Minha organização oferece um script grande para configurar a conexão eduroam e eu não gosto de executar scripts grandes para os quais não sei o que eles fazem e não posso reverter as coisas que eles fazem aqui no Archlinux. Então eu tentei escrever meu próprio perfil netctl olhando o script:
#!/usr/bin/env bash
if [ -z "$BASH" ] ; then
bash $0
exit
fi
my_name=$0
function setup_environment {
bf=""
n=""
ORGANISATION="Šolski center Kranj"
URL="http://www.sckr.si/tsc/eduroam"
SUPPORT="[email protected]"
if [ ! -z "$DISPLAY" ] ; then
if which zenity 1>/dev/null 2>&1 ; then
ZENITY='which zenity'
elif which kdialog 1>/dev/null 2>&1 ; then
KDIALOG='which kdialog'
else
if tty > /dev/null 2>&1 ; then
if echo $TERM | grep -E -q "xterm|gnome-terminal|lxterminal" ; then
bf="[1m";
n="[0m";
fi
else
find_xterm
if [ -n "$XT" ] ; then
$XT -e $my_name
fi
fi
fi
fi
}
function split_line {
echo $1 | awk -F '\\n' 'END { for(i=1; i <= NF; i++) print $i }'
}
function find_xterm {
terms="xterm aterm wterm lxterminal rxvt gnome-terminal konsole"
for t in $terms
do
if which $t > /dev/null 2>&1 ; then
XT=$t
break
fi
done
}
function ask {
T="eduroam CAT"
# if ! [ -z "$3" ] ; then
# T="$T: $3"
# fi
if [ ! -z $KDIALOG ] ; then
if $KDIALOG --yesno "${1}\n${2}?" --title "$T" ; then
return 0
else
return 1
fi
fi
if [ ! -z $ZENITY ] ; then
text='echo "${1}" | fmt -w60'
if $ZENITY --no-wrap --question --text="${text}\n${2}?" --title="$T" 2>/dev/null ; then
return 0
else
return 1
fi
fi
yes=Y
no=N
yes1='echo $yes | awk '{ print toupper($0) }''
no1='echo $no | awk '{ print toupper($0) }''
if [ $3 == "0" ]; then
def=$yes
else
def=$no
fi
echo "";
while true
do
split_line "$1"
read -p "${bf}$2 ${yes}/${no}? [${def}]:$n " answer
if [ -z "$answer" ] ; then
answer=${def}
fi
answer='echo $answer | awk '{ print toupper($0) }''
case "$answer" in
${yes1})
return 0
;;
${no1})
return 1
;;
esac
done
}
function alert {
if [ ! -z $KDIALOG ] ; then
$KDIALOG --sorry "${1}"
return
fi
if [ ! -z $ZENITY ] ; then
$ZENITY --warning --text="$1" 2>/dev/null
return
fi
echo "$1"
}
function show_info {
if [ ! -z $KDIALOG ] ; then
$KDIALOG --msgbox "${1}"
return
fi
if [ ! -z $ZENITY ] ; then
$ZENITY --info --width=500 --text="$1" 2>/dev/null
return
fi
split_line "$1"
}
function confirm_exit {
if [ ! -z $KDIALOG ] ; then
if $KDIALOG --yesno "Really quit?" ; then
exit 1
fi
fi
if [ ! -z $ZENITY ] ; then
if $ZENITY --question --text="Really quit?" 2>/dev/null ; then
exit 1
fi
fi
}
function prompt_nonempty_string {
prompt=$2
if [ ! -z $ZENITY ] ; then
if [ $1 -eq 0 ] ; then
H="--hide-text "
fi
if ! [ -z "$3" ] ; then
D="--entry-text=$3"
fi
elif [ ! -z $KDIALOG ] ; then
if [ $1 -eq 0 ] ; then
H="--password"
else
H="--inputbox"
fi
fi
out_s="";
if [ ! -z $ZENITY ] ; then
while [ ! "$out_s" ] ; do
out_s='$ZENITY --entry --width=300 $H $D --text "$prompt" 2>/dev/null'
if [ $? -ne 0 ] ; then
confirm_exit
fi
done
elif [ ! -z $KDIALOG ] ; then
while [ ! "$out_s" ] ; do
out_s='$KDIALOG $H "$prompt" "$3"'
if [ $? -ne 0 ] ; then
confirm_exit
fi
done
else
while [ ! "$out_s" ] ; do
read -p "${prompt}: " out_s
done
fi
echo "$out_s";
}
function user_cred {
PASSWORD="a"
PASSWORD1="b"
if ! USER_NAME='prompt_nonempty_string 1 "enter your userid"' ; then
exit 1
fi
while [ "$PASSWORD" != "$PASSWORD1" ]
do
if ! PASSWORD='prompt_nonempty_string 0 "enter your password"' ; then
exit 1
fi
if ! PASSWORD1='prompt_nonempty_string 0 "repeat your password"' ; then
exit 1
fi
if [ "$PASSWORD" != "$PASSWORD1" ] ; then
alert "passwords do not match"
fi
done
}
setup_environment
show_info "This installer has been prepared for ${ORGANISATION}\n\nMore information and comments:\n\nEMAIL: ${SUPPORT}\nWWW: ${URL}\n\nInstaller created with software from the GEANT project."
