Eduroam no netctl

0

Minha organização oferece um script grande para configurar a conexão eduroam e eu não gosto de executar scripts grandes para os quais não sei o que eles fazem e não posso reverter as coisas que eles fazem aqui no Archlinux. Então eu tentei escrever meu próprio perfil netctl olhando o script:

#!/usr/bin/env bash
if [ -z "$BASH" ] ; then
   bash  $0
   exit
fi



my_name=$0


function setup_environment {
  bf=""
  n=""
  ORGANISATION="Šolski center Kranj"
  URL="http://www.sckr.si/tsc/eduroam"
  SUPPORT="[email protected]"
if [ ! -z "$DISPLAY" ] ; then
  if which zenity 1>/dev/null 2>&1 ; then
    ZENITY='which zenity'
  elif which kdialog 1>/dev/null 2>&1 ; then
    KDIALOG='which kdialog'
  else
    if tty > /dev/null 2>&1 ; then
      if  echo $TERM | grep -E -q "xterm|gnome-terminal|lxterminal"  ; then
        bf="[1m";
        n="[0m";
      fi
    else
      find_xterm
      if [ -n "$XT" ] ; then
        $XT -e $my_name
      fi
    fi
  fi
fi
}

function split_line {
echo $1 | awk  -F '\\n' 'END {  for(i=1; i <= NF; i++) print $i }'
}

function find_xterm {
terms="xterm aterm wterm lxterminal rxvt gnome-terminal konsole"
for t in $terms
do
  if which $t > /dev/null 2>&1 ; then
  XT=$t
  break
  fi
done
}


function ask {
     T="eduroam CAT"
#  if ! [ -z "$3" ] ; then
#     T="$T: $3"
#  fi
  if [ ! -z $KDIALOG ] ; then
     if $KDIALOG --yesno "${1}\n${2}?" --title "$T" ; then
       return 0
     else
       return 1
     fi
  fi
  if [ ! -z $ZENITY ] ; then
     text='echo "${1}" | fmt -w60'
     if $ZENITY --no-wrap --question --text="${text}\n${2}?" --title="$T" 2>/dev/null ; then
       return 0
     else
       return 1
     fi
  fi

  yes=Y
  no=N
  yes1='echo $yes | awk '{ print toupper($0) }''
  no1='echo $no | awk '{ print toupper($0) }''

  if [ $3 == "0" ]; then
    def=$yes
  else
    def=$no
  fi

  echo "";
  while true
  do
  split_line "$1"
  read -p "${bf}$2 ${yes}/${no}? [${def}]:$n " answer
  if [ -z "$answer" ] ; then
    answer=${def}
  fi
  answer='echo $answer | awk '{ print toupper($0) }''
  case "$answer" in
    ${yes1})
       return 0
       ;;
    ${no1})
       return 1
       ;;
  esac
  done
}

function alert {
  if [ ! -z $KDIALOG ] ; then
     $KDIALOG --sorry "${1}"
     return
  fi
  if [ ! -z $ZENITY ] ; then
     $ZENITY --warning --text="$1" 2>/dev/null
     return
  fi
  echo "$1"

}

function show_info {
  if [ ! -z $KDIALOG ] ; then
     $KDIALOG --msgbox "${1}"
     return
  fi
  if [ ! -z $ZENITY ] ; then
     $ZENITY --info --width=500 --text="$1" 2>/dev/null
     return
  fi
  split_line "$1"
}

function confirm_exit {
  if [ ! -z $KDIALOG ] ; then
     if $KDIALOG --yesno "Really quit?"  ; then
     exit 1
     fi
  fi
  if [ ! -z $ZENITY ] ; then
     if $ZENITY --question --text="Really quit?" 2>/dev/null ; then
        exit 1
     fi
  fi
}



function prompt_nonempty_string {
  prompt=$2
  if [ ! -z $ZENITY ] ; then
    if [ $1 -eq 0 ] ; then
     H="--hide-text "
    fi
    if ! [ -z "$3" ] ; then
     D="--entry-text=$3"
    fi
  elif [ ! -z $KDIALOG ] ; then
    if [ $1 -eq 0 ] ; then
     H="--password"
    else
     H="--inputbox"
    fi
  fi


  out_s="";
  if [ ! -z $ZENITY ] ; then
    while [ ! "$out_s" ] ; do
      out_s='$ZENITY --entry --width=300 $H $D --text "$prompt" 2>/dev/null'
      if [ $? -ne 0 ] ; then
        confirm_exit
      fi
    done
  elif [ ! -z $KDIALOG ] ; then
    while [ ! "$out_s" ] ; do
      out_s='$KDIALOG $H "$prompt" "$3"'
      if [ $? -ne 0 ] ; then
        confirm_exit
      fi
    done  
  else
    while [ ! "$out_s" ] ; do
      read -p "${prompt}: " out_s
    done
  fi
  echo "$out_s";
}

function user_cred {
  PASSWORD="a"
  PASSWORD1="b"

  if ! USER_NAME='prompt_nonempty_string 1 "enter your userid"' ; then
    exit 1
  fi

