From owner-freebsd-questions@freebsd.org Wed May 16 15:17:00 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED1B9EE805A for ; Wed, 16 May 2018 15:16:59 +0000 (UTC) (envelope-from timon@timon.net.nz) Received: from flare.plasmahost.ru (static.155.109.4.46.clients.your-server.de [46.4.109.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 864736D21C for ; Wed, 16 May 2018 15:16:57 +0000 (UTC) (envelope-from timon@timon.net.nz) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=timon.net.nz; s=dkim; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=1AcZzYeMwm8HeNJwgo/eGnS3BIEH3PdMk2YPEeSFTds=; b=Tj1Yehc2EliWdziQgsldqVJh0z srzORMv/h1daF90ENc0JYrBDfTc4s3faVPjX76DmADUNSsu0EkoOl5ggdLzumpUFNy9JLsWFNHv/i cPuQleW/tHL5wtFVxL+0C9+RQ0S5wjLzljXTy7lZzVc/VWeMGDVSs0PUEAMdZPmXOItA=; Received: from [185.6.245.156] (helo=t510.timon.net.nz) by flare.plasmahost.ru with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1 (FreeBSD)) (envelope-from ) id 1fIxab-000NH2-6u for freebsd-questions@freebsd.org; Wed, 16 May 2018 15:39:37 +0100 Subject: Re: 8021x on wired Ethernet To: freebsd-questions@freebsd.org References: From: Aleksander Matveev Message-ID: Date: Wed, 16 May 2018 17:39:50 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 May 2018 15:17:00 -0000 On 15/05/2018 20:00, Bengt Ahlgren wrote: > Is there a standard "rc.conf" way to configure 8021x authentication on > wired ethernet? > > Invoking wpa_supplicant manually with -Dwired -iem0 works. > > (Or should I ask on net@?) I use this configuration with slightly modified /etc/rc.d/wpa_supplicant script: $ grep em0 /etc/rc.conf: ifconfig_em0="WPA DHCP" # cat /etc/wpa_supplicant.conf.em0 ap_scan=0 network={         key_mgmt=IEEE8021X         eap=PEAP         identity="a.matveev"         anonymous_identity="a.matveev"         password="PASSW0RD"         phase1="peaplabel=0"         phase2="auth=MSCHAPV2"         ca_cert="/etc/ssl/our_cert.cer" } $ diff -u /usr/src/etc/rc.d/wpa_supplicant /etc/rc.d/wpa_supplicant --- /usr/src/etc/rc.d/wpa_supplicant    2017-12-03 03:11:58.273579000 +0300 +++ /etc/rc.d/wpa_supplicant    2018-05-16 17:36:48.971154000 +0300 @@ -38,7 +38,11 @@  load_rc_config $name  command=${wpa_supplicant_program} -conf_file=${wpa_supplicant_conf_file} +if [ -f ${wpa_supplicant_conf_file}"."$ifn ] ; then +       conf_file=${wpa_supplicant_conf_file}"."$ifn +else +       conf_file=${wpa_supplicant_conf_file} +fi  pidfile="/var/run/${name}/${ifn}.pid"  command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile"  required_files=$conf_file -- Aleksandr Matveev