您的当前位置：首页基于动态VLAN方式下的802.1x域用户认证

基于动态VLAN方式下的802.1x域用户认证

来源：智榕旅游

一、基本原理

802.1x认证系统由三个部分组成：

1、Supplicant 客户端，即802.1x客户端软件。Windows XP sp2/sp3,Windows Server 2003均内置。

2、Authenticator即支持802.1x的交换机、AP、RP。

3、认证服务器，接受从交换机/AP/RP转发来的用户认证请求，并确认用户的合法性，下发与用户相关的策略至交换机/AP/RP，打开/关闭相应的物理端口或者接受/拒绝关联，确保用户接入的安全性。

企业网中，在Windows域管理情况下，为了实现单点登录（Single Sign-on）,即域用户认证与802.1x认证统一为同一域用户认证。

在客户端计算机上，域用户认证与802.1x认证并行执行，逻辑上应该为802.1x先认证再作域用户认证便于域登录，然而新用户不完成域用户认证就不能进入客户端桌面启用802.1x认证，为此，先在未启用802.1x的端口/SSID接入客户端计算机，让该计算机注册到相应的域中，再将计算机接入到认证端口/SSID，在认证服务器（IAS）配置计算机认证策略，设置一个特殊的VLAN，在用户未登录时，计算机处于合法认证并可访问域服务器，用户登录后开始开始执行域服务器下发的组策略（GPO），执行RunLogon.vbs脚本，实现与用户相关的802.1x认证和域认证，获得与用户相应的VLAN和IP地址。计算机进入本地用户登录，则开始新的认证50s后失败，交换机关闭端口（AP/RP拒绝认证SSID建立关联），本地用户不能接入到网络。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

PC机认证流程图：

进入Windows登录界面按Ctrl+Alt+Delete开始计算机参加域认证成功失败查域服务器IAS访问策略和该计算机是否注册本地用户名登陆打开对应端口，分配相应 VLAN。DHCP获取IP 1分钟后关闭交换机关闭端口（拒绝关联）输入域用户名连接到域成功失败系统无法让您登录，请确定您的用户名及域无错误执行相应的策略Runlogon.vbs通过802.1x认证并分配到相应VLAN

二、实验环境

1、拓扑图

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

2、设计VLAN IP分配范围 10.1.10.0 VLAN ID VLAN 10 说明域/IAS/DHCP /DNS服务器所在网段 10.1.20.100～150 10.1.30.100～150 10.1.40.100～150 3、服务器

OS:Windows 2003 enterprise 域服务器 procurve1.demo DHCP/IAS/DNS 4、交换机、AP420、RP230

支持802.1x和动态VLAN下发，并在三层交换机上作DHCP relay 5、客户机

Windows XP sp2/sp3

VLAN 20 VLAN 30 VLAN 40 Administration Student 域计算机认证的VLAN 三、配置过程

1、交换机/AP配置

HP5308的配置：

; J4819A Configuration Editor; Created on release #E.10.71

hostname \"5308\" time timezone 480 module 2 type J4821B module 3 type J4820B module 4 type J4820B module 1 type J9001A module 6 type J8161A

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

interface ADP no lacp exit

interface AUP no lacp exit

sntp server 10.1.10.10 ip routing timesync sntp sntp unicast logging 10.1.10.10

snmp-server community \"public\" Unrestricted vlan 1

name \"DEFAULT_VLAN\"

untagged B2-B4,C1-C24,D1-D24,F1-F24 ip address 10.1.1.1 255.255.255.0 tagged AUP no untagged ADP,B1 exit

lldp auto-provision radio-ports auto-vlan 2100 auto vlan 2100

name \"VLAN2100\"

ip address 10.1.21.1 255.255.255.0 tagged ADP exit vlan 10

name \"VLAN10\" untagged B1

ip address 10.1.10.1 255.255.255.0 ip helper-address 10.1.10.10 tagged AUP，B2，C1

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

exit vlan 20

name \"VLAN20\"

ip address 10.1.20.1 255.255.255.0 ip helper-address 10.1.10.10 tagged AUP，B2，C1 exit vlan 30

name \"VLAN30\"

ip address 10.1.30.1 255.255.255.0 ip helper-address 10.1.10.10 tagged AUP，B2，C1 exit vlan 40

name \"VLAN40\"

ip address 10.1.40.1 255.255.255.0 ip helper-address 10.1.10.10 tagged AUP ，B2，C1 exit

; Encoded configuration data follows.

; Modifying this data makes the configuration unusable for restores.

wireless-services A config \"02f0JkVemXFZTFYy07RLb6qJUk1BR0lDAGYwNmM\" wireless-services A config \"0MGJhNzVmODkxNDZiNmUyNmM1YjhkMjhlMDEyAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAABAAAAAAAAAAoBAQr///8AAAAAAAAAAAAKAQE\" wireless-services A config \"BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\" wireless-services A config \"QAAAAAAAAAAAAAA\" ; End of configuration data.