  while [ "$PASSWORD" != "$PASSWORD1" ]
  do
    if ! PASSWORD='prompt_nonempty_string 0 "enter your password"' ; then
      exit 1
    fi
    if ! PASSWORD1='prompt_nonempty_string 0 "repeat your password"' ; then
      exit 1
    fi
    if [ "$PASSWORD" != "$PASSWORD1" ] ; then
      alert "passwords do not match"
    fi
  done
}
setup_environment
show_info "This installer has been prepared for ${ORGANISATION}\n\nMore information and comments:\n\nEMAIL: ${SUPPORT}\nWWW: ${URL}\n\nInstaller created with software from the GEANT project."
if ! ask "This installer will only work properly if you are a member of ${bf}Šolski center Kranj${n} and the user group: ${bf}ŠC Kranj - zaposleni in predavatelji.${n}" "Continue" 1 ; then exit; fi
if [ -d $HOME/.cat_installer ] ; then
   if ! ask "Directory $HOME/.cat_installer exists; some of its files may be overwritten." "Continue" 1 ; then exit; fi
else
  mkdir $HOME/.cat_installer
fi
# save certificates
echo "-----BEGIN CERTIFICATE-----
MIIGWDCCBECgAwIBAgIGEkzELa0WMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYT
AlNJMQ4wDAYDVQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5l
cyBDQSB6YSBzdHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBv
ZHBvcmFAYXJuZXMuc2kwHhcNMTIwOTE4MTIyOTAzWhcNMjIwOTE4MTIyOTAzWjB4
MQswCQYDVQQGEwJTSTEOMAwGA1UEChMFQVJORVMxDDAKBgNVBAsTA0FBSTEmMCQG
A1UEAxMdQXJuZXMgQ0EgemEgc3RyZXpuaWtlIEVkdXJvYW0xIzAhBgkqhkiG9w0B
CQEWFGFhYS1wb2Rwb3JhQGFybmVzLnNpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAySn6em7XHgbTpfofzPEQDwt/2jjYeSRpXhh7INAavqu8ulYjH/6m
E2q6YKOUDOwXEES3d02ITVYJaK0bzuJIagbldA1HrrfouZvyIs3ygjRS1pkCeSrJ
gObwnzpkFT8/+Vood5+VXXo7ppjQ96cougYCo0l4klabDQpS+WHCFwZuHiEz/JKP
h878xlTFa+Nbu5f7LSCuXmo1BdZfsk5dhAaKGiCze3aWfGz/cnJXfUvNi98e0rSv
/c52Bn7PuGrEBFQocQf+vTdEfp4ZTOwMzECVKNHvowP6UTYN20xFcnKzKF8l+rBN
IU1nzSPN0ZF5XQwXZnh3DdBXd3F4COhlK5p++7aktVMk9F899kYacycTXcSe6WEb
p5oneY3ePKLFMCR67euP270dRyBOb1Q1r2QCsdH4eVJQiMFA56yTgXOH+Xt3iXdo
GxlREvdWA6IajV9vDycpM2cLPpQh0y7Xpw5qP/MEN6n78LehFq7qpoDHAyv+eNRS
FqMIK3l/y1COupGbYfjPJxJafG1toPLVttscvLAkAfv7ax5x2MMweniQeL6tXfVg
74/ytp+sMWm+CoPWIkySawSH3zHTAvImRnobNrHqEDX8lGNg1KpyblGMSCZtsIsu
d5rwIYHUxIEw9YOfJfcEIj7L12rWpGhpCbuOc3UccamUORE1fdf1OFcCAwEAAaOB
5zCB5DAdBgNVHQ4EFgQUaB7UejoXmpbxfBSP6ka2bin5jZkwgacGA1UdIwSBnzCB
nIAUaB7UejoXmpbxfBSP6ka2bin5jZmhfKR6MHgxCzAJBgNVBAYTAlNJMQ4wDAYD
VQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5lcyBDQSB6YSBz
dHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBvZHBvcmFAYXJu
ZXMuc2mCBhJMxC2tFjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQUFAAOCAgEAhQqT93eHL2TC2SJVDtC/tndijonwOklVVckR4gQQ0QoCYLD3
W9ZVKHiEyTUZ1MKJ6YSwliV6JzyvgXTd8DUr+YhQD89K6Pap+OEObNFh2V9OBpm3
aAgpumUXH2WIJiIBo0z1dLrDqKkVZFx6BVb4sg5v0JM1KrdKmit1CZfxKBWaMD8k
aML4p1S7QsKRgQIMIuSSWwtTQh5cUTW9zGUe4REHl3F3KeejISX7kXp//nIfsk2x
N1oym1VCwHBvdr0dPYFNXjeOwUYnkhYRS8t2ho/E1Gsv3l8AcVMIyuskEaioP2B/
pg05hcZcUOo8ZnrWA6K48/c5gxY3W9di4x3GlAHj7aM5N/qV0pJqdmoSN/rsgfhG
tsavqA9KTVBhtwZ4GyUb90zoGjk8B5VC6ha9M1Xnr+QIF1U3K84yxe2VIJoIsxiy
VoPS5wtz/of2U2GCRH7eFvKCLC0SVfX5pc5AN+JKbSy/fMRZrwTAjajl6IR28s4q
S3uDt+nZZ/LOlOl1CW23DyQhjDOFLavh1A1DvJcTNV0338QDq9OTtO7YcWgDlFJj
wHinpL+2N9Y9MkD7YUVxPHIwl0NThgWDi12lJgoXFTi+Tng9FnfpDl6Tve5lwrIK
/o0tqdgiLYDuZ31m81NqfT9bkwW5zbSYULa/btPUCaZ9iPnqujVoX07Fsxc=
-----END CERTIFICATE-----

" > $HOME/.cat_installer/ca.pem
function run_python_script {
PASSWORD=$( echo "$PASSWORD" | sed "s/'/\\'/g" )
if python << EEE1 > /dev/null 2>&1
import dbus
EEE1
then
    PYTHON=python
elif python3 << EEE2 > /dev/null 2>&1
import dbus
EEE2
then
    PYTHON=python3
else
    PYTHON=none
    return 1
fi