if ! ask "This installer will only work properly if you are a member of ${bf}Šolski center Kranj${n} and the user group: ${bf}ŠC Kranj - zaposleni in predavatelji.${n}" "Continue" 1 ; then exit; fi
if [ -d $HOME/.cat_installer ] ; then
if ! ask "Directory $HOME/.cat_installer exists; some of its files may be overwritten." "Continue" 1 ; then exit; fi
else
mkdir $HOME/.cat_installer
fi
# save certificates
echo "-----BEGIN CERTIFICATE-----
MIIGWDCCBECgAwIBAgIGEkzELa0WMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYT
AlNJMQ4wDAYDVQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5l
cyBDQSB6YSBzdHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBv
ZHBvcmFAYXJuZXMuc2kwHhcNMTIwOTE4MTIyOTAzWhcNMjIwOTE4MTIyOTAzWjB4
MQswCQYDVQQGEwJTSTEOMAwGA1UEChMFQVJORVMxDDAKBgNVBAsTA0FBSTEmMCQG
A1UEAxMdQXJuZXMgQ0EgemEgc3RyZXpuaWtlIEVkdXJvYW0xIzAhBgkqhkiG9w0B
CQEWFGFhYS1wb2Rwb3JhQGFybmVzLnNpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAySn6em7XHgbTpfofzPEQDwt/2jjYeSRpXhh7INAavqu8ulYjH/6m
E2q6YKOUDOwXEES3d02ITVYJaK0bzuJIagbldA1HrrfouZvyIs3ygjRS1pkCeSrJ
gObwnzpkFT8/+Vood5+VXXo7ppjQ96cougYCo0l4klabDQpS+WHCFwZuHiEz/JKP
h878xlTFa+Nbu5f7LSCuXmo1BdZfsk5dhAaKGiCze3aWfGz/cnJXfUvNi98e0rSv
/c52Bn7PuGrEBFQocQf+vTdEfp4ZTOwMzECVKNHvowP6UTYN20xFcnKzKF8l+rBN
IU1nzSPN0ZF5XQwXZnh3DdBXd3F4COhlK5p++7aktVMk9F899kYacycTXcSe6WEb
p5oneY3ePKLFMCR67euP270dRyBOb1Q1r2QCsdH4eVJQiMFA56yTgXOH+Xt3iXdo
GxlREvdWA6IajV9vDycpM2cLPpQh0y7Xpw5qP/MEN6n78LehFq7qpoDHAyv+eNRS
FqMIK3l/y1COupGbYfjPJxJafG1toPLVttscvLAkAfv7ax5x2MMweniQeL6tXfVg
74/ytp+sMWm+CoPWIkySawSH3zHTAvImRnobNrHqEDX8lGNg1KpyblGMSCZtsIsu
d5rwIYHUxIEw9YOfJfcEIj7L12rWpGhpCbuOc3UccamUORE1fdf1OFcCAwEAAaOB
5zCB5DAdBgNVHQ4EFgQUaB7UejoXmpbxfBSP6ka2bin5jZkwgacGA1UdIwSBnzCB
nIAUaB7UejoXmpbxfBSP6ka2bin5jZmhfKR6MHgxCzAJBgNVBAYTAlNJMQ4wDAYD
VQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5lcyBDQSB6YSBz
dHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBvZHBvcmFAYXJu
ZXMuc2mCBhJMxC2tFjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQUFAAOCAgEAhQqT93eHL2TC2SJVDtC/tndijonwOklVVckR4gQQ0QoCYLD3
W9ZVKHiEyTUZ1MKJ6YSwliV6JzyvgXTd8DUr+YhQD89K6Pap+OEObNFh2V9OBpm3
aAgpumUXH2WIJiIBo0z1dLrDqKkVZFx6BVb4sg5v0JM1KrdKmit1CZfxKBWaMD8k
aML4p1S7QsKRgQIMIuSSWwtTQh5cUTW9zGUe4REHl3F3KeejISX7kXp//nIfsk2x
N1oym1VCwHBvdr0dPYFNXjeOwUYnkhYRS8t2ho/E1Gsv3l8AcVMIyuskEaioP2B/
pg05hcZcUOo8ZnrWA6K48/c5gxY3W9di4x3GlAHj7aM5N/qV0pJqdmoSN/rsgfhG
tsavqA9KTVBhtwZ4GyUb90zoGjk8B5VC6ha9M1Xnr+QIF1U3K84yxe2VIJoIsxiy
VoPS5wtz/of2U2GCRH7eFvKCLC0SVfX5pc5AN+JKbSy/fMRZrwTAjajl6IR28s4q
S3uDt+nZZ/LOlOl1CW23DyQhjDOFLavh1A1DvJcTNV0338QDq9OTtO7YcWgDlFJj
wHinpL+2N9Y9MkD7YUVxPHIwl0NThgWDi12lJgoXFTi+Tng9FnfpDl6Tve5lwrIK
/o0tqdgiLYDuZ31m81NqfT9bkwW5zbSYULa/btPUCaZ9iPnqujVoX07Fsxc=
-----END CERTIFICATE-----
" > $HOME/.cat_installer/ca.pem
function run_python_script {
PASSWORD=$( echo "$PASSWORD" | sed "s/'/\\'/g" )
if python << EEE1 > /dev/null 2>&1
import dbus
EEE1
then
PYTHON=python
elif python3 << EEE2 > /dev/null 2>&1
import dbus
EEE2
then
PYTHON=python3
else
PYTHON=none
return 1
fi
$PYTHON << EOF > /dev/null 2>&1
#-*- coding: utf-8 -*-
import dbus
import re
import sys
import uuid
import os
class EduroamNMConfigTool:
def connect_to_NM(self):
#connect to DBus
try:
self.bus = dbus.SystemBus()
except dbus.exceptions.DBusException:
print("Can't connect to DBus")
sys.exit(2)
#main service name
self.system_service_name = "org.freedesktop.NetworkManager"
#check NM version
self.check_nm_version()
if self.nm_version == "0.9" or self.nm_version == "1.0":
self.settings_service_name = self.system_service_name
self.connection_interface_name = "org.freedesktop.NetworkManager.Settings.Connection"
#settings proxy
sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManager/Settings")
#settings intrface
self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManager.Settings")
elif self.nm_version == "0.8":
#self.settings_service_name = "org.freedesktop.NetworkManagerUserSettings"
self.settings_service_name = "org.freedesktop.NetworkManager"
