7包.我去它官方网站(www.open1x.org)下了最新的源码包1.2的装上了.这是我的1x.conf默认配置,不知道改哪些东西了.
# This is an example configuration file for xsupplicant versions after 0.8b.
### GLOBAL SECTION
# network_list: defines all of the networks in this file which
# should be kept in memory and used.Comma delimited list or "all"
# for keeping all defined configurations in memory. For efficiency,
# keep only the networks you might roam to in memory.
# To avoid errors, make sure your default network is always
# in the network_list. In general, you will want to leave this set to
# "all".
network_list = all
#network_list = default, test1, test2
# default_netname: some users may actually have a network named "default".
# since "default" is a keyword in the network section below, you can
# change which is to be used as the replacement for this keyword
default_netname = default
#default_netname = my_defaults
# In the startup_command, first_auth_command, and reauth_command you can
# use "%i" to have xsupplicant fill in the interface that is being used.
# This allows a single network profile to work across different wireless
# cards.
# startup_command: the command to run when xsupplicant is first started.
# this command can do things such as configure the card to associate with
# the network properly.
startup_command = echo "some command"
# first_auth_command: the command to run when xsupplicant authenticates to
# a wireless network for the first time. This will usually be used to
# start a DHCP client process.
first_auth_command = dhclient %i
# reauth_command: the command to run when xsupplicant reauthenticates to a
# wireless network. This may be used to have the dhcp client rerequest
# it's IP address.
reauth_command = echo "authenticated user %i"