$PYTHON << EOF > /dev/null 2>&1
#-*- coding: utf-8 -*-
import dbus
import re
import sys
import uuid
import os

class EduroamNMConfigTool:

    def connect_to_NM(self):
        #connect to DBus
        try:
            self.bus = dbus.SystemBus()
        except dbus.exceptions.DBusException:
            print("Can't connect to DBus")
            sys.exit(2)
        #main service name
        self.system_service_name = "org.freedesktop.NetworkManager"
        #check NM version
        self.check_nm_version()
        if self.nm_version == "0.9" or self.nm_version == "1.0":
            self.settings_service_name = self.system_service_name
            self.connection_interface_name = "org.freedesktop.NetworkManager.Settings.Connection"
            #settings proxy
            sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManager/Settings")
            #settings intrface
            self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManager.Settings")
        elif self.nm_version == "0.8":
            #self.settings_service_name = "org.freedesktop.NetworkManagerUserSettings"
            self.settings_service_name = "org.freedesktop.NetworkManager"
            self.connection_interface_name = "org.freedesktop.NetworkManagerSettings.Connection"
            #settings proxy
            sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManagerSettings")
            #settings intrface
            self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManagerSettings")
        else:
            print("This Network Manager version is not supported")
            sys.exit(2)

    def check_opts(self):
        self.cacert_file = '${HOME}/.cat_installer/ca.pem'
        self.pfx_file = '${HOME}/.cat_installer/user.p12'
        if not os.path.isfile(self.cacert_file):
            print("Certificate file not found, looks like a CAT error")
            sys.exit(2)

    def check_nm_version(self):
        try:
            proxy = self.bus.get_object(self.system_service_name, "/org/freedesktop/NetworkManager")
            props = dbus.Interface(proxy, "org.freedesktop.DBus.Properties")
            version = props.Get("org.freedesktop.NetworkManager", "Version")
        except dbus.exceptions.DBusException:
            version = "0.8"
        if re.match(r'^1\.', version):
            self.nm_version = "1.0"
            return
        if re.match(r'^0\.9', version):
            self.nm_version = "0.9"
            return
        if re.match(r'^0\.8', version):
            self.nm_version = "0.8"
            return
        else:
            self.nm_version = "Unknown version"
            return

    def byte_to_string(self, barray):
        return "".join([chr(x) for x in barray])


    def delete_existing_connections(self, ssid):
        "checks and deletes earlier connections"
        try:
            conns = self.settings.ListConnections()
        except dbus.exceptions.DBusException:
            print("DBus connection problem, a sudo might help")
            exit(3)
        for each in conns:
            con_proxy = self.bus.get_object(self.system_service_name, each)
            connection = dbus.Interface(con_proxy, "org.freedesktop.NetworkManager.Settings.Connection")
            try:
               connection_settings = connection.GetSettings()
               if connection_settings['connection']['type'] == '802-11-wireless':
                   conn_ssid = self.byte_to_string(connection_settings['802-11-wireless']['ssid'])
                   if conn_ssid == ssid:
                       connection.Delete()
            except dbus.exceptions.DBusException:
               pass

    def add_connection(self,ssid):
        server_alt_subject_name_list = dbus.Array({'DNS:orle.arnes.si'})
        server_name = 'orle.arnes.si'
        if self.nm_version == "0.9" or self.nm_version == "1.0":
             match_key = 'altsubject-matches'
             match_value = server_alt_subject_name_list
        else:
             match_key = 'subject-match'
             match_value = server_name

