|
|
发表于 2003-7-1 20:05:54
|
显示全部楼层
这是白云上的一个贴子,我以前也是对着它搞的:
你可以看看
发信人: kaede (非典蘑菇~暂停学习Linux,复习泛函), 信区: Linux
标 题: 【汇总】Redhat linux 网络认证 之 傻瓜篇
发信站: 武汉白云黄鹤站 (2003年04月25日20:09:44 星期五), 站内信件
发信人: qiangweiyuji (蔷薇雨季)
发信站: 武汉白云黄鹤站 (2003年04月22日12:45:00 星期二)
首先,在此感谢lylon的无私帮助,如果不是他,我可能至今还不能用linux上网,技术只有在
交流中才能更快的发展,所以附上网络认证安装的详细过程,希望对那些至今还在为linux不
能上网而头痛的兄弟们有所帮助!
我的测试环境是redhat 7.3,8.0以及9.0-----其实不论是哪种版本,操作都是一样的.
准备工作:首先我们必需确保我们已经得到了343649-mdc-ssd-01.1.2-1.i386.rpm,这个
东东可以从下面的网址获得.
http://www.linuxforum.net/forum/files/343649-mdc-ssd-01.1.2-1.i386.rpm.gz
http://www.wohnheim.uni-mainz.de/~rw/802.1x/
http://www.open1x.org
或者大家可以从我的上传中得到-----总之,这时你的事情了.
在你的系统安装好后,用一张软盘把343649-mdc-ssd-01.1.2-1.i386.rpm(about 113KB)拷
到linux下面,这里我把他放在"/root/Desktop/"目录下,然后进入命令行模式,进入到/roo
t/Desktop目录下,执行"ls ",此时列出的文件中应该有343649-mdc-ssd-01.1.2-1.i386.r
pm,然后我们开始将其安装,用命令"
rpm -Uvh --nodeps 343649-mdc-ssd-01.1.2-1.i386.rpm
(注:有的下载到的可能是归档压缩后的----343649-mdc-ssd-01.1.2-1.i386.rpm.tar.gz,
这时要先解压缩后释放,\这里需要用命令tar zxvf 343649-mdc-ssd-01.1.2-1.i386.rpm
.tar.gz,执行此命令后,你会发现343649-mdc-ssd-01.1.2-1.i386.rpm.tar.gz已经变成了
343649-mdc-ssd-01.1.2-1.i386.rpm,下面你就可以按以上我们所说的来操作了).
执行rpm命令后会出现以下提示:
[root@wlyx soft]# rpm -Uvh --nodeps 343649-mdc-ssd-01.1.2-1.i386.rpm
Preparing... ###################################
#[100%]
package mdc-ssd-01.1.2-1 is already installed
[root@wlyx soft]#
此即说明mdc-ssd package已经安装成功,由于mdc-ssd使用了TLS认证,所以需要一些SSL的
库文件,下面我们要做链接,具体作法如下:
[root@wlyx soft]#cd /usr/lib
[root@wlyx lib]#ln -s libssl.so libssl.so.1
[root@wlyx lib]#ln -s libcrypto.so libcrypto.so.1
到此,我们已经完成了一般的工作了,下面我们要配置一下网卡先,在命令行提示下:
[root@wlyx lib]#redhat-config-network (或者你也可以
点击Control Panel中的Network Configuration,效果一样)
此时会弹出网卡配置的对话框,此时你最好使你的网卡处于"不活跃"的状态,然后对其进行
"编辑"或"Edit",在出现的对话框中选择"静态IP地址",然后填入你的IP,Subnet Mstk and
Gateway Address,填完后你要打开此对话框的第三个选项卡,把里面的两个勾打上,然后点
击一下第二个勾后面的"Probe"(即"探测"),随后确定即可.好了,网卡已经配置好了,现在你
需要把他激活----怎么激活就不用我多嘴了把,对了,DNS不要忘了填.
接下来我们要用到认证需要的用户名和密码了,
[root@wlyx lib]#cd /etc/mdc-ssd
[root@wlyx mdc-ssd]#ls
eth0 ifcfg options
这里我们要编辑文件ifcfg,看仔细了.
[root@wlyx mdc-ssd]#vi ifcfg
# express-toolkit interface configuration file for supplicant
#
#Useage: Each line is an interface, named in the first parameter.
# Each line must have an entry for each parameter.
# A dash "-" may be entered to mean the default
# for that parameter.
# The pound sign "#" in the first column makes a line a comment
#This file configures the interfaces used by the asd supplicant.
#
#if = IFName (name of interface, as known by ifconfig)
#ap = Auth Period - #of secs to expire before moving from authentica
ting to connecting state.
#hp = Held Period - #of secs to expire before moving from held to co
nnecting state.
#sp = Start Period - #of secs to expire before attempting another st
art packet.
#ms = Max Start - the maximum number of start packets that will be s
ent before silencing ourselves.
#dp = Default Protocol - 4- Chap 13 - TLS
#Tv = TLS links in chain for certificate verification.
#Tf = TLS CA file.
#Tpa = TLS CA path.
#Tc = TLS cipher - modify cipher list.
#id = zs065083
#df = 303120
#if ap hp sp ms dp Tv Tf Tpa Tc id df
#--- -- -- -- -- -- -- -- -- --- -- --
eth0 120 30 120 3 13 1 /etc/mdc-ssd/eth0/trustedCA.pem - - uname pas
sword
原文应该是这样的,下面我们要做修改,注意了,需要修改的都在最下面一行.修改后如下:
# express-toolkit interface configuration file for supplicant
#
#Useage: Each line is an interface, named in the first parameter.