self.connection_interface_name = "org.freedesktop.NetworkManagerSettings.Connection"
#settings proxy
sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManagerSettings")
#settings intrface
self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManagerSettings")
else:
print("This Network Manager version is not supported")
sys.exit(2)
def check_opts(self):
self.cacert_file = '${HOME}/.cat_installer/ca.pem'
self.pfx_file = '${HOME}/.cat_installer/user.p12'
if not os.path.isfile(self.cacert_file):
print("Certificate file not found, looks like a CAT error")
sys.exit(2)
def check_nm_version(self):
try:
proxy = self.bus.get_object(self.system_service_name, "/org/freedesktop/NetworkManager")
props = dbus.Interface(proxy, "org.freedesktop.DBus.Properties")
version = props.Get("org.freedesktop.NetworkManager", "Version")
except dbus.exceptions.DBusException:
version = "0.8"
if re.match(r'^1\.', version):
self.nm_version = "1.0"
return
if re.match(r'^0\.9', version):
self.nm_version = "0.9"
return
if re.match(r'^0\.8', version):
self.nm_version = "0.8"
return
else:
self.nm_version = "Unknown version"
return
def byte_to_string(self, barray):
return "".join([chr(x) for x in barray])
def delete_existing_connections(self, ssid):
"checks and deletes earlier connections"
try:
conns = self.settings.ListConnections()
except dbus.exceptions.DBusException:
print("DBus connection problem, a sudo might help")
exit(3)
for each in conns:
con_proxy = self.bus.get_object(self.system_service_name, each)
connection = dbus.Interface(con_proxy, "org.freedesktop.NetworkManager.Settings.Connection")
try:
connection_settings = connection.GetSettings()
if connection_settings['connection']['type'] == '802-11-wireless':
conn_ssid = self.byte_to_string(connection_settings['802-11-wireless']['ssid'])
if conn_ssid == ssid:
connection.Delete()
except dbus.exceptions.DBusException:
pass
def add_connection(self,ssid):
server_alt_subject_name_list = dbus.Array({'DNS:orle.arnes.si'})
server_name = 'orle.arnes.si'
if self.nm_version == "0.9" or self.nm_version == "1.0":
match_key = 'altsubject-matches'
match_value = server_alt_subject_name_list
else:
match_key = 'subject-match'
match_value = server_name
s_con = dbus.Dictionary({
'type': '802-11-wireless',
'uuid': str(uuid.uuid4()),
'permissions': ['user:$USER'],
'id': ssid
})
s_wifi = dbus.Dictionary({
'ssid': dbus.ByteArray(ssid.encode('utf8')),
'security': '802-11-wireless-security'
})
s_wsec = dbus.Dictionary({
'key-mgmt': 'wpa-eap',
'proto': ['rsn',],
'pairwise': ['ccmp',],
'group': ['ccmp', 'tkip']
})
s_8021x = dbus.Dictionary({
'eap': ['ttls'],
'identity': '$USER_NAME',
'ca-cert': dbus.ByteArray("file://{0}-----BEGIN CERTIFICATE-----
MIIGWDCCBECgAwIBAgIGEkzELa0WMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYT
AlNJMQ4wDAYDVQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5l
cyBDQSB6YSBzdHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBv
ZHBvcmFAYXJuZXMuc2kwHhcNMTIwOTE4MTIyOTAzWhcNMjIwOTE4MTIyOTAzWjB4
MQswCQYDVQQGEwJTSTEOMAwGA1UEChMFQVJORVMxDDAKBgNVBAsTA0FBSTEmMCQG
A1UEAxMdQXJuZXMgQ0EgemEgc3RyZXpuaWtlIEVkdXJvYW0xIzAhBgkqhkiG9w0B
CQEWFGFhYS1wb2Rwb3JhQGFybmVzLnNpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAySn6em7XHgbTpfofzPEQDwt/2jjYeSRpXhh7INAavqu8ulYjH/6m
E2q6YKOUDOwXEES3d02ITVYJaK0bzuJIagbldA1HrrfouZvyIs3ygjRS1pkCeSrJ
gObwnzpkFT8/+Vood5+VXXo7ppjQ96cougYCo0l4klabDQpS+WHCFwZuHiEz/JKP
h878xlTFa+Nbu5f7LSCuXmo1BdZfsk5dhAaKGiCze3aWfGz/cnJXfUvNi98e0rSv
/c52Bn7PuGrEBFQocQf+vTdEfp4ZTOwMzECVKNHvowP6UTYN20xFcnKzKF8l+rBN
IU1nzSPN0ZF5XQwXZnh3DdBXd3F4COhlK5p++7aktVMk9F899kYacycTXcSe6WEb
p5oneY3ePKLFMCR67euP270dRyBOb1Q1r2QCsdH4eVJQiMFA56yTgXOH+Xt3iXdo
GxlREvdWA6IajV9vDycpM2cLPpQh0y7Xpw5qP/MEN6n78LehFq7qpoDHAyv+eNRS
FqMIK3l/y1COupGbYfjPJxJafG1toPLVttscvLAkAfv7ax5x2MMweniQeL6tXfVg
74/ytp+sMWm+CoPWIkySawSH3zHTAvImRnobNrHqEDX8lGNg1KpyblGMSCZtsIsu
d5rwIYHUxIEw9YOfJfcEIj7L12rWpGhpCbuOc3UccamUORE1fdf1OFcCAwEAAaOB
5zCB5DAdBgNVHQ4EFgQUaB7UejoXmpbxfBSP6ka2bin5jZkwgacGA1UdIwSBnzCB
