NAS 有线校园网认证教程 —— 无需浏览器自动认证
一、问题背景
许多 NAS 设备(如飞牛NAS、群晖、威联通等)采用纯命令行界面,没有可视化浏览器,无法通过校园网认证门户完成登录。本文提供一种无需浏览器的解决方案,通过调用校园网认证 API 实现自动认证。
二、适用场景
- NAS 通过有线网口连接校园网
- 校园网采用深澜认证系统(或其他支持 API 认证的系统)
- NAS 无可视化操作界面
- 需要开机自动认证、定时重认证
三、原理说明
校园网认证系统通常提供 HTTP API 接口,我们可以通过脚本直接调用这些接口完成认证,无需浏览器。典型流程如下:
- 获取客户端 IP:调用
/api/v1/ip 接口获取认证服务器看到的 IP 地址
- 查询认证状态:调用
/api/v1/pre_login 检查当前 IP 是否已认证
- 提交认证请求:调用
/api/v1/login 提交账号密码完成认证
四、部署步骤
4.1 准备脚本
创建认证脚本 njxzc_auth.sh:
#!/bin/bash
# ==================== 用户配置区 ====================
USERNAME="你的学号或工号"
PASSWORD="你的密码"
NET_INTERFACE="enp3s0" # 你的网卡名称,通过 ip addr show 查看
# ====================================================
AUTH_BASE="http://a.njxzc.edu.cn"
LOG_FILE="/var/log/njxzc_auth.log"
HEADERS=('-H' 'Content-Type: application/json;charset=gbk')
log() {
local level="$1"; shift
local msg="[$(date '+%Y-%m-%d %H:%M:%S')] [$level] $*"
echo "$msg"
echo "$msg" >> "$LOG_FILE" 2>/dev/null
}
get_local_ip() {
local ip=""
if [ -n "$NET_INTERFACE" ]; then
ip=$(ip addr show "$NET_INTERFACE" 2>/dev/null \
| grep -oP '(?<=inet\s)\d+(\.\d+){3}' | head -1)
fi
echo "$ip"
}
get_server_ip() {
curl -sf --interface "$NET_INTERFACE" --connect-timeout 5 --max-time 10 \
"${AUTH_BASE}/api/v1/ip" 2>/dev/null \
| grep -oP '(?<="data":")[^"]+' | head -1
}
check_status() {
local ip="$1"
local resp
resp=$(curl -sf --interface "$NET_INTERFACE" --connect-timeout 5 --max-time 10 \
-X POST "${HEADERS[@]}" \
-d "{\"getuseronlinestate\":\"on_or_off\",\"user_ipadress\":\"${ip}\"}" \
"${AUTH_BASE}/api/v1/pre_login" 2>/dev/null)
if echo "$resp" | grep -q '"useronlinestate":"on"'; then
echo "on"
else
echo "off"
fi
}
do_login() {
local ip="$1"
local safe_user safe_pass
safe_user=$(printf '%s' "$USERNAME" | sed 's/\\/\\\\/g; s/"/\\"/g')
safe_pass=$(printf '%s' "$PASSWORD" | sed 's/\\/\\\\/g; s/"/\\"/g')
local body="{\"username\":\"${safe_user}\",\"password\":\"${safe_pass}\",\
\"ifautologin\":\"0\",\"channel\":\"_GET\",\"pagesign\":\"firstauth\",\
\"usripadd\":\"${ip}\"}"
curl -sf --interface "$NET_INTERFACE" --connect-timeout 10 --max-time 20 \
-X POST "${HEADERS[@]}" -d "$body" "${AUTH_BASE}/api/v1/login" 2>/dev/null
}
# 主流程
log "INFO" "========== 校园网认证开始 =========="
local ip
ip=$(get_server_ip)
[ -z "$ip" ] && ip=$(get_local_ip)
if [ -z "$ip" ]; then
log "ERROR" "无法获取 IP 地址"
exit 1
fi
log "INFO" "本机 IP: $ip"
local status
status=$(check_status "$ip")
log "INFO" "当前认证状态: $status"
if [ "$status" = "on" ]; then
log "INFO" "已处于认证状态"
exit 0
fi
log "INFO" "正在提交认证请求..."
local resp
resp=$(do_login "$ip")
if echo "$resp" | grep -q '"code":200'; then
log "INFO" "========== 认证成功!=========="
else
local errmsg
errmsg=$(echo "$resp" | grep -oP '(?<="text":")[^"]+')
log "ERROR" "认证失败: ${errmsg:-$resp}"
exit 1
fi
4.2 配置参数
编辑脚本顶部配置区:
<span>USERNAME</span>:填入你的学号或工号<span>PASSWORD</span>:填入你的密码<span>NET_INTERFACE</span>:填入你的网卡名称
查看网卡名称:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-square-terminal h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
输出示例:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
网卡名称为 <span>enp3s0</span>,IP 为 <span>10.11.146.105</span>。
4.3 上传并赋权
- 通过 SSH/SFTP 将脚本上传到 NAS,建议路径:
<span>/opt/njxzc_auth/njxzc_auth.sh</span>
- 赋予执行权限:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-square-terminal h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
4.4 手动测试
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-square-terminal h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
查看日志:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-square-terminal h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
4.5 开机自动认证
创建 systemd 服务文件 <span>/etc/systemd/system/njxzc-auth.service</span>:
[Unit]
Description=校园网自动认证
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/opt/njxzc_auth/njxzc_auth.sh login
RemainAfterExit=yes
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
安装并启用服务:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
查看服务状态:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-square-terminal h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
4.6 定时自动重认证
校园网认证可能在长时间无流量后断开,建议每小时自动检测并重认证:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-square-terminal h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
五、多网卡支持
如果 NAS 有多张有线网卡,可以为每张网卡创建独立认证脚本:
-
复制脚本并重命名:
njxzc_auth_enp3s0.sh
-
修改 <span>NET_INTERFACE</span> 为对应网卡名
-
创建对应的 systemd 服务
两张网卡可以同时认证,实现冗余保护。
六、故障排查
6.1 无法获取 IP
原因:网卡未获取到 IP 地址或网卡名错误
解决:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
6.2 无法访问认证服务器
原因:路由冲突(如使用了 VPN/组网工具)
解决:在 curl 命令中添加 <span>--interface</span> 参数,强制请求走指定网卡:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-square-terminal h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
6.3 认证失败:用户名或密码错误
原因:账号密码配置错误或密码含特殊字符
解决:检查脚本配置区,确保账号密码正确。密码中的特殊字符(<span>\</span> <span>"</span>)会被脚本自动转义。
6.4 认证成功但无法上网
原因:可能是网卡路由优先级问题
解决:
* xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-at-sign h-3 w-3" aria-hidden="true"> * xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-3 w-3" aria-hidden="true">