HP2626的配置：

; J4900B Configuration Editor; Created on release #H.10.50

hostname \"ProCurve Switch 2626\" time timezone 480 interface 1 no lacp exit interface 2 no lacp exit

ip default-gateway 10.1.1.1 sntp server 10.1.10.10 timesync sntp sntp unicast logging 10.1.10.10

snmp-server community \"public\" Unrestricted vlan 1

name \"DEFAULT_VLAN\"

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

untagged 1-2,4-26

ip address 10.1.1.2 255.255.255.0 no untagged 3 exit vlan 10

name \"VLAN10\" tagged 26 exit vlan 20

name \"VLAN20\" tagged 26 exit vlan 30

name \"VLAN30\" tagged 26 exit vlan 40

name \"VLAN40\" untagged 3 tagged 26 exit

aaa authentication port-access eap-radius radius-server host 10.1.10.10 aaa port-access authenticator 1-2 aaa port-access authenticator active aaa port-access 1-2

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

AP420的配置：

Serial Number : TW601QB0D6

System Up time : 0 days, 5 hours, 29 minutes, 7 seconds System Name : Enterprise AP System Location :

System Contact : Contact System Country Code : CN - CHINA MAC Address : 00-16-35-9D-0B-10 IP Address : 10.1.1.42 Subnet Mask : 255.255.255.0 Default Gateway : 10.1.1.1

VLAN State : ENABLED(Dynamic VLAN ID) Management VLAN ID(AP): 1 (U) IAPP State : ENABLED DHCP Client : DISABLED HTTP Server : ENABLED HTTP Server Port : 80

HTTPS Server : DISABLED HTTPS Server Port : 443 Slot Status : 802.11g Radio Status : Enabled Software Version : v2.2.3 SSH Server : DISABLED SSH Server Port : 22 Telnet Server : ENABLED Max Telnet Session : 4

AP420高级设置：

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

Wireless service module的配置： !

! configuration of ProCurveWLANModule Wireless Services version WS.02.27! version 1.0 !

username manager password 1 7cf5ddcd54d4926deca3230083a01a31a8825e73 username manager privilege superuser

username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f ! ! !

country-code cn

snmp-server sysname Wireless Services snmp-server manager v2 snmp-server manager v3

snmp-server user manager v3 encrypted auth md5 0x9b92d2a3ae947f57272d4cf83802bcd7 snmp-server user operator v3 encrypted auth md5 0xfb2392a14cf80787b878006ab968a29b snmp-server user snmptrap v3 encrypted auth md5 0xa72a8a009babd9349ea626c2840aad46 fallback enable

ip web-management

ip http secure-trustpoint default-trustpoint ip secure-web-management !

wireless

wlan 1 enable wlan 1 ssid open wlan 1 vlan 40

no wlan 1 radius dynamic-vlan-assignment enable wlan 2 enable wlan 2 ssid test

wlan 2 encryption-type tkip wlan 2 authentication-type eap !

! configuration of ProCurveWLANModule Wireless Services version WS.02.27! version 1.0 !

username manager password 1 7cf5ddcd54d4926deca3230083a01a31a8825e73 username manager privilege superuser

username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f ! ! !

country-code cn

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

snmp-server sysname Wireless Services snmp-server manager v2 snmp-server manager v3

ip web-management

ip http secure-trustpoint default-trustpoint ip secure-web-management !

wireless

wlan 1 enable wlan 1 ssid open wlan 1 vlan 40

no wlan 1 radius dynamic-vlan-assignment enable wlan 2 enable wlan 2 ssid test

wlan 2 encryption-type tkip wlan 2 authentication-type eap

Wireless Service Module的高级设置：

创立两个SSID：open和test。Open为计算机加入域用，才用开放方式；test做802.1X认证，控制用户的接入VLAN。

编辑open的信息。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

编辑test的相关信息。

配置test的Radius信息。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

两个SSID建立后如上图所示。

2、服务器配置

a. 在未设置802.1x状态的端口将客户机注册到域中，具体过程如下所示：

(1)首先，选择“网上邻居”的属性，将“首选DNS服务器”中填入

DNS服务器的IP地址。

(2)其次，打开“我的电脑”的属性。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(3)找到“计算机名”标签，点击更改。

(4)在“隶属于”中点击“域”，输入要加入域的名字。

(5)如果配置正确，会弹出验证窗口。

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(6)输入有效的用户名/密码。

(7)如果正确，会显示“欢迎加入……”消息

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(8)多次点击确定，重新启动计算机。 b. DHCP 配置，如下所示：

(1)首先，单击“开始”->“管理工具”->“DHCP”，选择“新建作用域”。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(2)单击“下一步”。

(3)输入作用域名称并单击“下一步”。

(4)输入IP地址的范围以及长度和掩码，单击“下一步”。

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(5)输入路由器的IP地址，并添加，单击“下一步”。

(6)输入DNS服务器的IP地址，并添加，单击“下一步”。

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(7)点击两次“下一步”后，单击“完成”结束配置。

c. IAS 服务器配置 Radius client/计算机策略/用户策略，如下所示： (1)首先，选择“开始”->“管理工具”->“Internet验证服务”，右键单击“RADIUS客户端”点击“新建RADIUS客户端”。

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(2)其次，输入一个好记的名称和客户端IP地址，单击“下一步”。

(3)然后输入共享机密，单击“完成”结束RADIUS客户端的配置。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(4)在右侧我们可以看到新建立的客户端。

(5)右键单击“远程访问策略”->“新建远程访问策略”。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(6)点击一次“下一步”后，配置计算机认证策略用于，选择“设置自定义策略”并输入“策略名”，单击“下一步继续。”

(7)点击“添加”，在“选择属性”中选择“Windows-Groups”,再选择“添加”，选择“高级”->“立即查找”选择你想要添加的组，单击“确定”。

(8)单击“确定”。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(9)单击“确定”。

(10)单击“确定”后点击“下一步”。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(11)选择“授予远程访问权限”后，单击“下一步”。