        s_con = dbus.Dictionary({
            'type': '802-11-wireless',
            'uuid': str(uuid.uuid4()),
            'permissions': ['user:$USER'],
            'id': ssid 
        })
        s_wifi = dbus.Dictionary({
            'ssid': dbus.ByteArray(ssid.encode('utf8')),
            'security': '802-11-wireless-security'
        })
        s_wsec = dbus.Dictionary({
            'key-mgmt': 'wpa-eap',
            'proto': ['rsn',],
            'pairwise': ['ccmp',],
            'group': ['ccmp', 'tkip']
        })
        s_8021x = dbus.Dictionary({
            'eap': ['ttls'],
            'identity': '$USER_NAME',
            'ca-cert': dbus.ByteArray("file://{0}
-----BEGIN CERTIFICATE-----
MIIGWDCCBECgAwIBAgIGEkzELa0WMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYT
AlNJMQ4wDAYDVQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5l
cyBDQSB6YSBzdHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBv
ZHBvcmFAYXJuZXMuc2kwHhcNMTIwOTE4MTIyOTAzWhcNMjIwOTE4MTIyOTAzWjB4
MQswCQYDVQQGEwJTSTEOMAwGA1UEChMFQVJORVMxDDAKBgNVBAsTA0FBSTEmMCQG
A1UEAxMdQXJuZXMgQ0EgemEgc3RyZXpuaWtlIEVkdXJvYW0xIzAhBgkqhkiG9w0B
CQEWFGFhYS1wb2Rwb3JhQGFybmVzLnNpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAySn6em7XHgbTpfofzPEQDwt/2jjYeSRpXhh7INAavqu8ulYjH/6m
E2q6YKOUDOwXEES3d02ITVYJaK0bzuJIagbldA1HrrfouZvyIs3ygjRS1pkCeSrJ
gObwnzpkFT8/+Vood5+VXXo7ppjQ96cougYCo0l4klabDQpS+WHCFwZuHiEz/JKP
h878xlTFa+Nbu5f7LSCuXmo1BdZfsk5dhAaKGiCze3aWfGz/cnJXfUvNi98e0rSv
/c52Bn7PuGrEBFQocQf+vTdEfp4ZTOwMzECVKNHvowP6UTYN20xFcnKzKF8l+rBN
IU1nzSPN0ZF5XQwXZnh3DdBXd3F4COhlK5p++7aktVMk9F899kYacycTXcSe6WEb
p5oneY3ePKLFMCR67euP270dRyBOb1Q1r2QCsdH4eVJQiMFA56yTgXOH+Xt3iXdo
GxlREvdWA6IajV9vDycpM2cLPpQh0y7Xpw5qP/MEN6n78LehFq7qpoDHAyv+eNRS
FqMIK3l/y1COupGbYfjPJxJafG1toPLVttscvLAkAfv7ax5x2MMweniQeL6tXfVg
74/ytp+sMWm+CoPWIkySawSH3zHTAvImRnobNrHqEDX8lGNg1KpyblGMSCZtsIsu
d5rwIYHUxIEw9YOfJfcEIj7L12rWpGhpCbuOc3UccamUORE1fdf1OFcCAwEAAaOB
5zCB5DAdBgNVHQ4EFgQUaB7UejoXmpbxfBSP6ka2bin5jZkwgacGA1UdIwSBnzCB
nIAUaB7UejoXmpbxfBSP6ka2bin5jZmhfKR6MHgxCzAJBgNVBAYTAlNJMQ4wDAYD
VQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5lcyBDQSB6YSBz
dHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBvZHBvcmFAYXJu
ZXMuc2mCBhJMxC2tFjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQUFAAOCAgEAhQqT93eHL2TC2SJVDtC/tndijonwOklVVckR4gQQ0QoCYLD3
W9ZVKHiEyTUZ1MKJ6YSwliV6JzyvgXTd8DUr+YhQD89K6Pap+OEObNFh2V9OBpm3
aAgpumUXH2WIJiIBo0z1dLrDqKkVZFx6BVb4sg5v0JM1KrdKmit1CZfxKBWaMD8k
aML4p1S7QsKRgQIMIuSSWwtTQh5cUTW9zGUe4REHl3F3KeejISX7kXp//nIfsk2x
N1oym1VCwHBvdr0dPYFNXjeOwUYnkhYRS8t2ho/E1Gsv3l8AcVMIyuskEaioP2B/
pg05hcZcUOo8ZnrWA6K48/c5gxY3W9di4x3GlAHj7aM5N/qV0pJqdmoSN/rsgfhG
tsavqA9KTVBhtwZ4GyUb90zoGjk8B5VC6ha9M1Xnr+QIF1U3K84yxe2VIJoIsxiy
VoPS5wtz/of2U2GCRH7eFvKCLC0SVfX5pc5AN+JKbSy/fMRZrwTAjajl6IR28s4q
S3uDt+nZZ/LOlOl1CW23DyQhjDOFLavh1A1DvJcTNV0338QDq9OTtO7YcWgDlFJj
wHinpL+2N9Y9MkD7YUVxPHIwl0NThgWDi12lJgoXFTi+Tng9FnfpDl6Tve5lwrIK
/o0tqdgiLYDuZ31m81NqfT9bkwW5zbSYULa/btPUCaZ9iPnqujVoX07Fsxc=
-----END CERTIFICATE-----
".format(self.cacert_file).encode('utf8')), match_key: match_value, 'password': '$PASSWORD', 'phase2-auth': 'pap', 'anonymous-identity': '[email protected]', }) s_ip4 = dbus.Dictionary({'method': 'auto'}) s_ip6 = dbus.Dictionary({'method': 'auto'}) con = dbus.Dictionary({ 'connection': s_con, '802-11-wireless': s_wifi, '802-11-wireless-security': s_wsec, '802-1x': s_8021x, 'ipv4': s_ip4, 'ipv6': s_ip6 }) self.settings.AddConnection(con) def main(self): self.check_opts() ver = self.connect_to_NM() self.delete_existing_connections('eduroam') self.add_connection('eduroam') if __name__ == "__main__": ENMCT = EduroamNMConfigTool() ENMCT.main() EOF } function create_wpa_conf { cat << EOFW >> $HOME/.cat_installer/cat_installer.conf network={ ssid="eduroam" key_mgmt=WPA-EAP pairwise=CCMP group=CCMP TKIP eap=TTLS ca_cert="${HOME}/.cat_installer/ca.pem" identity="${USER_NAME}" domain_suffix_match="orle.arnes.si" phase2="auth=PAP" password="${PASSWORD}" anonymous_identity="[email protected]" } EOFW chmod 600 $HOME/.cat_installer/cat_installer.conf } #prompt user for credentials user_cred if run_python_script ; then show_info "Installation successful" else show_info "Network Manager configuration failed, generating wpa_supplicant.conf" if ! ask "Network Manager configuration failed, but we may generate a wpa_supplicant configuration file if you wish. Be warned that your connection password will be saved in this file as clear text." "Write the file" 1 ; then exit ; fi if [ -f $HOME/.cat_installer/cat_installer.conf ] ; then if ! ask "File $HOME/.cat_installer/cat_installer.conf exists; it will be overwritten." "Continue" 1 ; then confirm_exit; fi rm $HOME/.cat_installer/cat_installer.conf fi create_wpa_conf show_info "Output written to $HOME/.cat_installer/cat_installer.conf" fi

A primeira coisa que fiz foi extrair o certificado e salvá-lo em um arquivo separado /home/ziga/Dropbox/workspace/operacijski/archlinux/eduroam/eduroam.pem - e é assim:

Connection='wireless'
Interface=wlp3s0
Security='wpa-configsection'
Description="eduroam network"
IP='dhcp'
TimeoutWPA=30
WPAConfigSection=(
    'ssid="eduroam"'
    'pairwise=CCMP'
    'group=CCMP TKIP'
    'key_mgmt=WPA-EAP'
    'eap=TTLS'
    'identity="[email protected]"'
    'domain_suffix_match="orle.arnes.si"'
    'phase2="auth=PAP"'
    'ca_cert="/home/ziga/Dropbox/workspace/operacijski/archlinux/eduroam/eduroam.pem"'
    'password="my_password"'
    'anonymous_identity="[email protected]"'
)

Então dentro de um script eu encontrei a seção de configuração e tentei combiná-lo no meu perfil netctl chamado eduroam_w assim:

● netctl@eduroam_w.service - Networking for netctl profile eduroam_w                                                                
   Loaded: loaded (/usr/lib/systemd/system/[email protected]; static; vendor preset: disabled)                                        
   Active: failed (Result: exit-code) since Mon 2016-10-03 07:29:34 CEST; 26min ago                                                 
     Docs: man:netctl.profile(5)                                                                                                    
  Process: 13456 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
 Main PID: 13456 (code=exited, status=1/FAILURE)

