在debian下面有没有802.1x认证的软件(mdc-ssd可以，不过只有rpm的，用alien转不成deb)

藕节 · 发表于 2003-10-14 12:51:14

最初由 aries1998 发表
mdc-ssd在redhat下面肯定是可以用的，不过网上的那篇配置文章感觉有问题，它说要修改2个文件，但是我修改了3个才能上网，这三个文件分别是/etc/mdc-ssd/ifcfg /etc/mdc-ssd/eth0/chap-secrets 和/etc/mdc-ssd/eth0/tls-secrets 把里面默认的用户名和密码改为你的，然后修改ifcfg最后一排的dp值，默认是13,要修改为4,接着运行redhat-config-network
选择dhcp，并且要把自动获得dns也选上，然后ifup eth0& mdc-ssd& 顺序不要反，反正我在redhat9 和 fedrora下面都是这样的，你应该也是用的校园网吧，而且现在几乎大学里面的都是用的什么802.1x认证！

还是不行,信息如下,另外，我们用的是联创的集成系统,不知道你们用的是什么?
[PHP]
[root@localhost root]# ifup eth0 & mdc-ssd &
[2] 1664
[3] 1665
[root@localhost root]# mdc-ssd options in effect:
nodetach             # (from /etc/mdc-ssd/options)
logfd 1       # (from /etc/mdc-ssd/options)
dump          # (from /etc/mdc-ssd/options)
TLSdebug             # (from /etc/mdc-ssd/options)
TLSstate             # (from /etc/mdc-ssd/options)
TLSbugs       # (from /etc/mdc-ssd/options)
mdc-ssd: mdc-ssd TLS: cert file: /etc/mdc-ssd/eth0/mycert.pem
mdc-ssd: mdc-ssd TLS: key file:
mdc-ssd: unable to get private key from '/etc/mdc-ssd/eth0/mycert.pem'
mdc-ssd: mdc-ssd:TLS error setting user certificate/private key information.
mdc-ssd: Unable to configure Transport Layer Security (TLS).

正在决定 eth0 的 IP 信息...mdc-ssd: 802.1X: txStart(port=1) (transmit an EAP start packet)
mdc-ssd: 802.1X: supp state -> SSM_CONNECTING for port 1
失败了。
[/PHP]

aries1998 · 发表于 2003-10-14 13:02:29

不管是什么系统，只要是802.1x的，应该就可以啊！，你能不能把ifcfg chap-secrets tls-secrets 三个文件贴上来，从你的帖子里面看，肯定是在认证，而且是802.1x的，肯定配置文件的问题吧！

aries1998 · 发表于 2003-10-14 13:03:04

不管是什么系统，只要是802.1x的，应该就可以啊！，我们学校用的是华为的，网络中心的人都说华为只有windows的客户端，但是mdc-ssd还是可以用，你能不能把ifcfg chap-secrets tls-secrets 三个文件贴上来，从你的帖子里面看，肯定是在认证，而且是802.1x的，肯定配置文件有问题！

藕节 · 发表于 2003-10-15 09:09:50

最初由 aries1998 发表
不管是什么系统，只要是802.1x的，应该就可以啊！，我们学校用的是华为的，网络中心的人都说华为只有windows的客户端，但是mdc-ssd还是可以用，你能不能把ifcfg chap-secrets tls-secrets 三个文件贴上来，从你的帖子里面看，肯定是在认证，而且是802.1x的，肯定配置文件有问题！

我从新检查了一下配置:
运行信息如下:
[PHP]
[root@localhost root]# mdc-ssd&
[1] 1103
[root@localhost root]# mdc-ssd options in effect:
nodetach             # (from /etc/mdc-ssd/options)
logfd 1       # (from /etc/mdc-ssd/options)
dump          # (from /etc/mdc-ssd/options)
TLSdebug             # (from /etc/mdc-ssd/options)
TLSstate             # (from /etc/mdc-ssd/options)
TLSbugs       # (from /etc/mdc-ssd/options)
mdc-ssd: mdc-ssd TLS: cert file: /etc/mdc-ssd/eth0/mycert.pem
mdc-ssd: mdc-ssd TLS: key file:
mdc-ssd: unable to get private key from '/etc/mdc-ssd/eth0/mycert.pem'
mdc-ssd: mdc-ssd:TLS error setting user certificate/private key information.
mdc-ssd: Unable to configure Transport Layer Security (TLS).
mdc-ssd: 802.1X: txStart(port=1) (transmit an EAP start packet)
mdc-ssd: 802.1X: supp state -> SSM_CONNECTING for port 1
mdc-ssd: 802.1X: txStart(port=1) (transmit an EAP start packet)
mdc-ssd: 802.1X: supp state -> SSM_CONNECTING for port 1
mdc-ssd: 802.1X: txStart(port=1) (transmit an EAP start packet)
mdc-ssd: 802.1X: supp state -> SSM_CONNECTING for port 1
mdc-ssd: 802.1X: supp state -> SSM_AUTHENTICATED for port 1
[/PHP]
而后就不动了，可找样不能上网。查看ip,没有成功获取。

