当前时区为 UTC + 8 小时



发表新帖 回复这个主题  [ 3 篇帖子 ] 
作者 内容
1 楼 
 文章标题 : [其它]xsupplicant.conf文件该怎么修改?
帖子发表于 : 2006-10-02 17:27 

注册: 2006-10-01 10:50
帖子: 3
送出感谢: 0 次
接收感谢: 0 次
小弟我是一名在校大学生,需要上校园网,于是,我下载了最新版本的xsupplicant港湾网络802.1x软件,但不知道如何正确配置,请各位高手帮忙。(我们学校用的是eap_md5)
以下是原始配置文件:


#network_list = default, test1, test2
network_list = all


#default_netname = default

# When using the startup_command, first_auth_command, and reauth_command
## directives, "%i" will be expanded to the interface name. This allows a
# single network profile to work across different interfaces.

# The command to run when xsupplicant is first started.

startup_command = xsupplicant echo "xsupplicant startup"<END_COMMAND>

# The command to run when xsupplicant authenticates to a network for the
# first time. This will usually be used to start a DHCP client process.

#first_auth_command = <BEGIN_COMMAND>dhclient %i<END_COMMAND>

# The command to run when xsupplicant reauthenticates to a network.

#reauth_command = <BEGIN_COMMAND>echo "reauthenticated %i"<END_COMMAND>

# Where the supplicant should log to, (xsupplicant will create a new log
# file on each invocation).
logfile = /var/log/xsupplicant.log

# The auth_period, held_period, and max_starts directives modify the
# timers in the state machine. (Please reference the 802.1x spec for info
# on how they are used.) For most people, there is no reason to define
# these values, as the defaults should work.

#auth_period = 30
#held_period = 30
#max_starts = 10

# For most people, the default setting for "allmulti" will work just fine.
# In some cases however wireless cards have been known to not work when
# ALLMULTI is enabled, (such as certain Orinoco cards with older drivers).
# If allmulti is set to no, xsupplicant will not attempt to change the state
# of the setting in the driver so you should make sure to do an "ifconfig
# ethX -allmulti".

#allmulti = no

# Defining an interface in "allow_interfaces" will bypass the rules that
# xsupplicant uses to determine if an interface is valid. For most people
# this setting shouldn't be needed. It is useful for having xsupplicant
# attempt to authenticate on interfaces that don't appear to be true
# physical interfaces, (i.e. virtual interfaces such as eth0:1).

allow_interfaces = eth0, wlan0

# Defining an interface in "deny_interfaces" will prevent xsupplicant from
# attempting to authenticate on a given interface. This is useful if you
# know that you will never do 802.1x on a specific interface. However,
# allows will take priority over denies, so defining the same interface in
# the allow_interfaces, and deny_interfaces will result in the interface
# being used.

#deny_interfaces = eth1

##########################################################################
# NETWORK SECTION #
##########################################################################

# the general format of the network section is a network name followed
# by a group of variables

# network names may contain the following characters: a-z, A-Z, 0-9, '-',
# '_', '\', and '/'. Those interested in having an SSID with ANY character
# in it can use the ssid tag within the network clause. Otherwise, your
# ssid will be the name of the network.

## The default network is not a network itself. These values are the
## default used for any network parameters not overridden in another
## section. If it's not in your network configuration and not in your
## default, it won't work!!

default
{
# The type of this network. wired or wireless, if this value is not set,
# xsupplicant will attempt to determine if the interface is wired or
# wireless. In general, you should only need to define this when
# xsupplicant incorrectly identifies your network interface.
type = wired

# If this profile is forced to wired, this will not do anything.
# However, if the interface is forced, or detected to be wireless
# xsupplicant will take control of re/setting WEP keys when the machine
# first starts, and when it jumps to a different AP. In general, you
# won't need to define, or set this value.
wireless_control = yes

# Describes which EAP types this network will allow. The first type
# listed will be requested if the server tries to use something not in
# this list.
#allow_types = eap_tls, eap_md5, eap_gtc, eap-otp
allow_types = all

# What to respond with when presented with an EAP Id Request. Typically,
# this is the username for this network. Since this can be an arbitrary
# string, enclose within <BEGIN_ID> and <END_ID>
identity = <BEGIN_UNAME>papuser<END_UNAME>

# Force xsupplicant to send it's packets to this destination MAC address.
# In most cases, this isn't needed, and shouldn't be defined.
#dest_mac = 00:aA:bB:cC:dD:eE

## Method-specific parameters are kept in the method
eap_tls {
user_cert = /etc/xsupplicant/tls/client.crt
user_key = /etc/xsupplicant/tls/client.key
user_key_pass = <BEGIN_PASS>password for key<END_PASS>
root_cert = /etc/xsupplicant/tls/ca.crt
#root_dir = /etc/xsupplicant/ca/
crl_dir = /etc/xsupplicant/tls
chunk_size = 1398
random_file = /etc/xsupplicant/tls/random

# To enable TLS session resumption, you need to set the following
# value to "yes". By default, session resumption is disabled.
#session_resume = yes
}

eap-md5 {
username = <BEGIN_UNAME>papuser<END_UNAME>
password = <BEGIN_PASS>pappasswd<END_PASS>
}

eap-ttls {
user_cert = /etc/xsupplicant/tls/client.crt
user_key = /etc/xsupplicant/tls/client.key
user_key_pass = <BEGIN_PASS>password for key<END_PASS>
root_cert = /etc/xsupplicant/tls/ca.crt
#root_dir = /etc/xsupplicant/ca/
crl_dir = /etc/xsupplicant/tls
chunk_size = 1398
random_file = /etc/xsupplicant/tls/random