# When running in daemon, or non-foreground mode, you may want to have the
# output of the program. So, define a log file here. Each time XSupplicant
# is started, this file will be replaced. So, there is no need to roll the
# log file.
logfile = /var/log/xsupplicant.log
# The auth_period, held_period, and max_starts modify the timers in the state
# machine. (Please reference the 802.1x spec for info on how they are used.)
# For most people, there is no reason to define these values, as the defaults
# should work.
#auth_period = 30
#held_period = 30
#max_starts = 3
# Defining an interface in "allow_interfaces" will bypass the rules that
# xsupplicant uses to determine if an interface is valid. For most people
# this setting shouldn't be needed. It is useful for having xsupplicant
# attempt to authenticate on interfaces that don't appear to be true
# physical interfaces. (i.e. Virtual interfaces such as eth0:1)
#allow_interfaces = eth0, wlan0
# Defining an interface in "deny_interfaces" will prevent xsupplicant from
# attempting to authenticate on a given interface. This is useful if you
# know that you will never do 802.1x on a specific interface. However,
# allows will take priority over denies, so defining the same interface in
# the allow_interfaces, and deny_interfaces will result in the interface
# being used.
#deny_interfaces = eth1
### NETWORK SECTION
# the general format of the network section is a network name followed
# by a group of variables
# network names may contain the following characters: a-z, A-Z, 0-9, '-',
# '_', '\', '/'
# Those interested in having an SSID with ANY character in it can use
# the ssid tag within the network clause. Otherwise, your ssid will
# be the name of the network.
## The default network is not a network itself. These values are
## the default used for any network parameters not overridden
## in another section. If it's not in your network configuration
## and not in your default, it won't work!!
default
{
# type: the type of this network. wired or wireless, if this value is not
# set, xsupplicant will attempt to determine if the interface is wired or
# wireless. In general, you should only need to define this when
# xsupplicant incorrectly identifies your network interface.
#type = wireless
# wireless_control : If this profile is forced to wired, this will not do
# anything. However, if the interface is forced, or detected to be wireless
# XSupplicant will take control of re/setting WEP keys when the machine
# first starts, and when it jumps to a different AP. In general, you won't
# need to define, or set this value.
# wireless_control = yes
# allow_types: describes which EAP types this network will allow. The
# first type listed will be requested if the server tries to use something
# not in this list.
# allow_types = eap_tls, eap_md5, eap_gtc, eap-otp
allow_types = all
# identity: what to respond with when presented with an EAP Id Request
# Typically, this is the username for this network. Since this can
# be an arbitrary string, enclose within and
identity = myid@mynet.net
# Force xsupplicant to send it's packets to this destination MAC address.
# In most cases, this isn't needed, and shouldn't be defined.
#dest_mac = 00:aA:bB:cC:dD:eE
## method-specific parameters are kept in the method
eap_tls {
user_cert = /path/to/certificate
user_key = /path/to/private/key
user_key_pass = password for key
root_cert = /path/to/list/of/valid/roots
crl_dir = /path/to/dir/with/crl
chunk_size = 1398
random_file = /path/to/random/source
# To enable TLS session resumption, you need to set the following
# value to "yes". By default, session resumption is disabled.
#session_resume = yes
}
eap-md5 {
username = testuser
password = testuserpass!
}
eap-ttls {
user_cert = /path/to/certificate
#as in tls, define either a root certificate or a directory
# containing root certificates
#root_cert = /path/to/root/certificate
root_dir = /path/to/root/certificate/dir
crl_dir = /path/to/dir/with/crl
user_key = /path/to/private/key
user_key_pass = password for key
chunk_size = 1398
random_file = /path/to/random/source
cncheck = myradius.radius.com # Verify the server certificate
# has this value in it's CN field.
cnexact = yes # Should it be an exact match?
#session_resume = yes
# phase2_type defines which phase2 to actually DO. You
# MUST define one of these.
phase2_type = chap
## These are definitions for the different methods you might
## do at phase2. only the one specified above will be used
## but it is valid to leave more than one here for convenience
## and easy switching.
pap {
username = papuser
password = pappasswd
}
chap {
username = chapuser
password = chappasswd
}
mschap {
username = mschapuser
password = mschappasswd
}
mschapv2 {
username = mschapv2user
password = mschapv2passwd
}
}
eap-leap {
username = leapuser
password = leapuserpass!
}
eap-mschapv2 {
username = eapmschapv2user
password = eapmschapv2userpass!
}
eap-peap {
user_cert = /path/to/certificate
root_dir = /path/to/root/certificate/dir
crl_dir = /path/to/dir/with/crl
user_key = /path/to/private/key
user_key_pass = password for key
chunk_size = 1398
random_file = /path/to/random/source
cncheck = myradius.radius.com # Verify the server certificate
# has this value in it's CN field.
cnexact = yes # Should it be an exact match?
session_resume = yes
#Currently 'all' is just mschapv2
#If no allow_types is defined, all is assumed
allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM
#allow_types = eap_mschapv2
# right now you can do any of these methods in PEAP:
eap-mschapv2 {
username = phase2mschapv2
password = phase2mschapv2pass
}
}
eap-sim {
# In order to obtain the IMSI from the SIM card, the password
# *MUST* be defined here! Otherwise, you need to specify your
# IMSI as the username below.
username = simuser
password = simuserpass!
auto_realm = yes
}
}
# In this network definition, "test1" is the friendly name. It can match
# the essid of the network, which means you won't have to set the "ssid"
# variable. However, if it doesn't match, you need to set the "ssid"
# variable in order for the network to be detected correctly.
test1
{
type = wired
# ssid: you should not define this unless you have characters
# other than those specified above in the ssid of your network
ssid = mvemjsnp
allow_types = all
identity = Check this out- any char!#$
}
test2
{
# ssid: you should not define this unless you have characters
# other than those specified above in the ssid of your network
ssid = up to 32 character ASCII string
identity = testuser@testnet.com
allow_types = eap-tls
type = wireless
}
test3
{
# ssid: you should not define this unless you have characters
# other than those specified above in the ssid of your network
ssid = foo-network!
type = wired
identity= this will work too
}
可参考:
http://www.linuxsir.cn/forum.php ... hlight=%CA%B5%B4%EF |
|
IP卡
狗仔卡
发表于 2004-6-2 11:47:09
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主