Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Text | 873.72 KB |
Supported Linux operating systems
Installing the Linux iNode as a root user
Installing the Linux iNode as a nonroot user
Using the Linux iNode for authentication
Opening the Linux iNode configuration page
Configuring the 802.1X authentication connection
Performing an access authentication
Overview
The Linux iNode intelligent client (Linux iNode) is client access software for Linux users. It works with IMC EIA and EAD Security Policy to authenticate and check the security of access users.
· IMC: Intelligent Management Center (IMC) is a comprehensive network management product launched by H3C based on B/S architecture. IMC focuses on network management, with emphasis on network resources, users, and services, providing a unified solution for administrators to manage networks end-to-end.
· EIA: Endpoint Intelligent Access (EIA) provides unified network access policies for managing wired, wireless, and VPN networks for enterprises. It offers network access control for employees, visitors and device administrators based on their role, device type, access time and location. This ensures seamless execution of endpoint security policies across the network, meeting the needs of unified operation and management for multiple network access types and endpoint types in enterprises.
· EAD: Endpoint Admission Defense (EAD) controls user endpoint security access to the network, integrating network access control and endpoint security products. Through the collaboration of security clients, security policy servers, network devices, and third-party software, EAD enforces enterprise security policies on user endpoints accessing the network, strictly controlling endpoint user network behaviors and effectively enhancing proactive defense capabilities. It provides network administrators with effective and easy-to-use management tools and solutions.
Linux iNode client supports the following authentication protocols:
· 802.1X—The 802.1X protocol is widely used in Ethernet as a common access control mechanism for LAN ports. It addresses authentication and security issues within Ethernet networks. 802.1X is a port-based network access control protocol that controls access to network resources by authenticating user devices connected to the LAN access device ports.
· Portal—Portal authentication accepts user input of username and password through a Web page, authenticates the user's identity, and controls the user’s access to the network according to the authentication result.
· SSL VPN—The SSL VPN protocol is a virtual private network (VPN) technology based on Secure Sockets Layer (SSL) and operates between the transport layer and the application layer. SSL VPN fully utilizes the certificate-based identity authentication, data encryption, and message integrity verification mechanisms provided by the SSL protocol to establish secure connections for communication between application layers. SSL VPN is widely used for secure remote access based on the Web, providing users with secure access to the internal network of the company.
This document describes how to install, operate, and uninstall the Linux iNode.
Installing the Linux iNode
If the iNode client of an earlier version has been installed on the PC, uninstall it before installing the new version.
Supported Linux operating systems
The following Linux operating systems support the Linux iNode:
· Red Hat Enterprise Linux ES 6.1 (64-bit)
· Red Hat Enterprise Linux ES 7.0 (64-bit)
· Ubuntu 14.10 (64-bit)
· Fedora 20 (64-bit)
· CentOS 7.0 (64-bit)
Installing the Linux iNode as a root user
This example describes how to install the Linux iNode as a root user on Red Hat Enterprise Linux Server 7.0. The installation procedures on Ubuntu and Fedora are similar to the procedures on Linux.
To install the Linux iNode as a root user:
1. Log in to Linux as a root user.
|
|
NOTE: In Ubuntu, you must log in as administrator. Ubuntu does not support root users. |
2. Replicate the installation file to an existing directory. This example uses the directory /home/iNode.
cp iNodeClient_Linux.tar.gz /home/iNode/
Figure 1 Replicating the installation file
3. Decompress the installation file to directory /home/iNode/iNodeClient. Do not modify the directory name.
cd /home/iNode/
tar -zxvf iNodeClient_Linux.tar.gz
Figure 2 Decompressing the installation file
4. In the iNodeClient directory, install the Linux iNode.
./install.sh
|
|
NOTE: In Ubuntu, execute the sudo ./install.sh command to install the Linux iNode. |
Figure 3 Installing the Linux iNode
|
|
IMPORTANT: Before executing the install.sh command, make sure the root user has execution privileges. You can use the chmod 755 install.sh command to modify the execution privilege of the root user. |
Figure 4 Modifying the execution privilege of the root user
5. Verify the installation.
After installing the Linux iNode, execute the following command to determine whether AuthenMngService is enabled. If this service is enabled, you have installed the Linux iNode successfully.
ps -e | grep A
Figure 5 Verifying the installation
After installing the Linux iNode, you can run the iNode client without restarting the Linux operating system or enabling any other services.
For Deb format Linux iNode Management Center installation package, double-click the installation package to run it, no need for command-line operations.