Oct 03 07:29:02 ziga-laptop systemd[1]: Starting Networking for netctl profile eduroam_w...
Oct 03 07:29:02 ziga-laptop network[13456]: Starting network profile 'eduroam_w'...
Oct 03 07:29:34 ziga-laptop network[13456]: WPA association/authentication failed for interface 'wlp3s0'
Oct 03 07:29:34 ziga-laptop network[13456]: Failed to bring the network up for profile 'eduroam_w'
Oct 03 07:29:34 ziga-laptop systemd[1]: netctl@eduroam_w.service: Main process exited, code=exited, status=1/FAILURE
Oct 03 07:29:34 ziga-laptop systemd[1]: Failed to start Networking for netctl profile eduroam_w.
Oct 03 07:29:34 ziga-laptop systemd[1]: netctl@eduroam_w.service: Unit entered failed state.
Oct 03 07:29:34 ziga-laptop systemd[1]: netctl@eduroam_w.service: Failed with result 'exit-code'.

Mas depois de iniciar o perfil com sudo netctl start eduroam_w , ele falha e eu recebo isso do systemd:

#!/usr/bin/env bash
if [ -z "$BASH" ] ; then
   bash  $0
   exit
fi



my_name=$0


function setup_environment {
  bf=""
  n=""
  ORGANISATION="Šolski center Kranj"
  URL="http://www.sckr.si/tsc/eduroam"
  SUPPORT="[email protected]"
if [ ! -z "$DISPLAY" ] ; then
  if which zenity 1>/dev/null 2>&1 ; then
    ZENITY='which zenity'
  elif which kdialog 1>/dev/null 2>&1 ; then
    KDIALOG='which kdialog'
  else
    if tty > /dev/null 2>&1 ; then
      if  echo $TERM | grep -E -q "xterm|gnome-terminal|lxterminal"  ; then
        bf="[1m";
        n="[0m";
      fi
    else
      find_xterm
      if [ -n "$XT" ] ; then
        $XT -e $my_name
      fi
    fi
  fi
fi
}

function split_line {
echo $1 | awk  -F '\\n' 'END {  for(i=1; i <= NF; i++) print $i }'
}

function find_xterm {
terms="xterm aterm wterm lxterminal rxvt gnome-terminal konsole"
for t in $terms
do
  if which $t > /dev/null 2>&1 ; then
  XT=$t
  break
  fi
done
}


function ask {
     T="eduroam CAT"
#  if ! [ -z "$3" ] ; then
#     T="$T: $3"
#  fi
  if [ ! -z $KDIALOG ] ; then
     if $KDIALOG --yesno "${1}\n${2}?" --title "$T" ; then
       return 0
     else
       return 1
     fi
  fi
  if [ ! -z $ZENITY ] ; then
     text='echo "${1}" | fmt -w60'
     if $ZENITY --no-wrap --question --text="${text}\n${2}?" --title="$T" 2>/dev/null ; then
       return 0
     else
       return 1
     fi
  fi

  yes=Y
  no=N
  yes1='echo $yes | awk '{ print toupper($0) }''
  no1='echo $no | awk '{ print toupper($0) }''

  if [ $3 == "0" ]; then
    def=$yes
  else
    def=$no
  fi

  echo "";
  while true
  do
  split_line "$1"
  read -p "${bf}$2 ${yes}/${no}? [${def}]:$n " answer
  if [ -z "$answer" ] ; then
    answer=${def}
  fi
  answer='echo $answer | awk '{ print toupper($0) }''
  case "$answer" in
    ${yes1})
       return 0
       ;;
    ${no1})
       return 1
       ;;
  esac
  done
}

function alert {
  if [ ! -z $KDIALOG ] ; then
     $KDIALOG --sorry "${1}"
     return
  fi
  if [ ! -z $ZENITY ] ; then
     $ZENITY --warning --text="$1" 2>/dev/null
     return
  fi
  echo "$1"

}

function show_info {
  if [ ! -z $KDIALOG ] ; then
     $KDIALOG --msgbox "${1}"
     return
  fi
  if [ ! -z $ZENITY ] ; then
     $ZENITY --info --width=500 --text="$1" 2>/dev/null
     return
  fi
  split_line "$1"
}

function confirm_exit {
  if [ ! -z $KDIALOG ] ; then
     if $KDIALOG --yesno "Really quit?"  ; then
     exit 1
     fi
  fi
  if [ ! -z $ZENITY ] ; then
     if $ZENITY --question --text="Really quit?" 2>/dev/null ; then
        exit 1
     fi
  fi
}



function prompt_nonempty_string {
  prompt=$2
  if [ ! -z $ZENITY ] ; then
    if [ $1 -eq 0 ] ; then
     H="--hide-text "
    fi
    if ! [ -z "$3" ] ; then
     D="--entry-text=$3"
    fi
  elif [ ! -z $KDIALOG ] ; then
    if [ $1 -eq 0 ] ; then
     H="--password"
    else
     H="--inputbox"
    fi
  fi


  out_s="";
  if [ ! -z $ZENITY ] ; then
    while [ ! "$out_s" ] ; do
      out_s='$ZENITY --entry --width=300 $H $D --text "$prompt" 2>/dev/null'
      if [ $? -ne 0 ] ; then
        confirm_exit
      fi
    done
  elif [ ! -z $KDIALOG ] ; then
    while [ ! "$out_s" ] ; do
      out_s='$KDIALOG $H "$prompt" "$3"'
      if [ $? -ne 0 ] ; then
        confirm_exit
      fi
    done  
  else
    while [ ! "$out_s" ] ; do
      read -p "${prompt}: " out_s
    done
  fi
  echo "$out_s";
}

function user_cred {
  PASSWORD="a"
  PASSWORD1="b"