(12)单击“编辑配置文件”，在弹出的框中单击“EAP方法”，选择“受保护的EAP(PEAP)”，单击“确定”。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(13)再点击“编辑拨入配置文件”的高级框，单击“添加”，在弹出框中，选择如下3个参数添加进去。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(14)在弹出框中，选择如下3个参数添加进去(这里以VLAN40为例)。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(15)单击“确定”后，如下图显示；

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(16)单击“确定”，完成策略的配置。

相同的方法，配置Administration与Student的策略,验证的用户组为对应部门的域用户组。

d. 添加脚本/活动目录和计算机下的GPO配置添加4个脚本，脚本详情参见附录Ⅰ。

将脚本“ConfigureSupplicant.vbs”和“CopyRunLogon.vbs”添加到目录：

C:\\WINDOWS\\SYSVOL\\domain\\Policies\\\\MACHINE\\Scripts\\Startup

将脚本“RunLogon.vbs”“Logon.vbs”添加到目录：

C:\\WINDOWS\\SYSVOL\\sysvol\\procurve.com\\scripts

需修改CopyRunLogon.vbs中的Logon Server为域服务器的计算机名，如： //procurve-vpmdsn.procurve.com

活动目录和计算机下的GPO配置

(1)首先，选择“开始”->“管理工具”->“用户与计算机”，右键点击“procurve1.demo”的属性。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(2)在弹出的框中，选择“组策略”，双击“Default Domain Policy”。

(3)在弹出的框中，选择“Windows设置”下的“脚本”，双击右边对话

框的“启动”

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(4) 双击“启动”后，单击“添加”，在弹出的对话框中选择“浏览”，

将脚本“ConfigureSupplicant.vbs”和“CopyRunLogon.vbs”打开。

(5)单击“确定”后，如下图所示：

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(6)返回到“组策略编辑器”界面，点击“计算机配置”->“Windows设置”->“安全设置”->“无线网络（IEEE 802.11）”。单击右键，选择创建无线网络策略，如下图：

（7）根据向导进行设置，如下图：

（8）点击下一步，为无线网络策略设置一个名称以及描述信息，如下图：

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

（9）选中“编辑属性”选项，单击“完成”跳到属性页。

（10）选择“仅访问点（结构）网络”，再点击“首选网络”，如下图：

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

（11）在网络名中填入您的网络的SSID，并按下图进行设置：*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

（12）设置IEEE802.1X属性，如下图：

（13）点击“设置”按钮，进行如下图的设置：

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

（14）多次点击“确定”返回“组策略编辑器”界面，如下图：

（15）点击计算机配置”->“Windows设置”->“安全设置”->“系统服务”，双击“Wireless Configuration”服务，做如下图更改。

(16)点击“确定”返回到“组策略编辑器”界面，然后点击“用户配置”->“管理面板”->“系统”下的“登录”。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(17)双击右侧面板的“在用户登录时运行这些程序”。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(18)在弹出的对话框选择“已启用”，然后单击“显示”再选择“添加”，在“输入要添加的项目”中添加“RunLogon.vbs”，然后点击多次“确定”关闭对话框。

e. PC机配置认证设置,sp3启动wired serverice的过程：

有两种方式可以完成此项：

(1) 在注册表中更改：

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Dot3svc，将“start”的值修改为2即“start”=DWORD:0x00000002(2)

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(2)在管理工具的服务选项中修改：

控制面板->管理工具->服务->启动Wired AutoConfig，并将启动类型其改为自动。

sp2/sp3 用户端的配置过程，如下图所示：

(1)选择“本地连接”的属性，启用IEEE 802.1X身份验证，选择“受保护的EAP(PEAP)”。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(2)选择“设置”，按下图进行配置。

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(3)选择“配置”，按下图进行设置

(4)选择“自动获取IP地址”和“自动获得DNS服务器地址”。

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

四、维护措施

1、交换机

a. 检查802.1x认证状态 show port-access authenticator

show port-access authenticator session-counters

(1)在用户启动电脑，在登录界面时，show port-access authenticator 和show port-access

authenticator session-couters 我们可以看到认证信息如下所示:

(2)当用户用VLAN 20的帐号adm1登录时，show port-access authenticator 和show port-access

authenticator session-counters ，可看到认证信息如下所示：

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(3)当用户用VLAN 30的帐号stu1登录时，show port-access authenticator 和 show port-access authenticator session-counters ，可看到认证信息如下所示：

(4)当用户用本机帐号登录时，show port-access authenticator 和show port-access authenticator session-counters ，可看到认证信息如下所示：

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

b. 检测Radius 配置 Show run show log

2、服务器

a. 查看计算机是否注册，通过active directory 域名computer

b. 事件日志

在用户登录的同时，我们可以观察服务器的事件日志。 (1) 在用户启动电脑到登录界面的时，在服务器上，我们可以看到如下事件日志：

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(2) 在用户用帐号adm1登录时，查看服务器上的事件日志如下所示：

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(3) 在用户用帐号stu1登录时，查看服务器上的事件日志如下所示：*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(4) 在用户用本机帐号登录时，查看服务器上的事件日志如下所示:

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

*************************************

湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

3、PC机

a. 检查GPO配置是否执行

在c:\\windows\\Temp目录下查.log可以看到两个文本文件，如下所示:

我们可以查看c:\\windows\\RunLogon.vbs看RunLogon.vbs是否已经复制到本地。log在2008-10-11下午 04：17：42下发到客户端。

b. 检查“本地连接属性”中的设置情况，如下图：

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

c. 检查所获得的IP

(1) 当以用户adm1登录时，查看所获得的IP如下所示:

(2) 当以用户hp1登录时，查看所获得的IP如下所示:

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

(3) 当以用户登录本机时，查看所获得的IP如下所示:

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

附录Ⅰ：脚本

脚本ConfigureSupplicant.vbs

' -----------------------------------------------------------------' ' ConfigureSupplicant.vbs script

' -----------------------------------------------------------------' '

' What's the purpose of this script?