配置文件如下：
[PHP]
ifcfg文件：

# express-toolkit interface configuration file for supplicant
#
#Useage: Each line is an interface, named in the first parameter.
#       Each line must have an entry for each parameter.
#             A dash "-" may be entered to mean the default
#          for that parameter.
#       The pound sign "#" in the first column makes a line a comment
#This file configures the interfaces used by the asd supplicant.
#
#if    =    IFName  (name of interface, as known by ifconfig)
#ap    =    Auth Period - #of secs to expire before moving from authenticating to connecting state.
#hp    =    Held Period - #of secs to expire before moving from held to connecting state.
#sp    =    Start Period - #of secs to expire before attempting another start packet.
#ms    =    Max Start - the maximum number of start packets that will be sent before silencing ourselves.
#dp    =    Default Protocol - 4- Chap 13 - TLS
#Tv    =    TLS links in chain for certificate verification.
#Tf    =    TLS CA file.
#Tpa =    TLS CA path.
#Tc    =    TLS cipher - modify cipher list.
#id    =    Identity
#df    =    Default Secret

#if ap  hp  sp  ms dp Tv Tf          Tpa  Tc id df
#---  --  --  --  -- -- -- --                         -- ---  -- --
eth0  120 30  120  3 4 1 /etc/mdc-ssd/eth0/trustedCA.pem - - 卡号  密码

char-secrets文件：

# Secrets for authentication using CHAP with:
#  Meetinghouse Data Communications SecureSupplicant (mdc-ssd)
#  www.mtghouse.com
# identity          server                secret
# --------       ------             ------
  卡号             *                   密码

tls-secrets文件:

#
# Meetinghouse Data Communications SecureSupplicant (mdc-ssd) TLS secrets
#                      (www.mtghouse.com)
#  There should be only one entry per identity.  If there is more than one for
#  the same identity then the one closest to the top of the file will be used.
#
#  The [private key file] and the [private key secret] are optional entries.
#  If you have nothing to enter for them then you must enter a dash:  -
#
#
#  identity certificate file          [private key file] [private key secret]
#  -------- ----------------          ------------------ --------------------
#

# the next line is an example.  The mycert.pem will not work for you, but
# should be replaced with your own certificate.  This is here only as an
# example.
  卡号    /etc/mdc-ssd/eth0/mycert.pem    -                   密码

[/PHP]

aries1998 · 发表于 2003-10-15 10:39:27

[root@satan root]# ifup eth0&
[1] 3427
[root@satan root]# Cannot get driver information: Invalid argument

正在决定 eth0 的 IP 信息...mdc-ssd&
[2] 3485
[root@satan root]# mdc-ssd options in effect:
nodetach             # (from /etc/mdc-ssd/options)
logfd 1       # (from /etc/mdc-ssd/options)
dump          # (from /etc/mdc-ssd/options)
TLSdebug             # (from /etc/mdc-ssd/options)
TLSstate             # (from /etc/mdc-ssd/options)
TLSbugs       # (from /etc/mdc-ssd/options)
mdc-ssd: mdc-ssd TLS: cert file: /etc/mdc-ssd/eth0/mycert.pem
mdc-ssd: mdc-ssd TLS: key file:
mdc-ssd: unable to get private key from '/etc/mdc-ssd/eth0/mycert.pem'
mdc-ssd: mdc-ssd:TLS error setting user certificate/private key information.
mdc-ssd: Unable to configure Transport Layer Security (TLS).
mdc-ssd: 802.1X: txStart(port=1) (transmit an EAP start packet)
mdc-ssd: 802.1X: supp state -> SSM_CONNECTING for port 1
mdc-ssd: 802.1X: EAP request-ID received.
mdc-ssd: mdc-ssd: txRspId(Transmit our identity (aries) to authenticator)
mdc-ssd: 802.1X: supp state -> SSM_ACQUIRED for port 1
mdc-ssd: 802.1X: Received a authentication request packet with authentication type: 4.
mdc-ssd: 802.1X: txRspAuth(Transmitting a reply to authenticator for authentication type=4
mdc-ssd: 802.1X: supp state -> SSM_AUTHENTICATING for port 1
mdc-ssd: 802.1X: EAP success received for interface - eth0.
mdc-ssd: 802.1X: supp state -> SSM_AUTHENTICATED for port 1
完成。

上面是我认证的时候的信息，你的配置文件没有问题，是不是你在运行mdc-ssd之前没有运行ifup eth0& 最好先ifdown eth0  然后ifup eth0& 接着马上mdc-ssd&,  比较了一下，

mdc-ssd: 802.1X: Received a authentication request packet with authentication type: 4.  这一句你没有，也就是修改的dp的值从13改为4,
还有这一句
mdc-ssd: mdc-ssd: txRspId(Transmit our identity (aries) to authenticator)
你上面没有这一句，里面包含了你的用户名，我的是aries.
我现在怀疑是不是编辑器的原因，保存的字符编码可能不同，比如gedit和vi默认的编码就不一样，我都是在字符界面下用vi改的，你先把mdc-ssd卸载了，删掉/etc/mdc-ssd目录，然后重新安装，用vi编辑。

藕节 · 发表于 2003-10-15 11:59:02

我用的是vim,应该没问题吧，是Ｘ下的终端的.
我怀疑是我们的认证问题，只是怀疑。

aries1998 · 发表于 2003-10-15 12:07:31

有可能，现在学校里面的东西全部都是和微软一条道的，我们这些学生也没办法，像我以前的软猫和pci的adsl，死活没有linux的驱动，唉，路还长啊！

藕节 · 发表于 2003-10-15 12:35:14

我转了个mdc-ssd的deb包，如果你好的话，我可以发给你

aries1998 · 发表于 2003-10-15 20:08:22

我刚收到一个mdc-ssd.deb,应该是你吧，谢谢了哈！

藕节 · 发表于 2003-10-15 22:52:47

呵呵，是拉，不用谢了,都是linux兄弟

		自动登录	找回密码
密码			注册