  if ! USER_NAME='prompt_nonempty_string 1 "enter your userid"' ; then
    exit 1
  fi

  while [ "$PASSWORD" != "$PASSWORD1" ]
  do
    if ! PASSWORD='prompt_nonempty_string 0 "enter your password"' ; then
      exit 1
    fi
    if ! PASSWORD1='prompt_nonempty_string 0 "repeat your password"' ; then
      exit 1
    fi
    if [ "$PASSWORD" != "$PASSWORD1" ] ; then
      alert "passwords do not match"
    fi
  done
}
setup_environment
show_info "This installer has been prepared for ${ORGANISATION}\n\nMore information and comments:\n\nEMAIL: ${SUPPORT}\nWWW: ${URL}\n\nInstaller created with software from the GEANT project."
if ! ask "This installer will only work properly if you are a member of ${bf}Šolski center Kranj${n} and the user group: ${bf}ŠC Kranj - zaposleni in predavatelji.${n}" "Continue" 1 ; then exit; fi
if [ -d $HOME/.cat_installer ] ; then
   if ! ask "Directory $HOME/.cat_installer exists; some of its files may be overwritten." "Continue" 1 ; then exit; fi
else
  mkdir $HOME/.cat_installer
fi
# save certificates
echo "-----BEGIN CERTIFICATE-----
MIIGWDCCBECgAwIBAgIGEkzELa0WMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYT
AlNJMQ4wDAYDVQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5l
cyBDQSB6YSBzdHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBv
ZHBvcmFAYXJuZXMuc2kwHhcNMTIwOTE4MTIyOTAzWhcNMjIwOTE4MTIyOTAzWjB4
MQswCQYDVQQGEwJTSTEOMAwGA1UEChMFQVJORVMxDDAKBgNVBAsTA0FBSTEmMCQG
A1UEAxMdQXJuZXMgQ0EgemEgc3RyZXpuaWtlIEVkdXJvYW0xIzAhBgkqhkiG9w0B
CQEWFGFhYS1wb2Rwb3JhQGFybmVzLnNpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAySn6em7XHgbTpfofzPEQDwt/2jjYeSRpXhh7INAavqu8ulYjH/6m
E2q6YKOUDOwXEES3d02ITVYJaK0bzuJIagbldA1HrrfouZvyIs3ygjRS1pkCeSrJ
gObwnzpkFT8/+Vood5+VXXo7ppjQ96cougYCo0l4klabDQpS+WHCFwZuHiEz/JKP
h878xlTFa+Nbu5f7LSCuXmo1BdZfsk5dhAaKGiCze3aWfGz/cnJXfUvNi98e0rSv
/c52Bn7PuGrEBFQocQf+vTdEfp4ZTOwMzECVKNHvowP6UTYN20xFcnKzKF8l+rBN
IU1nzSPN0ZF5XQwXZnh3DdBXd3F4COhlK5p++7aktVMk9F899kYacycTXcSe6WEb
p5oneY3ePKLFMCR67euP270dRyBOb1Q1r2QCsdH4eVJQiMFA56yTgXOH+Xt3iXdo
GxlREvdWA6IajV9vDycpM2cLPpQh0y7Xpw5qP/MEN6n78LehFq7qpoDHAyv+eNRS
FqMIK3l/y1COupGbYfjPJxJafG1toPLVttscvLAkAfv7ax5x2MMweniQeL6tXfVg
74/ytp+sMWm+CoPWIkySawSH3zHTAvImRnobNrHqEDX8lGNg1KpyblGMSCZtsIsu
d5rwIYHUxIEw9YOfJfcEIj7L12rWpGhpCbuOc3UccamUORE1fdf1OFcCAwEAAaOB
5zCB5DAdBgNVHQ4EFgQUaB7UejoXmpbxfBSP6ka2bin5jZkwgacGA1UdIwSBnzCB
nIAUaB7UejoXmpbxfBSP6ka2bin5jZmhfKR6MHgxCzAJBgNVBAYTAlNJMQ4wDAYD
VQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5lcyBDQSB6YSBz
dHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBvZHBvcmFAYXJu
ZXMuc2mCBhJMxC2tFjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQUFAAOCAgEAhQqT93eHL2TC2SJVDtC/tndijonwOklVVckR4gQQ0QoCYLD3
W9ZVKHiEyTUZ1MKJ6YSwliV6JzyvgXTd8DUr+YhQD89K6Pap+OEObNFh2V9OBpm3
aAgpumUXH2WIJiIBo0z1dLrDqKkVZFx6BVb4sg5v0JM1KrdKmit1CZfxKBWaMD8k
aML4p1S7QsKRgQIMIuSSWwtTQh5cUTW9zGUe4REHl3F3KeejISX7kXp//nIfsk2x
N1oym1VCwHBvdr0dPYFNXjeOwUYnkhYRS8t2ho/E1Gsv3l8AcVMIyuskEaioP2B/
pg05hcZcUOo8ZnrWA6K48/c5gxY3W9di4x3GlAHj7aM5N/qV0pJqdmoSN/rsgfhG
tsavqA9KTVBhtwZ4GyUb90zoGjk8B5VC6ha9M1Xnr+QIF1U3K84yxe2VIJoIsxiy
VoPS5wtz/of2U2GCRH7eFvKCLC0SVfX5pc5AN+JKbSy/fMRZrwTAjajl6IR28s4q
S3uDt+nZZ/LOlOl1CW23DyQhjDOFLavh1A1DvJcTNV0338QDq9OTtO7YcWgDlFJj
wHinpL+2N9Y9MkD7YUVxPHIwl0NThgWDi12lJgoXFTi+Tng9FnfpDl6Tve5lwrIK
/o0tqdgiLYDuZ31m81NqfT9bkwW5zbSYULa/btPUCaZ9iPnqujVoX07Fsxc=
-----END CERTIFICATE-----