' This script configures the Windows XP 802.1X supplicant for Wired interfaces. ' Applied as a startup script in a Computer GPO, it automates the settings. '

' What settings does the script apply to the supplicant?

' 1- Script sets the authentication mode to \"Computer authentication with User re-authentication mode\" ' (AuthMode key)

' This is not available through the User Interface neither through GPO

' 2- It sets the supplicant to comply IEEE 802.1X standard (SupplicantMode key) ' This accelerates 802.1X authentication. ' 3- Script enables computer authentication

' 4- It sets PEAP MSCHAPV2 as the authentication type ' 5- It enables Fast Reconnect ' 6- It enables Certificate Validation

' 7- It enables Single Sign-On: use of logon credential for 802.1X User Authentication ' What are the conditions to apply the script?

' The computer needs to be a member of the Active Directory Domain ' The computer GPO executes the script as a startup script.

' The computer has to be on an unsecured port for the script to run for the first time.

' Note that Script applies to Windows XP Professional only. There's an OS check in the start of the script. ' How do we make sure script is executed?

' You've to set a GPO (Group Policy Object) and set the script as the startup script. ' See more details in the 802.1X-solving-timing-issues.doc document ' How can we verify the execution?

' The script writes log to a local file for verifiaction. ' Why wired interfaces only?

' The script is intended to set supplicant parameters for wired interface only ' There is no other way to automate the wired supplicant setting.

' For Wireless interfaces, the Wireless Network Setup GPO should be used ' What parameters need to be changed in that file to adapt to my network? ' This script has no specific parameters for configuration. ' It's possible to enable debug in the top of the script. ' Version history

' -----------------------------------------------------------------' ' Version 15.05.2007: ' - Documentation ' Version 09.05.2007:

' - Write to LocalLogFile, for verification ************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 ' Version 08.04.2007: ' - Initial release ' ToDo?

' -----------------------------------------------------------------' ' Configuration should be done at the top.

' The script should not loop and configure all interfaces, just wired interfaces. ' -----------------------------------------------------------------' ' -----------------------------------------------------------------' ' Start of Configuration ' Enable debug information DebugMsg = \"0\"

' Defining local log-file - in %TEMP% directory LocalLogFile = \"ConfigureSupplicant.log\" ' End of configuration

' -----------------------------------------------------------------' ' -----------------------------------------------------------------' strComputer = \".\" ComputerOS = \"\" Dim regex, matches Set regex = New RegExp regex.Global = True Dim oFSO Dim WSHShell Dim tf

Set oFSO = CreateObject(\"Scripting.FileSystemObject\") Set WSHShell = CreateObject(\"Wscript.Shell\")

logdirectory = WSHShell.ExpandEnvironmentStrings(\"%TEMP%\") Set tf = oFSO.CreateTextFile(logdirectory & \"\\\" & LocalLogFile, True) ' Writing to log-file tf.WriteBlankLines(2)

tf.WriteLine(\"Starting the script: \" & Date & \" \" & Time) tf.WriteBlankLines(2) ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Logging to this file: \" & logdirectory & \"\\\" & LocalLogFile End if

' Writing to log-file

tf.WriteLine(\"Logging to this file: \" & logdirectory & \"\\\" & LocalLogFile) tf.WriteBlankLines(1)

Set objWMIService = GetObject(\"winmgmts:\" _

& \"{impersonationLevel=impersonate}!\\\\\" & strComputer & \"\\root\\cimv2\") Set colOperatingSystems = objWMIService.ExecQuery _ (\"Select * from Win32_OperatingSystem\")

For Each objOperatingSystem in colOperatingSystems ************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 ComputerOS = objOperatingSystem.Caption Next

' Only run on \"Windows XP\" regex.Pattern = \"Windows XP\"

Set matches = regex.Execute(ComputerOS) If matches.Count > 0 Then ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Computer is running \" & ComputerOS & \". Automatically configuring supplicant.\" End if

' Writing to log-file

tf.WriteLine(\"Computer is running \" & ComputerOS & \". Automatically configuring supplicant.\") tf.WriteBlankLines(1)

const HKEY_LOCAL_MACHINE = &H80000002 Set StdOut = WScript.StdOut strValue = \"\" Dim sArray(25)

Set oReg=GetObject(\"winmgmts:{impersonationLevel=impersonate}!\\\\\" &_ strComputer & \"\\root\\default:StdRegProv\") ' Configure global supplicant paramters

strKeyPath = \"SOFTWARE\\Microsoft\\EAPOL\\Parameters\\General\\Global\" ' SupplicantMode ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Configure SupplicantMode\" End if

' Writing to log-file

tf.WriteLine(\"Configure SupplicantMode\") tf.WriteBlankLines(1) ' 1 - Do not transmit.