Installing the Linux iNode as a nonroot user
This example describes how to install the Linux iNode as a nonroot user in Red Hat Enterprise Linux Server 7.0. The installation procedures on Ubuntu and Fedora are similar to the procedures on Linux.
|
|
NOTE: There is little difference in the installation steps between ordinary users and root users. This chapter does not repeat the installation process images. Please refer to “Installing the Linux iNode as a root user." |
To install the Linux iNode as a nonroot user:
1. Log in to Linux as a nonroot user.
2. Replicate the installation file to an existing directory. This example uses the directory /home/iNode/.
cp iNodeClient_Linux.tar.gz /home/iNode/
3. Decompress the installation file to directory /home/iNode/iNodeClient. Do not modify the directory name.
cd /home/iNode/
tar -zxvf iNodeClient_Linux.tar.gz
4. Switch to the root user.
su - root
5. In the iNodeClient directory, install the Linux iNode.
./install.sh
|
|
NOTE: In Ubuntu, execute the sudo ./install.sh command to install the Linux iNode. |
|
|
IMPORTANT: Before executing the install.sh command, make sure the root user has execution privileges. You can use the chmod 755 install.sh command to modify the execution privilege of the root user. |
6. Verify the installation.
After installing the Linux iNode, execute the following command to determine whether AuthenMngService is enabled. If this service is enabled, you have installed the Linux iNode successfully.
ps -e | grep A
7. Exit the root privilege.
exit
Using the Linux iNode for authentication
This chapter uses 802.1X authentication as an example to introduce the process of authentication using an iNode client.
|
|
NOTE: · If you log in and install the iNode client as a root user, you must run and use iNode as a root user. · If you log in and install the iNode client as a nonroot user, you must run and use iNode as a nonroot user. |
Opening the Linux iNode configuration page
1. Go to the installation directory of the Linux iNode, which is /home/iNode/iNodeClient/ in this example, and then execute the ls -l command, as shown in Figure 6.
Figure 6 Installation directory of the Linux iNode
2. Execute the sh ./iNodeClient.sh command to run the client. The Linux iNode configuration page opens, as shown in Figure 7.
Figure 7 Linux iNode configuration page
3. Click the Add icon 
on the Linux iNode configuration page.
The Create New Connection dialog box opens, as shown in Figure 8. The dialog box displays the authentication protocols supported by the iNode client, including 802.1X protocol, portal protocol, and SSL VPN protocol.
Figure 8 Creating a new connection
Configuring the 802.1X authentication connection
1. In the dialog box as shown in Figure 8, select the 802.1X protocol and click Next.
2. Configure parameters for the connection, as shown in Figure 9.
¡ From the Select NIC list, select a NIC to use for authentication if the PC has multiple physical or virtual NICs.
¡ Configure other parameters based on the network requirements. For information about the parameters, see Table 1.
Figure 9 Configuring a connection for authentication
Table 1 802.1X connection configuration parameters
|
Parameter |
Description |
|
Connection name |
Name of the new connection. |
|
Username |
User name. |
|
Password |
User password. |
|
RSA key |
This field is required when RSA authentication is enabled. This example does not use RSA authentication. |
|
Carry version info |
EIA offers a feature to check the client version number, ensuring that a newer version of the iNode client is used throughout the network. To implement this feature, you must select the Carry version info option on the iNode client. |
|
Upload IP address |
You must select the Upload IPv4 address option to use the iNode client to implement the following features with EIA: · User account and PC IP address binding. Online user auditing and tracking. · Analyzing and auditing user network access details. |
|
Broadcast logoff |
Usually, 802.1X uses multicast packets for logoff of users. If other network devices are connected between the user and the access device and these devices are configured to drop multicast packets, users cannot log off normally. In this case, you can select this option on the iNode client to enable using broadcast packets for 802.1X user logoffs. |
|
Auto authN after startup |
With this option selected, the iNode client automatically starts up after the OS starts up. The 802.1X authentication connection on the iNode client will then automatically performs authentication. |
|
Auto-renew IP address after disconnected |
This feature automatically changes the IP address of the user PC after the user logs off. For example, a user belongs to the guest VLAN after logging off and to the access VLAN while online. This feature can automatically change the user's IP address to an IP address that belongs to the guest VLAN after the user logs off, so the user can access resources in the guest VLAN. |
|
Connect after net restore |
This feature enables the iNode client to periodically probe the network status and, once the network is restored, will immediately initiate a new 802.1X authentication. |
|
Retry times |
Set the maximum number of times that the iNode client automatically retries to connect to the network. The minimum value is 3 and the maximum value is not limited. |
|
Retry interval |
Set the interval at which the iNode client automatically reconnects. The minimum interval is 5 minutes and the maximum interval is 5 hours. |
|
Packet type |
The iNode client supports using unicast and multicast packets for 802.1X authentication interaction. |
3. After configuration, click Finish to complete the new connection setup.
The new 802.1X connection appears on the iNode configuration page.
Performing an access authentication
Click the connection icon and select Connect, as shown in Figure 10.
Figure 10 Initiating user authentication
You can access the network after passing authentication, as shown in Figure 11.
Figure 11 Authentication passed
Uninstalling the Linux iNode
Only the root user can remove the Linux iNode.
To uninstall the Linux iNode:
1. Go to the installation directory of the Linux iNode, which is /home/iNode/iNodeClient/ in this example.
2. Uninstall the Linux iNode, as shown in Figure 12.
./uninstall.sh
Figure 12 Uninstalling the Linux iNode
|
|
NOTE: In Ubuntu, uninstall the Linux iNode by using the sudo ./uninstall.sh command as administrator. |