" > $HOME/.cat_installer/ca.pem
function run_python_script {
PASSWORD=$( echo "$PASSWORD" | sed "s/'/\\'/g" )
if python << EEE1 > /dev/null 2>&1
import dbus
EEE1
then
    PYTHON=python
elif python3 << EEE2 > /dev/null 2>&1
import dbus
EEE2
then
    PYTHON=python3
else
    PYTHON=none
    return 1
fi

$PYTHON << EOF > /dev/null 2>&1
#-*- coding: utf-8 -*-
import dbus
import re
import sys
import uuid
import os

class EduroamNMConfigTool:

    def connect_to_NM(self):
        #connect to DBus
        try:
            self.bus = dbus.SystemBus()
        except dbus.exceptions.DBusException:
            print("Can't connect to DBus")
            sys.exit(2)
        #main service name
        self.system_service_name = "org.freedesktop.NetworkManager"
        #check NM version
        self.check_nm_version()
        if self.nm_version == "0.9" or self.nm_version == "1.0":
            self.settings_service_name = self.system_service_name
            self.connection_interface_name = "org.freedesktop.NetworkManager.Settings.Connection"
            #settings proxy
            sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManager/Settings")
            #settings intrface
            self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManager.Settings")
        elif self.nm_version == "0.8":
            #self.settings_service_name = "org.freedesktop.NetworkManagerUserSettings"
            self.settings_service_name = "org.freedesktop.NetworkManager"
            self.connection_interface_name = "org.freedesktop.NetworkManagerSettings.Connection"
            #settings proxy
            sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManagerSettings")
            #settings intrface
            self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManagerSettings")
        else:
            print("This Network Manager version is not supported")
            sys.exit(2)

    def check_opts(self):
        self.cacert_file = '${HOME}/.cat_installer/ca.pem'
        self.pfx_file = '${HOME}/.cat_installer/user.p12'
        if not os.path.isfile(self.cacert_file):
            print("Certificate file not found, looks like a CAT error")
            sys.exit(2)

    def check_nm_version(self):
        try:
            proxy = self.bus.get_object(self.system_service_name, "/org/freedesktop/NetworkManager")
            props = dbus.Interface(proxy, "org.freedesktop.DBus.Properties")
            version = props.Get("org.freedesktop.NetworkManager", "Version")
        except dbus.exceptions.DBusException:
            version = "0.8"
        if re.match(r'^1\.', version):
            self.nm_version = "1.0"
            return
        if re.match(r'^0\.9', version):
            self.nm_version = "0.9"
            return
        if re.match(r'^0\.8', version):
            self.nm_version = "0.8"
            return
        else:
            self.nm_version = "Unknown version"
            return

    def byte_to_string(self, barray):
        return "".join([chr(x) for x in barray])


    def delete_existing_connections(self, ssid):
        "checks and deletes earlier connections"
        try:
            conns = self.settings.ListConnections()
        except dbus.exceptions.DBusException:
            print("DBus connection problem, a sudo might help")
            exit(3)
        for each in conns:
            con_proxy = self.bus.get_object(self.system_service_name, each)
            connection = dbus.Interface(con_proxy, "org.freedesktop.NetworkManager.Settings.Connection")
            try:
               connection_settings = connection.GetSettings()
               if connection_settings['connection']['type'] == '802-11-wireless':
                   conn_ssid = self.byte_to_string(connection_settings['802-11-wireless']['ssid'])
                   if conn_ssid == ssid:
                       connection.Delete()
            except dbus.exceptions.DBusException:
               pass

    def add_connection(self,ssid):
        server_alt_subject_name_list = dbus.Array({'DNS:orle.arnes.si'})
        server_name = 'orle.arnes.si'
        if self.nm_version == "0.9" or self.nm_version == "1.0":
             match_key = 'altsubject-matches'
             match_value = server_alt_subject_name_list
        else:
             match_key = 'subject-match'
             match_value = server_name

