重新再搞实达认证还是搞不定

deng805

以前搞了一段时间,论坛翻底朝天了,没搞定,现在要用,又来搞.我先从open1x上下的xsupplicant源码安装,但是新版本配置文件都改了,不是1x.conf了,如下:
# This is an example configuration file for xsupplicant versions after 0.8b.

### GLOBAL SECTION

# network_list: defines all of the networks in this file which
# should be kept in memory and used.Comma delimited list or "all"
# for keeping all defined configurations in memory. For efficiency,
# keep only the networks you might roam to in memory.
# To avoid errors, make sure your default network is always
# in the network_list. In general, you will want to leave this set to
# "all".

network_list = all
#network_list = default, test1, test2

# default_netname: some users may actually have a network named "default".
# since "default" is a keyword in the network section below, you can
# change which is to be used as the replacement for this keyword

default_netname = default
#default_netname = my_defaults

# In the startup_command, first_auth_command, and reauth_command you can
# use "%i" to have xsupplicant fill in the interface that is being used.
# This allows a single network profile to work across different wireless
# cards.

# startup_command: the command to run when xsupplicant is first started.
# this command can do things such as configure the card to associate with
# the network properly.
startup_command = <BEGIN_COMMAND>;echo "some command"<END_COMMAND>;

# first_auth_command: the command to run when xsupplicant authenticates to
# a wireless network for the first time. This will usually be used to
# start a DHCP client process.
first_auth_command = <BEGIN_COMMAND>;dhclient %i<END_COMMAND>;

# reauth_command: the command to run when xsupplicant reauthenticates to a
# wireless network. This may be used to have the dhcp client rerequest
# it's IP address.
reauth_command = <BEGIN_COMMAND>;echo "authenticated user %i"<END_COMMAND>;

# When running in daemon, or non-foreground mode, you may want to have the
# output of the program. So, define a log file here. Each time XSupplicant
# is started, this file will be replaced. So, there is no need to roll the
# log file.
logfile = /var/log/xsupplicant.log

# The auth_period, held_period, and max_starts modify the timers in the state
# machine. (Please reference the 802.1x spec for info on how they are used.)
# For most people, there is no reason to define these values, as the defaults
# should work.

#auth_period = 30

#held_period = 30

#max_starts = 3

# Defining an interface in "allow_interfaces" will bypass the rules that
# xsupplicant uses to determine if an interface is valid. For most people
# this setting shouldn't be needed. It is useful for having xsupplicant
# attempt to authenticate on interfaces that don't appear to be true
# physical interfaces. (i.e. Virtual interfaces such as eth0:1)

#allow_interfaces = eth0, wlan0

# Defining an interface in "deny_interfaces" will prevent xsupplicant from
# attempting to authenticate on a given interface. This is useful if you
# know that you will never do 802.1x on a specific interface. However,
# allows will take priority over denies, so defining the same interface in
# the allow_interfaces, and deny_interfaces will result in the interface
# being used.

#deny_interfaces = eth1

### NETWORK SECTION



# the general format of the network section is a network name followed
# by a group of variables

# network names may contain the following characters: a-z, A-Z, 0-9, '-',
# '_', '\', '/'
# Those interested in having an SSID with ANY character in it can use
# the ssid tag within the network clause. Otherwise, your ssid will
# be the name of the network.

## The default network is not a network itself. These values are
## the default used for any network parameters not overridden
## in another section. If it's not in your network configuration
## and not in your default, it won't work!!

default
{
# type: the type of this network. wired or wireless, if this value is not
# set, xsupplicant will attempt to determine if the interface is wired or
# wireless. In general, you should only need to define this when
# xsupplicant incorrectly identifies your network interface.
#type = wireless

# wireless_control : If this profile is forced to wired, this will not do
# anything. However, if the interface is forced, or detected to be wireless
# XSupplicant will take control of re/setting WEP keys when the machine
# first starts, and when it jumps to a different AP. In general, you won't
# need to define, or set this value.
# wireless_control = yes

# allow_types: describes which EAP types this network will allow. The
# first type listed will be requested if the server tries to use something
# not in this list.
# allow_types = eap_tls, eap_md5, eap_gtc, eap-otp
allow_types = all

# identity: what to respond with when presented with an EAP Id Request
# Typically, this is the username for this network. Since this can
# be an arbitrary string, enclose within <BEGIN_ID>; and <END_ID>;
identity = <BEGIN_ID>;myid@mynet.net<END_ID>;

# Force xsupplicant to send it's packets to this destination MAC address.
# In most cases, this isn't needed, and shouldn't be defined.
#dest_mac = 00:aA:bB:cC:dD:eE

## method-specific parameters are kept in the method
eap_tls {
user_cert = /path/to/certificate
user_key = /path/to/private/key
user_key_pass = <BEGIN_PASS>;password for key<END_PASS>;
root_cert = /path/to/list/of/valid/roots
crl_dir = /path/to/dir/with/crl
chunk_size = 1398
random_file = /path/to/random/source

