SECURITY How To Enable 802.1X (Port Based Network Access Control)

From Gentoo Linux Wiki

This article is part of the Security series.

Contents 1 Introduction 2 Requirements 3 Step by Step 3.1 Umasking Xsupplicant 3.2 Verify Downloads Neededs 3.3 Download Sources and Dependencies 3.4 Merging XSupplicant 3.5 Setting the /etc/xsupplicant.conf 4 About

[edit] Introduction

The objective of this How To, is to help configure a Gentoo Desktop/Notebook in a IEEE 802.1X (Port Based Network Access Control) environment.

This document assumes that it is a recent installation based in Universal Live CD.

[edit] Requirements

• XSupplicant - The Open 802.1X Implementation - XSupplicant Page
• Network Credentials (Username / Password / LDAP Information / etc.)
• Certificates if needed

[edit] Step by Step

[edit] Umasking Xsupplicant

#> echo 'net-misc/xsupplicant ~x86' >> /etc/portage/package.keywords

[edit] Verify Downloads Neededs

#> emerge -pv xsupplicant
These are the packages that I would merge, in order:
Calculating dependencies ...done!
[ebuild  N    ] dev-libs/libusb-0.1.10a  -debug -doc 366 kB
[ebuild  N    ] sys-apps/pcsc-lite-1.2.0  -static 771 kB
[ebuild  N    ] net-misc/xsupplicant-1.0.1  622 kB
Total size of downloads: 1,760 kB

[edit] Download Sources and Dependencies

In another computer with internet connection:

Download the required files (Change X.X.X by Correct Version showed in emerge -pv xsupplicant command:

#> wget --passive-ftp ftp://ftp.las.ic.unicamp.br/pub/gentoo/distfiles/pcsc-lite-X.X.X.tar.gz
#> wget --passive-ftp ftp://ftp.las.ic.unicamp.br/pub/gentoo/distfiles/libusb-X.X.X.tar.gz
#> wget --passive-ftp ftp://ftp.las.ic.unicamp.br/pub/gentoo/distfiles/xsupplicant-X.X.X.tar.gz

Copy downloaded files to CDRom or USB Drive.

Move the downloaded source-files to /usr/portage/distfiles/ in Gentoo-Box and check dependencies:

#> emerge -pv xsupplicant
These are the packages that I would merge, in order:
Calculating dependencies ...done!
[ebuild  N    ] dev-libs/libusb-0.1.10a  -debug -doc 0 kB
[ebuild  N    ] sys-apps/pcsc-lite-1.2.0  -static 0 kB
[ebuild  N    ] net-misc/xsupplicant-1.0.1  0 kB
Total size of downloads: 0 kB

[edit] Merging XSupplicant

#> emerge xsupplicant

[edit] Setting the /etc/xsupplicant.conf

Now we need to configure the /etc/xsupplicant.conf with details of the network environment.

In my case:

PEAP-MSCHAPv2 / Windows Active Directory / Without Certificate

[edit] About

This document was written by Daniel Neto.

Feel free to correct my *badly* english, this is not my mother-tongue :) I am just trying to help.

About Me: My MSN Spaces