nIAUaB7UejoXmpbxfBSP6ka2bin5jZmhfKR6MHgxCzAJBgNVBAYTAlNJMQ4wDAYD
VQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5lcyBDQSB6YSBz
dHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBvZHBvcmFAYXJu
ZXMuc2mCBhJMxC2tFjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQUFAAOCAgEAhQqT93eHL2TC2SJVDtC/tndijonwOklVVckR4gQQ0QoCYLD3
W9ZVKHiEyTUZ1MKJ6YSwliV6JzyvgXTd8DUr+YhQD89K6Pap+OEObNFh2V9OBpm3
aAgpumUXH2WIJiIBo0z1dLrDqKkVZFx6BVb4sg5v0JM1KrdKmit1CZfxKBWaMD8k
aML4p1S7QsKRgQIMIuSSWwtTQh5cUTW9zGUe4REHl3F3KeejISX7kXp//nIfsk2x
N1oym1VCwHBvdr0dPYFNXjeOwUYnkhYRS8t2ho/E1Gsv3l8AcVMIyuskEaioP2B/
pg05hcZcUOo8ZnrWA6K48/c5gxY3W9di4x3GlAHj7aM5N/qV0pJqdmoSN/rsgfhG
tsavqA9KTVBhtwZ4GyUb90zoGjk8B5VC6ha9M1Xnr+QIF1U3K84yxe2VIJoIsxiy
VoPS5wtz/of2U2GCRH7eFvKCLC0SVfX5pc5AN+JKbSy/fMRZrwTAjajl6IR28s4q
S3uDt+nZZ/LOlOl1CW23DyQhjDOFLavh1A1DvJcTNV0338QDq9OTtO7YcWgDlFJj
wHinpL+2N9Y9MkD7YUVxPHIwl0NThgWDi12lJgoXFTi+Tng9FnfpDl6Tve5lwrIK
/o0tqdgiLYDuZ31m81NqfT9bkwW5zbSYULa/btPUCaZ9iPnqujVoX07Fsxc=
-----END CERTIFICATE-----
".format(self.cacert_file).encode('utf8')),
match_key: match_value,
'password': '$PASSWORD',
'phase2-auth': 'pap',
'anonymous-identity': '[email protected]',
})
s_ip4 = dbus.Dictionary({'method': 'auto'})
s_ip6 = dbus.Dictionary({'method': 'auto'})
con = dbus.Dictionary({
'connection': s_con,
'802-11-wireless': s_wifi,
'802-11-wireless-security': s_wsec,
'802-1x': s_8021x,
'ipv4': s_ip4,
'ipv6': s_ip6
})
self.settings.AddConnection(con)
def main(self):
self.check_opts()
ver = self.connect_to_NM()
self.delete_existing_connections('eduroam')
self.add_connection('eduroam')
if __name__ == "__main__":
ENMCT = EduroamNMConfigTool()
ENMCT.main()
EOF
}
function create_wpa_conf {
cat << EOFW >> $HOME/.cat_installer/cat_installer.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=TTLS
ca_cert="${HOME}/.cat_installer/ca.pem"
identity="${USER_NAME}"
domain_suffix_match="orle.arnes.si"
phase2="auth=PAP"
password="${PASSWORD}"
anonymous_identity="[email protected]"
}
EOFW
chmod 600 $HOME/.cat_installer/cat_installer.conf
}
#prompt user for credentials
user_cred
if run_python_script ; then
show_info "Installation successful"
else
show_info "Network Manager configuration failed, generating wpa_supplicant.conf"
if ! ask "Network Manager configuration failed, but we may generate a wpa_supplicant configuration file if you wish. Be warned that your connection password will be saved in this file as clear text." "Write the file" 1 ; then exit ; fi
if [ -f $HOME/.cat_installer/cat_installer.conf ] ; then
if ! ask "File $HOME/.cat_installer/cat_installer.conf exists; it will be overwritten." "Continue" 1 ; then confirm_exit; fi
rm $HOME/.cat_installer/cat_installer.conf
fi
create_wpa_conf
show_info "Output written to $HOME/.cat_installer/cat_installer.conf"
fi
A primeira coisa que fiz foi extrair o certificado e salvá-lo em um arquivo separado /home/ziga/Dropbox/workspace/operacijski/archlinux/eduroam/eduroam.pem
- e é assim:
Connection='wireless'
Interface=wlp3s0
Security='wpa-configsection'
Description="eduroam network"
IP='dhcp'
TimeoutWPA=30
WPAConfigSection=(
'ssid="eduroam"'
'pairwise=CCMP'
'group=CCMP TKIP'
'key_mgmt=WPA-EAP'
'eap=TTLS'
'identity="[email protected]"'
'domain_suffix_match="orle.arnes.si"'
'phase2="auth=PAP"'
'ca_cert="/home/ziga/Dropbox/workspace/operacijski/archlinux/eduroam/eduroam.pem"'
'password="my_password"'
'anonymous_identity="[email protected]"'
)
Então dentro de um script eu encontrei a seção de configuração e tentei combiná-lo no meu perfil netctl chamado eduroam_w
assim:
● netctl@eduroam_w.service - Networking for netctl profile eduroam_w
Loaded: loaded (/usr/lib/systemd/system/[email protected]; static; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2016-10-03 07:29:34 CEST; 26min ago
Docs: man:netctl.profile(5)
Process: 13456 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
Main PID: 13456 (code=exited, status=1/FAILURE)
Oct 03 07:29:02 ziga-laptop systemd[1]: Starting Networking for netctl profile eduroam_w...
