由于企业安全管理要求,需要验证上网。验证方式是账号密码+802.1x
目前先调研了一下方案,还没有实施,大概调研结果如下:
先参考:https://jlk.fjfi.cvut.cz/arch/manpages/man/netctl.profile.5
以及:https://wiki.archlinux.org/index.php/WPA_supplicant#Advanced_usage
https://jlk.fjfi.cvut.cz/arch/manpages/man/wpa_supplicant.conf.5
netctl的关键选项:
Next to the ip options, the following are understood for connections of the ‘ethernet’ type: Auth8021X= Set to ‘yes’ to use 802.1x authentication. WPAConfigFile= Path to a wpa_supplicant configuration file. Defaults to /etc/wpa_supplicant.conf. WPADriver= The wpa_supplicant driver to use for 802.1x authentication. Defaults to ‘wired’.
wpa的关键选项:
/etc/wpa_supplicant/wpa_supplicant-wired-adapter.conf ctrl_interface=/var/run/wpa_supplicant ap_scan=0 network={ key_mgmt=IEEE8021X eap=PEAP identity="user_name" password="user_password" phase2="autheap=MSCHAPV2" }
测试一下,好使了,如图:
如果同样的配置换成无线网卡呢?
只需要调整wpa_supplicant.conf即可
[root@T7 netctl]# cat /etc/wpa_supplicant.conf ctrl_interface=DIR=/var/run/wpa_supplicant network={ ssid="XX" key_mgmt=WPA-EAP eap=PEAP identity="cxxxxxx" password="Cxxxxx" phase2="autheap=MSCHAPV2" }
见:man wpa_supplicant.conf 中的配置例子二。