[rhelv6-list] Antwort: Re: WLAN with RHEL6 with auth against Windows ADS
Andreas Reschke
Andreas.Reschke at behrgroup.com
Tue Jul 5 12:01:55 UTC 2011
rhelv6-list-bounces at redhat.com schrieb am 01.07.2011 07:59:24:
> Kurt Keller <kkathag at gmail.com>
> Gesendet von: rhelv6-list-bounces at redhat.com
>
> 01.07.2011 08:01
>
> Bitte antworten an
> "Red Hat Enterprise Linux 6 \(Santiago\) discussion mailing-list"
> <rhelv6-list at redhat.com>
>
> An
>
> "Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list"
> <rhelv6-list at redhat.com>
>
> Kopie
>
> Thema
>
> Re: [rhelv6-list] WLAN with RHEL6 with auth against Windows ADS
>
> Hi Andreas,
>
> Here the notes from how I got my Fedora 14 box connected to the
> company wireless network. Hope it helps. But you might also need to
> talk to your ADS guys to find out what exactly is required in your
> specific environment.
>
> * I actually configured the connection in NetworkManager (instructions
> might not be completely accurate, as it is documented after the fact
> and after quite a number of failures, probably due to an older kernel
> version)
> + add a new wireless connection
> # Security: WPA & WPA2 Enterprise
> # Authentication: TLS
> # Identity: <my-user-id>
> # User Certificate: blank
> # CA certificate: the file with the chain to the
> CA certificate
> # Private key: the exported key/certificate
> combo in pkcs12 format (could not get it to run at all with
> certificate and key in pem format)
> # Private key password: well, the password for
> the pkcs12 package
> # ignore the messages about the private key
> being unencrypted (even though it is encrypted)
>
> Cheers,
>
> Kurt
>
> On 27 June 2011 13:39, Andreas Reschke <Andreas.Reschke at behrgroup.com>
wrote:
> > Hi,
> >
> > I want to use WLAN in our office. I've 2 certificate (userid.cer)
> >
> > a)
> > cat RESCH.cer
> > -----BEGIN CERTIFICATE-----
> > MIIGhDCCBe2gAwIBAgIKI7sHqAAAAAE5czANBgkqhkiG9w0BAQUFADA/MQswCQYD
> > ......
> >
> > b)
> > cat RESCH.cer
> > 0��0���
> >
> > 0?19s0 *�H��
> >
> > 0 0 UDE10U Stuttgart1
> >
> > U
> >
> > 0ehr1
> >
> > 120111083751Z0y10
> >
> > �&���,dnet10
> >
> > �&���,d behrgroup1
> > ......
> >
> > Which one is there right one? The more ascii-like or the binary
version? And
> > which settings in NetworkManager are required?
> >
> > Authentication: TLS, LEAP, Tunneld TLS, Protected EAP (PEAP)?
> >
> > Thanks for your help
> >
> >
> > Andreas Reschke
> > _______________________________________________
> > rhelv6-list mailing list
> > rhelv6-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/rhelv6-list
> >
> >
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
Hello Kurt,
now I've created the both certificate files. This is what I get from
/var/log/messages:
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
Stage 1 of 5 (Device Prepare) scheduled...
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
Stage 1 of 5 (Device Prepare) started...
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
state change: 6 -> 4 (reason 0)
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
Stage 2 of 5 (Device Configure) scheduled...
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
Stage 1 of 5 (Device Prepare) complete.
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
Stage 2 of 5 (Device Configure) starting...
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
state change: 4 -> 5 (reason 0)
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation
(wlan0/wireless): connection 'B3hr--36' has security, and secrets exist.
No new secrets needed.
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
'ssid' value 'B3hr--36'
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
'scan_ssid' value '1'
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
'key_mgmt' value 'WPA-EAP'
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
'eap' value 'TLS'
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
'fragment_size' value '1300'
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
'ca_cert' value '/home/resch/Zertifikate/resch.pem'
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
'private_key' value '/home/resch/Zertifikate/resch.p12'
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
'private_key_passwd' value '<omitted>'
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
'identity' value 'resch'
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
Stage 2 of 5 (Device Configure) complete.
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: set
interface ap_scan to 1
Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: disconnected -> scanning
Jul 5 13:57:43 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: scanning -> associating
Jul 5 13:57:43 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: associating -> associated
Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: associated -> disconnected
Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: disconnected -> scanning
Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: scanning -> disconnected
Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: disconnected -> associating
Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: associating -> associated
Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: associated -> disconnected
Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: disconnected -> scanning
Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: scanning -> disconnected
Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: disconnected -> associating
Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: associating -> associated
Jul 5 13:57:50 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: associated -> disconnected
Jul 5 13:57:50 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: disconnected -> scanning
Jul 5 13:57:50 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: scanning -> disconnected
Jul 5 13:57:50 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: disconnected -> associating
Jul 5 13:58:05 st00ni0029 NetworkManager[2505]: <warn> Activation
(wlan0/wireless): association took too long.
Jul 5 13:58:05 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
state change: 5 -> 6 (reason 0)
Jul 5 13:58:06 st00ni0029 NetworkManager[2505]: <warn> Activation
(wlan0/wireless): asking for new secrets
Jul 5 13:58:06 st00ni0029 NetworkManager[2505]: <info> (wlan0):
supplicant connection state: associating -> disconnected
Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
state change: 6 -> 9 (reason 7)
Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <warn> Activation (wlan0)
failed for access point (B3hr--36)
Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <info> Marking connection
'B3hr--36' invalid.
Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <warn> Activation (wlan0)
failed.
Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
state change: 9 -> 3 (reason 0)
Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <info> (wlan0):
deactivating device (reason: 0).
But it didn't work
Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20110705/7e0bed25/attachment.htm>
More information about the rhelv6-list
mailing list