Oct 03 07:29:02 ziga-laptop network[13456]: Starting network profile 'eduroam_w'...
Oct 03 07:29:34 ziga-laptop network[13456]: WPA association/authentication failed for interface 'wlp3s0'
Oct 03 07:29:34 ziga-laptop network[13456]: Failed to bring the network up for profile 'eduroam_w'
Oct 03 07:29:34 ziga-laptop systemd[1]: netctl@eduroam_w.service: Main process exited, code=exited, status=1/FAILURE
Oct 03 07:29:34 ziga-laptop systemd[1]: Failed to start Networking for netctl profile eduroam_w.
Oct 03 07:29:34 ziga-laptop systemd[1]: netctl@eduroam_w.service: Unit entered failed state.
Oct 03 07:29:34 ziga-laptop systemd[1]: netctl@eduroam_w.service: Failed with result 'exit-code'.
Mas depois de iniciar o perfil com sudo netctl start eduroam_w
, ele falha e eu recebo isso do systemd:
#!/usr/bin/env bash
if [ -z "$BASH" ] ; then
bash $0
exit
fi
my_name=$0
function setup_environment {
bf=""
n=""
ORGANISATION="Šolski center Kranj"
URL="http://www.sckr.si/tsc/eduroam"
SUPPORT="[email protected]"
if [ ! -z "$DISPLAY" ] ; then
if which zenity 1>/dev/null 2>&1 ; then
ZENITY='which zenity'
elif which kdialog 1>/dev/null 2>&1 ; then
KDIALOG='which kdialog'
else
if tty > /dev/null 2>&1 ; then
if echo $TERM | grep -E -q "xterm|gnome-terminal|lxterminal" ; then
bf="[1m";
n="[0m";
fi
else
find_xterm
if [ -n "$XT" ] ; then
$XT -e $my_name
fi
fi
fi
fi
}
function split_line {
echo $1 | awk -F '\\n' 'END { for(i=1; i <= NF; i++) print $i }'
}
function find_xterm {
terms="xterm aterm wterm lxterminal rxvt gnome-terminal konsole"
for t in $terms
do
if which $t > /dev/null 2>&1 ; then
XT=$t
break
fi
done
}
function ask {
T="eduroam CAT"
# if ! [ -z "$3" ] ; then
# T="$T: $3"
# fi
if [ ! -z $KDIALOG ] ; then
if $KDIALOG --yesno "${1}\n${2}?" --title "$T" ; then
return 0
else
return 1
fi
fi
if [ ! -z $ZENITY ] ; then
text='echo "${1}" | fmt -w60'
if $ZENITY --no-wrap --question --text="${text}\n${2}?" --title="$T" 2>/dev/null ; then
return 0
else
return 1
fi
fi
yes=Y
no=N
yes1='echo $yes | awk '{ print toupper($0) }''
no1='echo $no | awk '{ print toupper($0) }''
if [ $3 == "0" ]; then
def=$yes
else
def=$no
fi
echo "";
while true
do
split_line "$1"
read -p "${bf}$2 ${yes}/${no}? [${def}]:$n " answer
if [ -z "$answer" ] ; then
answer=${def}
fi
answer='echo $answer | awk '{ print toupper($0) }''
case "$answer" in
${yes1})
return 0
;;
${no1})
return 1
;;
esac
done
}
function alert {
if [ ! -z $KDIALOG ] ; then
$KDIALOG --sorry "${1}"
return
fi
if [ ! -z $ZENITY ] ; then
$ZENITY --warning --text="$1" 2>/dev/null
return
fi
echo "$1"
}
function show_info {
if [ ! -z $KDIALOG ] ; then
$KDIALOG --msgbox "${1}"
return
fi
if [ ! -z $ZENITY ] ; then
$ZENITY --info --width=500 --text="$1" 2>/dev/null
return
fi
split_line "$1"
}
function confirm_exit {
if [ ! -z $KDIALOG ] ; then
if $KDIALOG --yesno "Really quit?" ; then
exit 1
fi
fi
if [ ! -z $ZENITY ] ; then
if $ZENITY --question --text="Really quit?" 2>/dev/null ; then
exit 1
fi
fi
}
function prompt_nonempty_string {
prompt=$2
if [ ! -z $ZENITY ] ; then
if [ $1 -eq 0 ] ; then
H="--hide-text "
fi
if ! [ -z "$3" ] ; then
D="--entry-text=$3"
fi
elif [ ! -z $KDIALOG ] ; then
if [ $1 -eq 0 ] ; then
H="--password"
else
H="--inputbox"
fi
fi
out_s="";
if [ ! -z $ZENITY ] ; then
while [ ! "$out_s" ] ; do
out_s='$ZENITY --entry --width=300 $H $D --text "$prompt" 2>/dev/null'
if [ $? -ne 0 ] ; then
confirm_exit
fi
done
elif [ ! -z $KDIALOG ] ; then
while [ ! "$out_s" ] ; do
out_s='$KDIALOG $H "$prompt" "$3"'
if [ $? -ne 0 ] ; then
confirm_exit
fi
done
else
while [ ! "$out_s" ] ; do
read -p "${prompt}: " out_s
done
fi
echo "$out_s";
}
function user_cred {
PASSWORD="a"
PASSWORD1="b"
if ! USER_NAME='prompt_nonempty_string 1 "enter your userid"' ; then
exit 1
fi
while [ "$PASSWORD" != "$PASSWORD1" ]
do
if ! PASSWORD='prompt_nonempty_string 0 "enter your password"' ; then
exit 1
fi
if ! PASSWORD1='prompt_nonempty_string 0 "repeat your password"' ; then
exit 1
fi
if [ "$PASSWORD" != "$PASSWORD1" ] ; then
alert "passwords do not match"
fi
done
}
setup_environment
show_info "This installer has been prepared for ${ORGANISATION}\n\nMore information and comments:\n\nEMAIL: ${SUPPORT}\nWWW: ${URL}\n\nInstaller created with software from the GEANT project."