' Specifies that EAPOL-Start messages are not sent. ' 2 - Transmit.

' Determines when to send EAPOL-Start messages and, if needed, sends an EAPOL-Start message. ' 3 - Transmit per 802.1X.

' Sends an EAPOL-Start message upon association to initiate the 802.1X authentication process. strValueName = \"SupplicantMode\" dwValue = 3

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue ' AuthMode ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Configure AuthMode\" End if

' Writing to log-file

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 tf.WriteLine(\"Configure AuthMode\") tf.WriteBlankLines(1)

' 0 - Computer authentication mode.

' If computer authentication is successful, no user authentication is attempted.

' If the user logon is successful before computer authentication, user authentication is performed. ' This is the default setting for Windows XP (prior to Service Pack 1). ' 1 - Computer authentication with re-authentication.

' If computer authentication is successful, a subsequent user logon results in a re-authentication ' with user credentials.

' The user logon has to complete in 60 seconds or the existing network connectivity is terminated. ' The user credentials are used for subsequent authentication or re-authentication. ' Computer authentication is not attempted again until the user logs off the computer. ' This is the default setting for Windows XP Service Pack 1 (SP1) and Windows Server 2003. ' 2 - Computer authentication only.

' When a user logs on, it has no effect on the connection. ' Only computer authentication is performed.

' The exception to this behavior is when a user successfully logs on, and then roams between wireless APs. ' In that case, user authentication is performed.

' For changes to this setting to take effect, restart the Wireless Zero Configuration service for Windows ' XP or Windows Server 2003. strValueName = \"AuthMode\" dwValue = 1

oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue ' Configure each interface ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Configure interfaces\" End if

' Writing to log-file

tf.WriteLine(\"Configure interfaces\") tf.WriteBlankLines(1)

strKeyPath = \"SOFTWARE\\Microsoft\\EAPOL\\Parameters\\General\"

oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,\"InterfaceList\If len(strValue) > 45 Then 'gather all devices from key i = -1

'Minimum Length must be at least 46 in the string for a device to work While len(strValue) > 45 i = i + 1

sArray(i) = Left(strValue,46)

strValue = Replace(strValue, sArray(i), \"\") sArray(i) = Replace(sArray(i), \"\\DEVICE\\\Wend

'loop through all devices on computer ************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 If Not i=-1 Then For j=0 to i strValue = sArray(j)

strKeyPath = \"SOFTWARE\\Microsoft\\EAPOL\\Parameters\\Interfaces\\\" & strValue strValueName = \"1\" ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Configure interface \" & strValue End if

' Writing to log-file

tf.WriteLine(\"Configure interface \" & strValue) tf.WriteBlankLines(1) 'Define byte's array to copy

aArray = Array(&H05, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &Hc0, &H19, &H00, _

&H00, &H00, &H20, &H00, &H00, &H00, &H11, &H22, &H33, &H11, &H22, &H33, &H11, &H22, &H33, &H11, _

&H22, &H33, &H11, &H22, &H33, &H11, &H22, &H33, &H11, &H22, &H33, &H11, &H22, &H33, &H11, &H22, _

&H33, &H11, &H22, &H33, &H11, &H22, &H0d, &H00, &H00, &H00, &H28, &H00, &H00, &H00, &H00, &H00, _

&H00, &H00, &H28, &H00, &H00, &H00, &H05, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, _

&H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, _

&H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H00, &H19, &H00, &H00, &H00, &H36, &H00, _

&H00, &H00, &H01, &H00, &H00, &H00, &H36, &H00, &H00, &H00, &H01, &H00, &H00, &H00, &H01, &H00, _

&H00, &H00, &H01, &H00, &H00, &H00, &H15, &H00, &H00, &H00, &H17, &H00, &H00, &H00, &H00, &H00, _

&H00, &H00, &H00, &H00, &H01, &H00, &H00, &H00, &H0f, &H00, &H00, &H00, &H1a, &H00, &H00, &H00, _

&H00, &H00, &H00, &H00, &H02, &H00, &H00, &H00, &H00, &H00, &H00, &H00) 'Fill array with values of the key; 'array elemnts starts from 0 an up,

'so I need to change bArray(2) element's value 'Check if key exists before moving on

'If Not RegKeyExists(HKLM,\"SOFTWARE\\Microsoft\\EAPOL\\Parameters\\Interfaces\oReg.CreateKey HKEY_LOCAL_MACHINE, \"SOFTWARE\\Microsoft\\EAPOL\\Parameters\\Interfaces\" oReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath 'End If

'Changing the data in the array

'11 byte = Hex(40) = Dec(64) = 802.1X Disabled ************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 ' = Hex(80) = Dec(128) = 802.1X Enabled

' = Hex(c0) = Dec(192) = 802.1X Enabled and Authenticate as Computer

' = Hex(e0) = Dec(224) = 802.1X Enabled and Authenticate as Computer & Authenticate as Guest aArray(11) = 192

'12 byte = Hex(04) = Dec(4) = MD5-Challenge ' = Hex(19) = Dec(25) = Protected EAP (PEAP) ' = Hex(0D) = Dec(13) = Smart Card or other Certificate aArray(12) = 25

'124 byte = Hex(00) = Dec(0) = Disable Fast Reconnect ' = Hex(01) = Dec(1) = Enable Fast Reconnect aArray(124) = 1