# Each line must have an entry for each parameter.
# A dash "-" may be entered to mean the default
# for that parameter.
# The pound sign "#" in the first column makes a line a comment
#This file configures the interfaces used by the asd supplicant.
#
#if = IFName (name of interface, as known by ifconfig)
#ap = Auth Period - #of secs to expire before moving from authentica
ting to connecting state.
#hp = Held Period - #of secs to expire before moving from held to co
nnecting state.
#sp = Start Period - #of secs to expire before attempting another st
art packet.
#ms = Max Start - the maximum number of start packets that will be s
ent before silencing ourselves.
#dp = Default Protocol - 4- Chap 13 - TLS
#Tv = TLS links in chain for certificate verification.
#Tf = TLS CA file.
#Tpa = TLS CA path.
#Tc = TLS cipher - modify cipher list.
#id = zs065083
#df = 303120
#if ap hp sp ms dp Tv Tf Tpa Tc id df
#--- -- -- -- -- -- -- -- -- --- -- --
eth0 120 30 120 3 4 1 /etc/mdc-ssd/eth0/trustedCA.pem - - zs065083 26
5031
修改了三处,13->4,username->zs065083,password->265031(假的,你就不要试了,呵呵!)
然后保存(不要说你不会,我晕~~~真不会就用kwrite吧,跟word差不多的). 一般来说这就
可以了,但保险起见,我们还是进行下一步
[root@wlyx mdc-ssd]#cd eth0
[root@wlyx eth0]#ls
chap-secrets mycert.pem tls-secrets trustedCA.pem
[root@wlyx eth0]#vi chap-secrets
# Secrets for authentication using CHAP with:
# Meetinghouse Data Communications SecureSupplicant (mdc-ssd)
# www.mtghouse.com
# identity server secret
# -------- ------ ------
test * test
修改后:
# Secrets for authentication using CHAP with:
# Meetinghouse Data Communications SecureSupplicant (mdc-ssd)
# www.mtghouse.com
# identity server secret
# -------- ------ ------
zs065083 * 206531
同样保存.
好了,万事俱备,只欠东风!确保你的网卡处于活跃状态,然后:
[root@wlyx eth0]#mdc-ssd
mdc-ssd options in effect:
nodetach # (from /etc/mdc-ssd/options)
logfd 1 # (from /etc/mdc-ssd/options)
dump # (from /etc/mdc-ssd/options)
TLSdebug # (from /etc/mdc-ssd/options)
TLSstate # (from /etc/mdc-ssd/options)
TLSbugs # (from /etc/mdc-ssd/options)
mdc-ssd: mdc-ssd:TLS error, unable to get certificate information for identity
: zs065083. Check tls-secrets file.
mdc-ssd: mdc-ssd TLS: cert file:
mdc-ssd: mdc-ssd TLS: key file:
mdc-ssd: 802.1X: txStart(port=1) (transmit an EAP start packet)
mdc-ssd: 802.1X: supp state -> SSM_CONNECTING for port 1
mdc-ssd: 802.1X: EAP request-ID received.
mdc-ssd: mdc-ssd: txRspId(Transmit our identity (zs065083) to authenticator)
mdc-ssd: 802.1X: supp state -> SSM_ACQUIRED for port 1
mdc-ssd: 802.1X: Received a authentication request packet with authentication
type: 4.
mdc-ssd: 802.1X: txRspAuth(Transmitting a reply to authenticator for authentic
ation type=4
mdc-ssd: 802.1X: supp state -> SSM_AUTHENTICATING for port 1
mdc-ssd: 802.1X: mdc-ssd options in effect:
nodetach # (from /etc/mdc-ssd/options)
logfd 1 # (from /etc/mdc-ssd/options)
dump # (from /etc/mdc-ssd/options)
TLSdebug # (from /etc/mdc-ssd/options)
TLSstate # (from /etc/mdc-ssd/options)
TLSbugs # (from /etc/mdc-ssd/options)
mdc-ssd: mdc-ssd:TLS error, unable to get certificate information for identity
: zs065083. Check tls-secrets file.
mdc-ssd: mdc-ssd TLS: cert file:
mdc-ssd: mdc-ssd TLS: key file:
mdc-ssd: 802.1X: txStart(port=1) (transmit an EAP start packet)
mdc-ssd: 802.1X: supp state -> SSM_CONNECTING for port 1
mdc-ssd: 802.1X: EAP request-ID received.
mdc-ssd: mdc-ssd: txRspId(Transmit our identity (zs065083) to authenticator)
mdc-ssd: 802.1X: supp state -> SSM_ACQUIRED for port 1
mdc-ssd: 802.1X: Received a authentication request packet with authentication
type: 4.
mdc-ssd: 802.1X: txRspAuth(Transmitting a reply to authenticator for authentic
ation type=4
mdc-ssd: 802.1X: supp state -> SSM_AUTHENTICATING for port 1
mdc-ssd: 802.1X: EAP success received for interface - eth0.
mdc-ssd: 802.1X: supp state -> SSM_AUTHENTICATED for port 1
mdc-ssd: 802.1X: supp state -> SSM_AUTHENTICATED for port 1------出现这一行就行
了,现在可以欢呼了,在通往linux的道路上努力吧!!
(注:看到很多师兄说什么会出现错误什么的,可我无论在7.3,8.0和9.0下都运行的很好,并
且认证速度很快,比windows还要好) |
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
)
87486602