if ! ask "This installer will only work properly if you are a member of ${bf}Šolski center Kranj${n} and the user group: ${bf}ŠC Kranj - zaposleni in predavatelji.${n}" "Continue" 1 ; then exit; fi
if [ -d $HOME/.cat_installer ] ; then
if ! ask "Directory $HOME/.cat_installer exists; some of its files may be overwritten." "Continue" 1 ; then exit; fi
else
mkdir $HOME/.cat_installer
fi
# save certificates
echo "-----BEGIN CERTIFICATE-----
MIIGWDCCBECgAwIBAgIGEkzELa0WMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYT
AlNJMQ4wDAYDVQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5l
cyBDQSB6YSBzdHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBv
ZHBvcmFAYXJuZXMuc2kwHhcNMTIwOTE4MTIyOTAzWhcNMjIwOTE4MTIyOTAzWjB4
MQswCQYDVQQGEwJTSTEOMAwGA1UEChMFQVJORVMxDDAKBgNVBAsTA0FBSTEmMCQG
A1UEAxMdQXJuZXMgQ0EgemEgc3RyZXpuaWtlIEVkdXJvYW0xIzAhBgkqhkiG9w0B
CQEWFGFhYS1wb2Rwb3JhQGFybmVzLnNpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAySn6em7XHgbTpfofzPEQDwt/2jjYeSRpXhh7INAavqu8ulYjH/6m
E2q6YKOUDOwXEES3d02ITVYJaK0bzuJIagbldA1HrrfouZvyIs3ygjRS1pkCeSrJ
gObwnzpkFT8/+Vood5+VXXo7ppjQ96cougYCo0l4klabDQpS+WHCFwZuHiEz/JKP
h878xlTFa+Nbu5f7LSCuXmo1BdZfsk5dhAaKGiCze3aWfGz/cnJXfUvNi98e0rSv
/c52Bn7PuGrEBFQocQf+vTdEfp4ZTOwMzECVKNHvowP6UTYN20xFcnKzKF8l+rBN
IU1nzSPN0ZF5XQwXZnh3DdBXd3F4COhlK5p++7aktVMk9F899kYacycTXcSe6WEb
p5oneY3ePKLFMCR67euP270dRyBOb1Q1r2QCsdH4eVJQiMFA56yTgXOH+Xt3iXdo
GxlREvdWA6IajV9vDycpM2cLPpQh0y7Xpw5qP/MEN6n78LehFq7qpoDHAyv+eNRS
FqMIK3l/y1COupGbYfjPJxJafG1toPLVttscvLAkAfv7ax5x2MMweniQeL6tXfVg
74/ytp+sMWm+CoPWIkySawSH3zHTAvImRnobNrHqEDX8lGNg1KpyblGMSCZtsIsu
d5rwIYHUxIEw9YOfJfcEIj7L12rWpGhpCbuOc3UccamUORE1fdf1OFcCAwEAAaOB
5zCB5DAdBgNVHQ4EFgQUaB7UejoXmpbxfBSP6ka2bin5jZkwgacGA1UdIwSBnzCB
nIAUaB7UejoXmpbxfBSP6ka2bin5jZmhfKR6MHgxCzAJBgNVBAYTAlNJMQ4wDAYD
VQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5lcyBDQSB6YSBz
dHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBvZHBvcmFAYXJu
ZXMuc2mCBhJMxC2tFjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQUFAAOCAgEAhQqT93eHL2TC2SJVDtC/tndijonwOklVVckR4gQQ0QoCYLD3
W9ZVKHiEyTUZ1MKJ6YSwliV6JzyvgXTd8DUr+YhQD89K6Pap+OEObNFh2V9OBpm3
aAgpumUXH2WIJiIBo0z1dLrDqKkVZFx6BVb4sg5v0JM1KrdKmit1CZfxKBWaMD8k
aML4p1S7QsKRgQIMIuSSWwtTQh5cUTW9zGUe4REHl3F3KeejISX7kXp//nIfsk2x
N1oym1VCwHBvdr0dPYFNXjeOwUYnkhYRS8t2ho/E1Gsv3l8AcVMIyuskEaioP2B/
pg05hcZcUOo8ZnrWA6K48/c5gxY3W9di4x3GlAHj7aM5N/qV0pJqdmoSN/rsgfhG
tsavqA9KTVBhtwZ4GyUb90zoGjk8B5VC6ha9M1Xnr+QIF1U3K84yxe2VIJoIsxiy
VoPS5wtz/of2U2GCRH7eFvKCLC0SVfX5pc5AN+JKbSy/fMRZrwTAjajl6IR28s4q
S3uDt+nZZ/LOlOl1CW23DyQhjDOFLavh1A1DvJcTNV0338QDq9OTtO7YcWgDlFJj
wHinpL+2N9Y9MkD7YUVxPHIwl0NThgWDi12lJgoXFTi+Tng9FnfpDl6Tve5lwrIK
/o0tqdgiLYDuZ31m81NqfT9bkwW5zbSYULa/btPUCaZ9iPnqujVoX07Fsxc=
-----END CERTIFICATE-----
" > $HOME/.cat_installer/ca.pem
function run_python_script {
PASSWORD=$( echo "$PASSWORD" | sed "s/'/\\'/g" )
if python << EEE1 > /dev/null 2>&1
import dbus
EEE1
then
PYTHON=python
elif python3 << EEE2 > /dev/null 2>&1
import dbus
EEE2
then
PYTHON=python3
else
PYTHON=none
return 1
fi
$PYTHON << EOF > /dev/null 2>&1
#-*- coding: utf-8 -*-
import dbus
import re
import sys
import uuid
import os
class EduroamNMConfigTool:
def connect_to_NM(self):
#connect to DBus
try:
self.bus = dbus.SystemBus()
except dbus.exceptions.DBusException:
print("Can't connect to DBus")
sys.exit(2)
#main service name
self.system_service_name = "org.freedesktop.NetworkManager"
#check NM version
self.check_nm_version()
if self.nm_version == "0.9" or self.nm_version == "1.0":
self.settings_service_name = self.system_service_name
self.connection_interface_name = "org.freedesktop.NetworkManager.Settings.Connection"
#settings proxy
sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManager/Settings")