'136 byte = Hex(17) = Dec(23) = PEAP Properties Disable Validate Server Certificate

' = Hex(15) = Dec(21) = PEAP Properties Enable Validate Server Certificate Disable Connect to ' there servers

' = Hex(11) = Dec(17) = PEAP Properties Enable Validate Server Certificate Enable Connect to ' there servers aArray(136) = 21

'154 byte = Hex(0d) = Dec(13) = Smart Card Authentication Method ' = Hex(1a) = Dec(26) = Secured Password (EAP-MSCHAP v2) aArray(154) = 26

'162 byte = Hex(00) = Dec(0) = Disable Automatic Use WinLogin ' = Hex(02) = Dec(2) = Enable Automatic Use WinLogin aArray(162) = 02 'Write infromation back

oReg.SetBinaryValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, aArray sArray(j) = \"\" ' end loop Next End If End if Else ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Computer is running \" & ComputerOS & \". Supplicant will not be configured by this script.\" End if

' Writing to log-file

tf.WriteLine(\"Computer is running \" & ComputerOS & \". Supplicant will not be configured by this script.\") tf.WriteBlankLines(1) End if

' Writing to log-file tf.WriteBlankLines(1)

tf.WriteLine(\"Stopping the script: \" & Date & \" \" & Time) tf.WriteBlankLines(2) tf.Close

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证

Wscript.Quit

脚本CopyRunLogon.vbs

' -----------------------------------------------------------------' ' CopyRunLogon.vbs script

' -----------------------------------------------------------------' ' What is the purpose of that script?

' This script copies \"Runlogon.vbs\" from \\NETLOGON share to the local disk. ' Runlogon.vbs script will be then executed as a logon script when user will authenticate ' Why do we need to run a logon script from local instead of remote location? ' Because with the current XP supplicant there are timing issues.

' Execution of scrip is started as the same time VLAN is changed and DHCP is started. ' It results in a failed execution.

' See additional explanations in Runlogon.vbs script ' What are the conditions to apply the script?

' The computer GPO executes the script as a startup script along with ConfigureSupplicant.vbs. ' How do we make sure script is executed?

' You've to set a GPO (Group Policy Object) and set the script as the startup script. ' See more details in the 802.1X-solving-timing-issues.doc document ' How can we verify the execution?

' The script logs to a local file for verifiaction.

' What parameters need to be changed in that file to adapt to my network? ' You have to define your logon-servers.

' It's possible to enable debug and change some timers in the top of the script. ' Version history

' -----------------------------------------------------------------' ' Version 15.05.2007: ' - Documentation ' Version 09.05.2007 01:00:

' - Write to LocalLogFile, for verification ' Version 08.05.2007 00:30:

' - Loop an server-array for testing for NETLOGON ' - Implement MaxLoopCount

' - Test for NETLOGON before the actual copying, in case reached MaxLoopCount ' Version 08.04.2007 17:00: ' - Initial release ' ToDo?

' -----------------------------------------------------------------' ' -----------------------------------------------------------------' ' -----------------------------------------------------------------' ' Start of Configuration ' Enable debug information DebugMsg = \"0\"

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 ' We have to predefine the Array Size Dim LogonServers(4)

' Defining the logon-servers 设定域服务器名字 LogonServers(0) = \"\\\\server1\" LogonServers(1) = \"\\\\server2\" LogonServers(2) = \"\\\\server3\" LogonServers(3) = \"\\\\server4\" LogonServers(4) = \"\\\\server5\" ' Overwrite an existing RunLogon.vbs OverWriteExisting = True ' Sleep timer between each loop LoopSleep = 1000 ' 1000 is 1 second ' Defining MAX loops. MaxLoopCount = 100

' Defining local log-file - in %TEMP% directory LocalLogFile = \"CopyRunLogon.log\" ' End of configuration

' -----------------------------------------------------------------' ' -----------------------------------------------------------------' ' Setting initial sTestPath

sTestPath = LogonServers(LBound(LogonServers)) &\"\\NETLOGON\" ' Setting initial value LoopCount = 1 ' Setting initial value

ServerCounter = LBound(LogonServers) Dim oFSO Dim oVolatileEnv Dim WSHShell Dim WSHProcess Dim tf

Set oFSO = CreateObject(\"Scripting.FileSystemObject\") Set WSHShell = CreateObject(\"Wscript.Shell\") Set WSHProcess = WSHShell.Environment(\"Process\")

logdirectory = WSHShell.ExpandEnvironmentStrings(\"%TEMP%\") Set tf = oFSO.CreateTextFile(logdirectory & \"\\\" & LocalLogFile, True) ' Determine windows install directory SystemWindir = WSHProcess(\"windir\") ' Writing to log-file tf.WriteBlankLines(2)

tf.WriteLine(\"Starting the script: \" & Date & \" \" & Time) tf.WriteBlankLines(2) ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Logging to this file: \" & logdirectory & \"\\\" & LocalLogFile ************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 End if

' Writing to log-file

tf.WriteLine(\"Logging to this file: \" & logdirectory & \"\\\" & LocalLogFile) tf.WriteBlankLines(1)

' Loop until \\NETLOGON are available or reaching MaxLoopCount Do Until (oFSO.FolderExists(sTestPath) or LoopCount=MaxLoopCount) ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Testing for this path: \" & sTestPath End if