        s_con = dbus.Dictionary({
            'type': '802-11-wireless',
            'uuid': str(uuid.uuid4()),
            'permissions': ['user:$USER'],
            'id': ssid 
        })
        s_wifi = dbus.Dictionary({
            'ssid': dbus.ByteArray(ssid.encode('utf8')),
            'security': '802-11-wireless-security'
        })
        s_wsec = dbus.Dictionary({
            'key-mgmt': 'wpa-eap',
            'proto': ['rsn',],
            'pairwise': ['ccmp',],
            'group': ['ccmp', 'tkip']
        })
        s_8021x = dbus.Dictionary({
            'eap': ['ttls'],
            'identity': '$USER_NAME',
            'ca-cert': dbus.ByteArray("file://{0}
-----BEGIN CERTIFICATE-----
MIIGWDCCBECgAwIBAgIGEkzELa0WMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYT
AlNJMQ4wDAYDVQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5l
cyBDQSB6YSBzdHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBv
ZHBvcmFAYXJuZXMuc2kwHhcNMTIwOTE4MTIyOTAzWhcNMjIwOTE4MTIyOTAzWjB4
MQswCQYDVQQGEwJTSTEOMAwGA1UEChMFQVJORVMxDDAKBgNVBAsTA0FBSTEmMCQG
A1UEAxMdQXJuZXMgQ0EgemEgc3RyZXpuaWtlIEVkdXJvYW0xIzAhBgkqhkiG9w0B
CQEWFGFhYS1wb2Rwb3JhQGFybmVzLnNpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAySn6em7XHgbTpfofzPEQDwt/2jjYeSRpXhh7INAavqu8ulYjH/6m
E2q6YKOUDOwXEES3d02ITVYJaK0bzuJIagbldA1HrrfouZvyIs3ygjRS1pkCeSrJ
gObwnzpkFT8/+Vood5+VXXo7ppjQ96cougYCo0l4klabDQpS+WHCFwZuHiEz/JKP
h878xlTFa+Nbu5f7LSCuXmo1BdZfsk5dhAaKGiCze3aWfGz/cnJXfUvNi98e0rSv
/c52Bn7PuGrEBFQocQf+vTdEfp4ZTOwMzECVKNHvowP6UTYN20xFcnKzKF8l+rBN
IU1nzSPN0ZF5XQwXZnh3DdBXd3F4COhlK5p++7aktVMk9F899kYacycTXcSe6WEb
p5oneY3ePKLFMCR67euP270dRyBOb1Q1r2QCsdH4eVJQiMFA56yTgXOH+Xt3iXdo
GxlREvdWA6IajV9vDycpM2cLPpQh0y7Xpw5qP/MEN6n78LehFq7qpoDHAyv+eNRS
FqMIK3l/y1COupGbYfjPJxJafG1toPLVttscvLAkAfv7ax5x2MMweniQeL6tXfVg
74/ytp+sMWm+CoPWIkySawSH3zHTAvImRnobNrHqEDX8lGNg1KpyblGMSCZtsIsu
d5rwIYHUxIEw9YOfJfcEIj7L12rWpGhpCbuOc3UccamUORE1fdf1OFcCAwEAAaOB
5zCB5DAdBgNVHQ4EFgQUaB7UejoXmpbxfBSP6ka2bin5jZkwgacGA1UdIwSBnzCB
nIAUaB7UejoXmpbxfBSP6ka2bin5jZmhfKR6MHgxCzAJBgNVBAYTAlNJMQ4wDAYD
VQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5lcyBDQSB6YSBz
dHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBvZHBvcmFAYXJu
ZXMuc2mCBhJMxC2tFjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQUFAAOCAgEAhQqT93eHL2TC2SJVDtC/tndijonwOklVVckR4gQQ0QoCYLD3
W9ZVKHiEyTUZ1MKJ6YSwliV6JzyvgXTd8DUr+YhQD89K6Pap+OEObNFh2V9OBpm3
aAgpumUXH2WIJiIBo0z1dLrDqKkVZFx6BVb4sg5v0JM1KrdKmit1CZfxKBWaMD8k
aML4p1S7QsKRgQIMIuSSWwtTQh5cUTW9zGUe4REHl3F3KeejISX7kXp//nIfsk2x
N1oym1VCwHBvdr0dPYFNXjeOwUYnkhYRS8t2ho/E1Gsv3l8AcVMIyuskEaioP2B/
pg05hcZcUOo8ZnrWA6K48/c5gxY3W9di4x3GlAHj7aM5N/qV0pJqdmoSN/rsgfhG
tsavqA9KTVBhtwZ4GyUb90zoGjk8B5VC6ha9M1Xnr+QIF1U3K84yxe2VIJoIsxiy
VoPS5wtz/of2U2GCRH7eFvKCLC0SVfX5pc5AN+JKbSy/fMRZrwTAjajl6IR28s4q
S3uDt+nZZ/LOlOl1CW23DyQhjDOFLavh1A1DvJcTNV0338QDq9OTtO7YcWgDlFJj
wHinpL+2N9Y9MkD7YUVxPHIwl0NThgWDi12lJgoXFTi+Tng9FnfpDl6Tve5lwrIK
/o0tqdgiLYDuZ31m81NqfT9bkwW5zbSYULa/btPUCaZ9iPnqujVoX07Fsxc=
-----END CERTIFICATE-----
".format(self.cacert_file).encode('utf8')), match_key: match_value, 'password': '$PASSWORD', 'phase2-auth': 'pap', 'anonymous-identity': '[email protected]', }) s_ip4 = dbus.Dictionary({'method': 'auto'}) s_ip6 = dbus.Dictionary({'method': 'auto'}) con = dbus.Dictionary({ 'connection': s_con, '802-11-wireless': s_wifi, '802-11-wireless-security': s_wsec, '802-1x': s_8021x, 'ipv4': s_ip4, 'ipv6': s_ip6 }) self.settings.AddConnection(con) def main(self): self.check_opts() ver = self.connect_to_NM() self.delete_existing_connections('eduroam') self.add_connection('eduroam') if __name__ == "__main__": ENMCT = EduroamNMConfigTool() ENMCT.main() EOF } function create_wpa_conf { cat << EOFW >> $HOME/.cat_installer/cat_installer.conf network={ ssid="eduroam" key_mgmt=WPA-EAP pairwise=CCMP group=CCMP TKIP eap=TTLS ca_cert="${HOME}/.cat_installer/ca.pem" identity="${USER_NAME}" domain_suffix_match="orle.arnes.si" phase2="auth=PAP" password="${PASSWORD}" anonymous_identity="[email protected]" } EOFW chmod 600 $HOME/.cat_installer/cat_installer.conf } #prompt user for credentials user_cred if run_python_script ; then show_info "Installation successful" else show_info "Network Manager configuration failed, generating wpa_supplicant.conf" if ! ask "Network Manager configuration failed, but we may generate a wpa_supplicant configuration file if you wish. Be warned that your connection password will be saved in this file as clear text." "Write the file" 1 ; then exit ; fi if [ -f $HOME/.cat_installer/cat_installer.conf ] ; then if ! ask "File $HOME/.cat_installer/cat_installer.conf exists; it will be overwritten." "Continue" 1 ; then confirm_exit; fi rm $HOME/.cat_installer/cat_installer.conf fi create_wpa_conf show_info "Output written to $HOME/.cat_installer/cat_installer.conf" fi

E de acordo com o status de saída WPA association/authentication failed for interface 'wlp3s0' , parece que algo está errado com a autenticação ... Alguém pode ajudar? Eu tenho que de alguma forma criptografar minha senha ou algo assim?

No Arch Linux, certifiquei-me de ter instalado o pacote pptpclient , que às vezes é necessário de acordo com ArchWiki .

    
por 71GA 03.10.2016 / 08:04

0 respostas