# To enable TLS session resumption, you need to set the following
# value to "yes". By default, session resumption is disabled.
#session_resume = yes
}

eap-md5 {
username = <BEGIN_UNAME>;testuser<END_UNAME>;
password = <BEGIN_PASS>;testuserpass!<END_PASS>;
}

eap-ttls {
user_cert = /path/to/certificate
#as in tls, define either a root certificate or a directory
# containing root certificates
#root_cert = /path/to/root/certificate
root_dir = /path/to/root/certificate/dir
crl_dir = /path/to/dir/with/crl
user_key = /path/to/private/key
user_key_pass = <BEGIN_PASS>;password for key<END_PASS>;
chunk_size = 1398
random_file = /path/to/random/source
cncheck = myradius.radius.com # Verify the server certificate
# has this value in it's CN field.
cnexact = yes # Should it be an exact match?
#session_resume = yes
# phase2_type defines which phase2 to actually DO. You
# MUST define one of these.
phase2_type = chap
## These are definitions for the different methods you might
## do at phase2. only the one specified above will be used
## but it is valid to leave more than one here for convenience
## and easy switching.
pap {
username = <BEGIN_UNAME>;papuser<END_UNAME>;
password = <BEGIN_PASS>;pappasswd<END_PASS>;
}
chap {
username = <BEGIN_UNAME>;chapuser<END_UNAME>;
password = <BEGIN_PASS>;chappasswd<END_PASS>;
}
mschap {
username = <BEGIN_UNAME>;mschapuser<END_UNAME>;
password = <BEGIN_PASS>;mschappasswd<END_PASS>;
}
mschapv2 {
username = <BEGIN_UNAME>;mschapv2user<END_UNAME>;
password = <BEGIN_PASS>;mschapv2passwd<END_PASS>;
}
}

eap-leap {
username = <BEGIN_UNAME>;leapuser<END_UNAME>;
password = <BEGIN_PASS>;leapuserpass!<END_PASS>;
}

eap-mschapv2 {
username = <BEGIN_UNAME>;eapmschapv2user<END_UNAME>;
password = <BEGIN_PASS>;eapmschapv2userpass!<END_PASS>;
}

eap-peap {
user_cert = /path/to/certificate
root_dir = /path/to/root/certificate/dir
crl_dir = /path/to/dir/with/crl
user_key = /path/to/private/key
user_key_pass = <BEGIN_PASS>;password for key<END_PASS>;
chunk_size = 1398
random_file = /path/to/random/source
cncheck = myradius.radius.com # Verify the server certificate
# has this value in it's CN field.
cnexact = yes # Should it be an exact match?
session_resume = yes

#Currently 'all' is just mschapv2
#If no allow_types is defined, all is assumed
allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM
#allow_types = eap_mschapv2

# right now you can do any of these methods in PEAP:
eap-mschapv2 {
username = <BEGIN_UNAME>;phase2mschapv2<END_UNAME>;
password = <BEGIN_PASS>;phase2mschapv2pass<END_PASS>;
}
}

eap-sim {

# In order to obtain the IMSI from the SIM card, the password
# *MUST* be defined here! Otherwise, you need to specify your
# IMSI as the username below.
username = <BEGIN_UNAME>;simuser<END_UNAME>;
password = <BEGIN_PASS>;simuserpass!<END_PASS>;
auto_realm = yes
}
}

# In this network definition, "test1" is the friendly name. It can match
# the essid of the network, which means you won't have to set the "ssid"
# variable. However, if it doesn't match, you need to set the "ssid"
# variable in order for the network to be detected correctly.
test1
{
type = wired
# ssid: you should not define this unless you have characters
# other than those specified above in the ssid of your network
ssid = <BEGIN_SSID>;mvemjsnp<END_SSID>;

allow_types = all
identity = <BEGIN_ID>;Check this out- any char!#$<END_ID>;

}


test2
{
# ssid: you should not define this unless you have characters
# other than those specified above in the ssid of your network
ssid = <BEGIN_SSID>;up to 32 character ASCII string<END_SSID>;
identity = <BEGIN_ID>;testuser@testnet.com<END_ID>;

allow_types = eap-tls
type = wireless
}

test3
{
# ssid: you should not define this unless you have characters
# other than those specified above in the ssid of your network
ssid = <BEGIN_SSID>;foo-network!<END_SSID>;

type = wired

identity= <BEGIN_ID>;this will work too<END_ID>;
}
我不知道在哪里输入我的用户名和密码.执行
xsupplicant -u denny -p djh都显示参数-u不对,晕

又用下面的办法

下载linuxsir上aries1998兄弟编译好的xsupplicant按他说的
ifconfig eth0 10.16.20.192 && /bin/xsupplicnat -u denny -p djh
Username override! Using username denny
Password passed in from command line! (This isn't very secure!)
Setup on device eth0 complete
Specific Wireless Authenticator MAC not found, using default destination
Could not determine network name, assuming there is none
Using default network profile. (Network Name = default)
Done with init.
Connection Established, authenticating...
get_password returned a value!
Failed to Authenticate
Sending EAPOL-Start #1

denny:~dhclient&回车,它不后来执行,老discover个没完,下一个命令就输入不了了,有没有别的后台执行命令啊?
没办法ctrl+c
denny:~/bin/xsupplicant -u denny -p djh
Username override! Using username denny
Password passed in from command line! (This isn't very secure!)
Setup on device eth0 complete
Specific Wireless Authenticator MAC not found, using default destination
Could not determine network name, assuming there is none
Using default network profile. (Network Name = default)
Done with init.

随便哪种有没有弟兄帮忙看看怎么回事啊