# Verify the server certificate has this value in it's CN field.
cncheck = myradius.radius.com

#session_resume = yes

# Should it be an exact match?
cnexact = yes

# phase2_type defines which phase2 to *actually* do. You MUST define
# one of these.
phase2_type = pap

## These are definitions for the different methods you might do at
## phase2. only the one specified above will be used but it is valid
## to leave more than one here for convenience and easy switching.
pap {
username = <BEGIN_UNAME>papuser<END_UNAME>
password = <BEGIN_PASS>pappasswd<END_PASS>
}
chap {
username = <BEGIN_UNAME>chapuser<END_UNAME>
password = <BEGIN_PASS>chappasswd<END_PASS>
}
mschap {
username = <BEGIN_UNAME>mschapuser<END_UNAME>
password = <BEGIN_PASS>mschappasswd<END_PASS>
}
mschapv2 {
username = <BEGIN_UNAME>mschapv2user<END_UNAME>
password = <BEGIN_PASS>mschapv2passwd<END_PASS>
}
}

eap-leap {
username = <BEGIN_UNAME>leapuser<END_UNAME>
password = <BEGIN_PASS>leapuserpass!<END_PASS>
}

eap-mschapv2 {
username = <BEGIN_UNAME>eapmschapv2user<END_UNAME>
password = <BEGIN_PASS>eapmschapv2userpass!<END_PASS>
}

eap-peap {
user_cert = /etc/xsupplicant/tls/client.crt
user_key = /etc/xsupplicant/tls/client.key
user_key_pass = <BEGIN_PASS>password for key<END_PASS>
root_cert = /etc/xsupplicant/tls/ca.crt
#root_dir = /etc/xsupplicant/ca/
crl_dir = /etc/xsupplicant/tls
chunk_size = 1398
random_file = /etc/xsupplicant/tls/random

# Verify the server certificate has this value in it's CN field.
cncheck = myradius.radius.com

# Should it be an exact match?
cnexact = yes

session_resume = yes

# Currently 'all' is just mschapv2 If no allow_types is defined, all
# is assumed.
#allow_types = eap_mschapv2
allow_types = MD5 # where all = MSCHAPv2, MD5, OTP, GTC, SIM

# Right now you can do any of these methods in PEAP.
eap-mschapv2 {
username = <BEGIN_UNAME>phase2mschapv2<END_UNAME>
password = <BEGIN_PASS>phase2mschapv2pass<END_PASS>
}
}

eap-sim {

# In order to obtain the IMSI from the SIM card, the password *MUST*
# be defined here! Otherwise, you need to specify your IMSI as the
# username below.
username = <BEGIN_UNAME>simuser<END_UNAME>
password = <BEGIN_PASS>simuserpass!<END_PASS>
auto_realm = yes
}
}

# In this network definition, "test1" is the friendly name. It can match
# the essid of the network, which means you won't have to set the "ssid"
# variable. However, if it doesn't match, you need to set the "ssid"
# variable in order for the network to be detected correctly.
test1
{
type = wired
# # You should not define this unless you have characters other than those
# # specified above in the ssid of your network
ssid = 04123127
#
allow_types = md5
identity = 04123127
#
#}


#test2
#{
# # You should not define this unless you have characters other than those
# # specified above in the ssid of your network
# ssid = <BEGIN_SSID>up to 32 character ASCII string<END_SSID>
# identity = <BEGIN_ID>testuser@testnet.com<END_ID>
#
# allow_types = eap-tls
# type = wireless
#}

#test3
#{
# # You should not define this unless you have characters other than those
# # specified above in the ssid of your network
# ssid = <BEGIN_SSID>foo-network!<END_SSID>
#
# type = wired
#
# identity= <BEGIN_ID>this will work too<END_ID>
#}


页首
 用户资料  
 
2 楼 
 文章标题 :
帖子发表于 : 2006-10-02 17:35 
头像

注册: 2006-09-30 1:08
帖子: 759
地址: QingDao
送出感谢: 0 次
接收感谢: 0 次
我也上不了网


页首
 用户资料  
 
3 楼 
 文章标题 : [分享]
帖子发表于 : 2006-11-20 9:26 

注册: 2006-11-18 22:33
帖子: 6
送出感谢: 0 次
接收感谢: 0 次
在网上看上这样改的:
1、 找到 identity = <BEGIN_ID>myid@mynet.net<END_ID> 这一行
myid@mynet.net 改成你的用户名
2、 找到
eap-md5 {
username = <BEGIN_UNAME>testuser<END_UNAME>
password = <BEGIN_PASS>testuserpass!<END_PASS>
}
分别把testuser和testuserpass! 字段改成你的用户名和密码

我用的CentOS4.4 试了一下,不行


页首
 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 3 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:Exabot [Bot] 和 2 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
本站点为公益性站点,用于推广开源自由软件,由 DiaHosting VPSBudgetVM VPS 提供服务。
我们认为:软件应可免费取得,软件工具在各种语言环境下皆可使用,且不会有任何功能上的差异;
人们应有定制和修改软件的自由,且方式不受限制,只要他们自认为合适。

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
简体中文语系由 王笑宇 翻译