服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 不能在Centos7上针对AD进行ISE(802.1)authentication
Intereting Posts
如何recursion地更改bash下的文件和文件夹的大小写 名称服务器检查器 如何在鱿鱼3中实现临时页面? 启动后启动SVN服务器 不能FTP到服务器 在Linode.com上设置nodebalancer后,IP欺骗攻击错误 Applockerpopup消息 Amazon CloudFront CORS特定的延迟 DNS如何“卡住”? 你如何处理数据归档? 主机卷resize后,在KVM guest虚拟机中无法读取卷 尽pipe80和443是系统端口,但大多数Web服务器如何能够绑定到它们呢? 如何更改复制的事务日志保存在日志传送configuration中的天数? 无法在AD中存储TPM信息 解决VPNnetworking访问限制问题

不能在Centos7上针对AD进行ISE(802.1)authentication

我在/ etc / sysconfig / network-scripts目录下有下面的configuration文件。 使用这些文件,我不能在某些Centos7工作站上针对AD进行ISE身份validation,而我在其他Centos7上进行身份validation。 两个组的操作系统版本相同(CentOS Linux版本7.3.1611)

在/ var / log / messages文件中,接口eno1被认为没有区域。 尽pipe我将eno1添加到区域(公共),但重新启动NetworkManager会将其置于此区域之外。

我应该着重解决这个问题?

谢谢。

在/ etc / sysconfig / network中的脚本/的ifcfg-ENO1: 

DEVICE=eno1 ONBOOT=yes TYPE=Ethernet BOOTPROTO=dhcp IEEE_8021X_INNER_AUTH_METHODS=MSCHAPV2 KEY_MGMT=IEEE8021X IEEE_8021X_EAP_METHODS=PEAP IEEE_8021X_IDENTITY=host/host1091 ZONE=public

在/ etc / sysconfig / network中的脚本/键,ENO1: 

 IEEE_8021X_PASSWORD=myhostpasswordhashxxyzzzz

/ var / log / message中相应的NetworkManager日志条目: 

 device (eno1): supplicant interface state: starting -> ready Config: added 'password' value '<omitted>' Config: added 'key_mgmt' value 'IEEE8021X' Config: added 'eapol_flags' value '0' Config: added 'eap' value 'PEAP' Config: added 'fragment_size' value '1266' Config: added 'phase2' value 'auth=MSCHAPV2' Config: added 'identity' value 'host/host1091' sup-iface[0x7fd01dad6c20,eno1]: config: set interface ap_scan to 0 device (eno1): supplicant interface state: ready -> associated device (eno1): Activation: (ethernet) association took too long. device (eno1): state change: config -> need-auth (reason 'none') [50 60 0] device (eno1): Activation: (ethernet) asking for new secrets device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0] device (eno1): state change: prepare -> config (reason 'none') [40 50 0] device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed. device (eno1): supplicant interface state: starting -> ready Config: added 'password' value '<omitted>' Config: added 'key_mgmt' value 'IEEE8021X' Config: added 'eapol_flags' value '0' Config: added 'eap' value 'PEAP' Config: added 'fragment_size' value '1266' Config: added 'phase2' value 'auth=MSCHAPV2' Config: added 'identity' value 'host/host1091' sup-iface[0x7fd01da6cab0,eno1]: config: set interface ap_scan to 0 device (eno1): supplicant interface state: ready -> associated device (eno1): Activation: (ethernet) association took too long. device (eno1): state change: config -> failed (reason 'no-secrets') [50 120 7] manager: NetworkManager state is now CONNECTED_LOCAL device (eno1): Activation: failed for connection 'eno1' device (eno1): state change: failed -> disconnected (reason 'none') [120 30 0] policy: auto-activating connection 'eno1.nonised' device (eno1): Activation: starting connection 'eno1.nonised' (64c1050b-fd57-f70d-22ef-039b23d1c969) device (eno1): state change: disconnected -> prepare (reason 'none') [30 40 0] manager: NetworkManager state is now CONNECTING device (eno1): state change: prepare -> config (reason 'none') [40 50 0] firewall: [0x7fd01da8eed0,remove:"eno1"]: complete: request failed (UNKNOWN_INTERFACE: 'eno1' is not in any zone)