#settings intrface
self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManager.Settings")
elif self.nm_version == "0.8":
#self.settings_service_name = "org.freedesktop.NetworkManagerUserSettings"
self.settings_service_name = "org.freedesktop.NetworkManager"
self.connection_interface_name = "org.freedesktop.NetworkManagerSettings.Connection"
#settings proxy
sysproxy = self.bus.get_object(self.settings_service_name, "/org/freedesktop/NetworkManagerSettings")
#settings intrface
self.settings = dbus.Interface(sysproxy, "org.freedesktop.NetworkManagerSettings")
else:
print("This Network Manager version is not supported")
sys.exit(2)
def check_opts(self):
self.cacert_file = '${HOME}/.cat_installer/ca.pem'
self.pfx_file = '${HOME}/.cat_installer/user.p12'
if not os.path.isfile(self.cacert_file):
print("Certificate file not found, looks like a CAT error")
sys.exit(2)
def check_nm_version(self):
try:
proxy = self.bus.get_object(self.system_service_name, "/org/freedesktop/NetworkManager")
props = dbus.Interface(proxy, "org.freedesktop.DBus.Properties")
version = props.Get("org.freedesktop.NetworkManager", "Version")
except dbus.exceptions.DBusException:
version = "0.8"
if re.match(r'^1\.', version):
self.nm_version = "1.0"
return
if re.match(r'^0\.9', version):
self.nm_version = "0.9"
return
if re.match(r'^0\.8', version):
self.nm_version = "0.8"
return
else:
self.nm_version = "Unknown version"
return
def byte_to_string(self, barray):
return "".join([chr(x) for x in barray])
def delete_existing_connections(self, ssid):
"checks and deletes earlier connections"
try:
conns = self.settings.ListConnections()
except dbus.exceptions.DBusException:
print("DBus connection problem, a sudo might help")
exit(3)
for each in conns:
con_proxy = self.bus.get_object(self.system_service_name, each)
connection = dbus.Interface(con_proxy, "org.freedesktop.NetworkManager.Settings.Connection")
try:
connection_settings = connection.GetSettings()
if connection_settings['connection']['type'] == '802-11-wireless':
conn_ssid = self.byte_to_string(connection_settings['802-11-wireless']['ssid'])
if conn_ssid == ssid:
connection.Delete()
except dbus.exceptions.DBusException:
pass
def add_connection(self,ssid):
server_alt_subject_name_list = dbus.Array({'DNS:orle.arnes.si'})
server_name = 'orle.arnes.si'
if self.nm_version == "0.9" or self.nm_version == "1.0":
match_key = 'altsubject-matches'
match_value = server_alt_subject_name_list
else:
match_key = 'subject-match'
match_value = server_name
s_con = dbus.Dictionary({
'type': '802-11-wireless',
'uuid': str(uuid.uuid4()),
'permissions': ['user:$USER'],
'id': ssid
})
s_wifi = dbus.Dictionary({
'ssid': dbus.ByteArray(ssid.encode('utf8')),
'security': '802-11-wireless-security'
})
s_wsec = dbus.Dictionary({
'key-mgmt': 'wpa-eap',
'proto': ['rsn',],
'pairwise': ['ccmp',],
'group': ['ccmp', 'tkip']
})
s_8021x = dbus.Dictionary({
'eap': ['ttls'],
'identity': '$USER_NAME',
'ca-cert': dbus.ByteArray("file://{0}-----BEGIN CERTIFICATE-----
MIIGWDCCBECgAwIBAgIGEkzELa0WMA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNVBAYT
AlNJMQ4wDAYDVQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5l
cyBDQSB6YSBzdHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBv
ZHBvcmFAYXJuZXMuc2kwHhcNMTIwOTE4MTIyOTAzWhcNMjIwOTE4MTIyOTAzWjB4
MQswCQYDVQQGEwJTSTEOMAwGA1UEChMFQVJORVMxDDAKBgNVBAsTA0FBSTEmMCQG
A1UEAxMdQXJuZXMgQ0EgemEgc3RyZXpuaWtlIEVkdXJvYW0xIzAhBgkqhkiG9w0B
CQEWFGFhYS1wb2Rwb3JhQGFybmVzLnNpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAySn6em7XHgbTpfofzPEQDwt/2jjYeSRpXhh7INAavqu8ulYjH/6m
E2q6YKOUDOwXEES3d02ITVYJaK0bzuJIagbldA1HrrfouZvyIs3ygjRS1pkCeSrJ
gObwnzpkFT8/+Vood5+VXXo7ppjQ96cougYCo0l4klabDQpS+WHCFwZuHiEz/JKP