' Writing to log-file

tf.WriteLine(\"Testing for this path: \" & sTestPath) tf.WriteBlankLines(1)

if ServerCounter = UBound(LogonServers) then ServerCounter = LBound(LogonServers)

sTestPath = LogonServers(ServerCounter) &\"\\NETLOGON\" else

ServerCounter = ServerCounter + 1

sTestPath = LogonServers(ServerCounter) &\"\\NETLOGON\" End if

LoopCount = LoopCount + 1 WScript.Sleep LoopSleep Loop

If oFSO.FolderExists(sTestPath) then ' Debug

If DebugMsg = 1 Then

Wscript.Echo sTestPath & \" is available.\" End if

' Writing to log-file

tf.WriteLine(sTestPath & \" is available.\") tf.WriteBlankLines(1) ' Copy file

oFSO.CopyFile sTestPath & \"\\RunLogon.vbs\' Debug

If DebugMsg = 1 Then

Wscript.Echo \"RunLogon.vbs is copied from \" & sTestPath & \" to \" & SystemWindir End if

' Writing to log-file

tf.WriteLine(\"RunLogon.vbs is copied from \" & sTestPath & \" to \" & SystemWindir) tf.WriteBlankLines(1)

elseif LoopCount=MaxLoopCount then ' Debug

If DebugMsg = 1 Then

Wscript.Echo sTestPath & \" is NOT available. Reached MaxLoopCount.\" ************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 End if

' Writing to log-file

tf.WriteLine(sTestPath & \" is NOT available. Reached MaxLoopCount.\") tf.WriteBlankLines(1) else ' Debug

If DebugMsg = 1 Then

Wscript.Echo sTestPath & \" is NOT available. Undefined!\" End if

' Writing to log-file

tf.WriteLine(sTestPath & \" is NOT available. Undefined!\") tf.WriteBlankLines(1) End if

' Writing to log-file tf.WriteBlankLines(1)

tf.WriteLine(\"Stopping the script: \" & Date & \" \" & Time) tf.WriteBlankLines(2) tf.Close Wscript.Quit

脚本RunLogon.vbs

' -----------------------------------------------------------------' ' RunLogon.vbs script

' -----------------------------------------------------------------' ' What is the purpose of that script?

' This script solves the timing issue of User logon script execution.

' When user logs on and VLAN are changed, logon script is run at the same time interface try ' to acquire new DHCP address.

' This usually results in failing the execution of the script. ' How does the script solve the timing issue? ' The RunLogon script runs from local disk.

' It then loops and checks for connectivity to be established before it executes the actual ' logon script that sits on ' NETLOGON share

' How is the RunLogon script executed? ' It is set as the logon script in User GPO. ' How can we verify the execution?

' The script logs to a local file for verifiaction.

' What parameters need to be changed in that file to adapt to my network?

' You have to customize the startup of the actual logon-script. Default this script will ' run logon.cmd from NETLOGON share.

' It's possible to enable debug and change some timers in the top of the script. ' Version history

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 ' -----------------------------------------------------------------' ' Version 15.05.2007: ' - Documentation ' Version 09.05.2007:

' - Write to LocalLogFile, for verification ' - Implement MaxLoopCount

' - Test for NETLOGON before the actual copying, in case reached MaxLoopCount ' Version 20.04.2007 00:05: ' - Added sleep in end of script. ' Version 20.04.2007 00:00: ' - Added sleep in start of script. ' Version 08.04.2007 17:00: ' - Initial release.

' -----------------------------------------------------------------' ' ToDo?

' Sleep timer at start of script StartSleep = 1000 ' 1000 is 1 second ' Sleep timer between each loop LoopSleep = 5000 ' 1000 is 1 second ' Sleep timer at end of script EndSleep = 1000 ' 1000 is 1 second ' Defining MAX loops. MaxLoopCount = 100

' Defining local log-file - in %TEMP% directory LocalLogFile = \"RunLogon.log\" ' End of configuration

' -----------------------------------------------------------------' ' -----------------------------------------------------------------' ' Setting initial value LoopCount = 1 Dim oFSO Dim oShell Dim oVolatileEnv Dim WSHShell Dim WSHProcess Dim tf

Set oFSO = CreateObject(\"Scripting.FileSystemObject\") Set oShell = CreateObject(\"WScript.Shell\") ************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 Set oVolatileEnv = oShell.Environment(\"VOLATILE\") Set WSHShell = CreateObject(\"Wscript.Shell\") Set WSHProcess = WSHShell.Environment(\"Process\")

logdirectory = WSHShell.ExpandEnvironmentStrings(\"%TEMP%\") Set tf = oFSO.CreateTextFile(logdirectory & \"\\\" & LocalLogFile, True) WScript.Sleep StartSleep ' Writing to log-file tf.WriteBlankLines(2)

tf.WriteLine(\"Starting the script: \" & Date & \" \" & Time) tf.WriteBlankLines(2) ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Logging to this file: \" & logdirectory & \"\\\" & LocalLogFile End if

' Writing to log-file

tf.WriteLine(\"Logging to this file: \" & logdirectory & \"\\\" & LocalLogFile) tf.WriteBlankLines(1)

' Test on volatile environment variable to avoid running logon script if the user have ' already run the logon script.

