由于企业安全管理要求,需要验证上网。验证方式是账号密码+802.1x
目前先调研了一下方案,还没有实施,大概调研结果如下:
先参考:https://jlk.fjfi.cvut.cz/arch/manpages/man/netctl.profile.5
以及:https://wiki.archlinux.org/index.php/WPA_supplicant#Advanced_usage
https://jlk.fjfi.cvut.cz/arch/manpages/man/wpa_supplicant.conf.5
netctl的关键选项:
Next to the ip options, the following are understood for connections of the ‘ethernet’ type:
Auth8021X=
Set to ‘yes’ to use .1x authentication.
WPAConfigFile=
Path to a wpa_supplicant configuration file. Defaults to /etc/wpa_supplicant.conf.
WPADriver=
The wpa_supplicant driver to use for .1x authentication. Defaults to ‘wired’.
wpa的关键选项:
/etc/wpa_supplicant/wpa_supplicant-wired-adapter.conf ctrl_interface=/var/run/wpa_supplicant
ap_scan=
network={
key_mgmt=IEEE8021X
eap=PEAP
identity="user_name"
password="user_password"
phase2="autheap=MSCHAPV2"
}
测试一下,好使了,如图:
如果同样的配置换成无线网卡呢?
只需要调整wpa_supplicant.conf即可
[root@T7 netctl]# cat /etc/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant
network={
ssid="XX"
key_mgmt=WPA-EAP
eap=PEAP
identity="cxxxxxx"
password="Cxxxxx"
phase2="autheap=MSCHAPV2"
}
见:man wpa_supplicant.conf 中的配置例子二。