h878xlTFa+Nbu5f7LSCuXmo1BdZfsk5dhAaKGiCze3aWfGz/cnJXfUvNi98e0rSv
/c52Bn7PuGrEBFQocQf+vTdEfp4ZTOwMzECVKNHvowP6UTYN20xFcnKzKF8l+rBN
IU1nzSPN0ZF5XQwXZnh3DdBXd3F4COhlK5p++7aktVMk9F899kYacycTXcSe6WEb
p5oneY3ePKLFMCR67euP270dRyBOb1Q1r2QCsdH4eVJQiMFA56yTgXOH+Xt3iXdo
GxlREvdWA6IajV9vDycpM2cLPpQh0y7Xpw5qP/MEN6n78LehFq7qpoDHAyv+eNRS
FqMIK3l/y1COupGbYfjPJxJafG1toPLVttscvLAkAfv7ax5x2MMweniQeL6tXfVg
74/ytp+sMWm+CoPWIkySawSH3zHTAvImRnobNrHqEDX8lGNg1KpyblGMSCZtsIsu
d5rwIYHUxIEw9YOfJfcEIj7L12rWpGhpCbuOc3UccamUORE1fdf1OFcCAwEAAaOB
5zCB5DAdBgNVHQ4EFgQUaB7UejoXmpbxfBSP6ka2bin5jZkwgacGA1UdIwSBnzCB
nIAUaB7UejoXmpbxfBSP6ka2bin5jZmhfKR6MHgxCzAJBgNVBAYTAlNJMQ4wDAYD
VQQKEwVBUk5FUzEMMAoGA1UECxMDQUFJMSYwJAYDVQQDEx1Bcm5lcyBDQSB6YSBz
dHJlem5pa2UgRWR1cm9hbTEjMCEGCSqGSIb3DQEJARYUYWFhLXBvZHBvcmFAYXJu
ZXMuc2mCBhJMxC2tFjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQUFAAOCAgEAhQqT93eHL2TC2SJVDtC/tndijonwOklVVckR4gQQ0QoCYLD3
W9ZVKHiEyTUZ1MKJ6YSwliV6JzyvgXTd8DUr+YhQD89K6Pap+OEObNFh2V9OBpm3
aAgpumUXH2WIJiIBo0z1dLrDqKkVZFx6BVb4sg5v0JM1KrdKmit1CZfxKBWaMD8k
aML4p1S7QsKRgQIMIuSSWwtTQh5cUTW9zGUe4REHl3F3KeejISX7kXp//nIfsk2x
N1oym1VCwHBvdr0dPYFNXjeOwUYnkhYRS8t2ho/E1Gsv3l8AcVMIyuskEaioP2B/
pg05hcZcUOo8ZnrWA6K48/c5gxY3W9di4x3GlAHj7aM5N/qV0pJqdmoSN/rsgfhG
tsavqA9KTVBhtwZ4GyUb90zoGjk8B5VC6ha9M1Xnr+QIF1U3K84yxe2VIJoIsxiy
VoPS5wtz/of2U2GCRH7eFvKCLC0SVfX5pc5AN+JKbSy/fMRZrwTAjajl6IR28s4q
S3uDt+nZZ/LOlOl1CW23DyQhjDOFLavh1A1DvJcTNV0338QDq9OTtO7YcWgDlFJj
wHinpL+2N9Y9MkD7YUVxPHIwl0NThgWDi12lJgoXFTi+Tng9FnfpDl6Tve5lwrIK
/o0tqdgiLYDuZ31m81NqfT9bkwW5zbSYULa/btPUCaZ9iPnqujVoX07Fsxc=
-----END CERTIFICATE-----
".format(self.cacert_file).encode('utf8')),
match_key: match_value,
'password': '$PASSWORD',
'phase2-auth': 'pap',
'anonymous-identity': '[email protected]',
})
s_ip4 = dbus.Dictionary({'method': 'auto'})
s_ip6 = dbus.Dictionary({'method': 'auto'})
con = dbus.Dictionary({
'connection': s_con,
'802-11-wireless': s_wifi,
'802-11-wireless-security': s_wsec,
'802-1x': s_8021x,
'ipv4': s_ip4,
'ipv6': s_ip6
})
self.settings.AddConnection(con)
def main(self):
self.check_opts()
ver = self.connect_to_NM()
self.delete_existing_connections('eduroam')
self.add_connection('eduroam')
if __name__ == "__main__":
ENMCT = EduroamNMConfigTool()
ENMCT.main()
EOF
}
function create_wpa_conf {
cat << EOFW >> $HOME/.cat_installer/cat_installer.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=TTLS
ca_cert="${HOME}/.cat_installer/ca.pem"
identity="${USER_NAME}"
domain_suffix_match="orle.arnes.si"
phase2="auth=PAP"
password="${PASSWORD}"
anonymous_identity="[email protected]"
}
EOFW
chmod 600 $HOME/.cat_installer/cat_installer.conf
}
#prompt user for credentials
user_cred
if run_python_script ; then
show_info "Installation successful"
else
show_info "Network Manager configuration failed, generating wpa_supplicant.conf"
if ! ask "Network Manager configuration failed, but we may generate a wpa_supplicant configuration file if you wish. Be warned that your connection password will be saved in this file as clear text." "Write the file" 1 ; then exit ; fi
if [ -f $HOME/.cat_installer/cat_installer.conf ] ; then
if ! ask "File $HOME/.cat_installer/cat_installer.conf exists; it will be overwritten." "Continue" 1 ; then confirm_exit; fi
rm $HOME/.cat_installer/cat_installer.conf
fi
create_wpa_conf
show_info "Output written to $HOME/.cat_installer/cat_installer.conf"
fi
E de acordo com o status de saída WPA association/authentication failed for interface 'wlp3s0'
, parece que algo está errado com a autenticação ... Alguém pode ajudar? Eu tenho que de alguma forma criptografar minha senha ou algo assim?
No Arch Linux, certifiquei-me de ter instalado o pacote pptpclient
, que às vezes é necessário de acordo com ArchWiki .
Tags wpa arch-linux netctl wpa2-eap