' If Not oVolatileEnv(\"LogonScript\") = \"Done\" Then 'Determine logon server

'Note: Results will be in format \\\\Server LogOnServer = WSHProcess(\"LogonServer\") sTestPath = LogOnServer &\"\\NETLOGON\" ' Writing to log-file

tf.WriteLine(\"LogOnServer is \" & LogOnServer) tf.WriteBlankLines(1) ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"LogOnServer is \" & LogOnServer End if

' Loop until \\NETLOGON are available or reaching MaxLoopCount Do Until (oFSO.FolderExists(sTestPath) or LoopCount=MaxLoopCount) ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Testing for this path: \" & sTestPath End if

' Writing to log-file

tf.WriteLine(\"Testing for this path: \" & sTestPath) tf.WriteBlankLines(1) LoopCount = LoopCount + 1 WScript.Sleep LoopSleep Loop

If oFSO.FolderExists(sTestPath) then ************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 ' Debug

If DebugMsg = 1 Then

Wscript.Echo sTestPath & \" is available.\" End if

' Writing to log-file

tf.WriteLine(sTestPath & \" is available.\") tf.WriteBlankLines(1)

' --------------------------------------------------------------------- ' Run logon script

' If running vbs logon script

sLogonScript = LogOnServer & \"\\NETLOGON\\logon.vbs\" oShell.Run \"wscript.exe \" & sLogonScript, 1, False ' If running cmd/bat logon script

' sLogonScript = LogOnServer & \"\\NETLOGON\\logon.cmd\" ' oShell.Run sLogonScript, 1, False ' Debug

If DebugMsg = 1 Then

Wscript.Echo \"Logon script is executed\" End if

' Writing to log-file

tf.WriteLine(\"Logon script is executed\") tf.WriteBlankLines(1)

elseif LoopCount=MaxLoopCount then ' Debug

If DebugMsg = 1 Then

Wscript.Echo sTestPath & \" is NOT available. Reached MaxLoopCount.\" End if

' Writing to log-file

tf.WriteLine(sTestPath & \" is NOT available. Reached MaxLoopCount.\") tf.WriteBlankLines(1) else ' Debug

If DebugMsg = 1 Then

Wscript.Echo sTestPath & \" is NOT available. Undefined!\" End if

' Writing to log-file

tf.WriteLine(sTestPath & \" is NOT available. Undefined!\") tf.WriteBlankLines(1) End if ' Else ' Debug

' If DebugMsg = 1 Then

' Wscript.Echo \"Logon script has already been executed\" ' End if

************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 ' Writing to log-file

' tf.WriteLine(\"Logon script has already been executed\") ' tf.WriteBlankLines(1) ' End If

WScript.Sleep EndSleep

' oVolatileEnv(\"LogonScript\") = \"Done\" ' Writing to log-file tf.WriteBlankLines(1)

tf.WriteLine(\"Stopping the script: \" & Date & \" \" & Time) tf.WriteBlankLines(2) tf.Close Wscript.Quit

脚本Logon.vbs

' -----------------------------------------------------------------' ' Logon.vbs script

' -----------------------------------------------------------------' ' What is the purpose of the script?

' This script is the logon script. You will need to adapt it to the needs of your own organization ' How is this script executed?

' This script is run from RunLogon, which runs locally. ' -----------------------------------------------------------------'

' This is an example of logon script. You should adapt it to your organization's needs. ' -----------------------------------------------------------------' Option Explicit

Dim objNetwork, strRemotePath1, strRemotePath2, strRemotePath3, strRemotePath4, strRemotePath5, strRemotePath6

Dim strDriveLetter1, strDriveLetter2, strDriveLetter3, strDriveLetter4, strDriveLetter5, strDriveLetter6 Dim strUserName On Error Resume Next strDriveLetter1 = \"k:\" strDriveLetter2 = \"l:\" strDriveLetter3 = \"m:\" strDriveLetter4 = \"n:\" strDriveLetter5 = \"o:\" strDriveLetter6 = \"p:\"

strRemotePath1 = \"\\\\SERVER1\\FILES\" strRemotePath2 = \"\\\\SERVER1\\PROG\" strRemotePath3 = \"\\\\SERVER1\\MULTIMEDIA\" strRemotePath4 = \"\\\\SERVER1\\UNATTEND\" strRemotePath5 = \"\\\\SERVER1\\CORP\" strRemotePath6 = \"\\\\SERVER1\\\"

Set objNetwork = CreateObject(\"WScript.Network\") ************************************* 湖南工程学院惠普网络实验中心

基于动态VLAN方式下的802.1x域用户认证 strUserName = objNetwork.UserName ' Section which maps drives:

objNetwork.MapNetworkDrive strDriveLetter1, strRemotePath1 objNetwork.MapNetworkDrive strDriveLetter2, strRemotePath2 objNetwork.MapNetworkDrive strDriveLetter3, strRemotePath3 objNetwork.MapNetworkDrive strDriveLetter4, strRemotePath4 objNetwork.MapNetworkDrive strDriveLetter5, strRemotePath5

objNetwork.MapNetworkDrive strDriveLetter6, strRemotePath6 & strUserName ' ----------------------------------------------------------------------------

' CAUTION: you should not remove this part as it is used in RunLogon.vbs script ' which uses it to check execution of logon script

' ---------------------------------------------------------------------------- Set oShell = CreateObject(\"WScript.Shell\")

Set oVolatileEnv = oShell.Environment(\"VOLATILE\") oVolatileEnv(\"LogonScript\") = \"Done\" Wscript.Quit

************************************* 湖南工程学院惠普网络实验中心

因篇幅问题不能全部显示，请点此查看更多更全内容

查看全文