Questions tagged [eap]
The eap tag has no usage guidance.
56 questions
0
votes
0
answers
57
views
Windows Native VPN client with Yubikey PIV intermittently fails client side EAP-TLS Fatal TLS Error 'access denied' and TLS handshake failure error 40
We have a really awkward issue with thw following
The setup looks like this:
Client Side
Windows 11 Client 23H2
Windows VPN Native Client using the below VPN configuration
Installed Yubikey ...
0
votes
0
answers
238
views
FreeRadius with Step-CA
I have a Freeradius server setup with EAP-TLS on Ubuntu currently utilizing the OpenSSL to generate client certificates and CRL updates. I want to make this setup more convenient and easy to deploy. I'...
0
votes
0
answers
34
views
Jboss undertow is rejecting the host due to which url is unaccessible
I'm trying to access jboss console using ldap authentication. Although the authentication is successful, undertow is rejecting the request which inturn throws 403 error
2024-07-29 07:26:00,350 DEBUG [...
0
votes
1
answer
203
views
FreeRadius EAP-TLS with Windows Client looping request
I have a FreeRadius 3.0 setup with EAP-TLS only configuration using the test CA, server cert and client cert supplied in the FreeRadius package.
CA.der is installed in Trusted Root Authority Store.
...
-1
votes
1
answer
109
views
Connecting to ATT, I get OpenSSL: pending error: error:0A00018E:SSL routines::ca md too weak
When I try to connect to AT&T with WPA Supplicant running on OpenWRT, I'm getting,
10g-2: CTRL-EVENT-EAP-FAILURE EAP authentication failed
10g-2: CTRL-EVENT-EAP-FAILURE EAP authentication failed
...
- 2,434
0
votes
1
answer
246
views
Connecting to ATT, I get "CTRL-EVENT-EAP-FAILURE EAP authentication failed"
When I connect with OpenWRT to ATT GPON and try to EAPOL auth with wpa_supplicant, I get the following error,
CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
CTRL-EVENT-EAP-STARTED EAP authentication started
...
- 2,434
1
vote
0
answers
41
views
How to configure ftp in Jboss EAP 7.4
Our application is using ftp protocol to send/receive files. Currently it's deployed in WebLogic and we are planning to migrate it to JBoss.
I am wondering how to configure ftp in Jboss. Do I need to ...
1
vote
0
answers
1k
views
Windows Server 2016 NPS with EAP TLS, Windows 10/11 clients, incorrect cipher?
G'day everyone!
I'd like to switch from PEAP-MSCHAPv2 user/password auth to certificate-based auth on my network. The current setup has been working for years without issues: two Windows 2016 domain ...
- 92
0
votes
0
answers
259
views
IKEv2 with certificate + EAP between an IPsec client a VPN server on an OpenWRT router, and a FreeRADIUS - Auhtntication issue
I need your help and expertise to resolve a situation I'm facing. I'm currently testing an IPsec tunnel using IKEv2 with certificate + EAP between an IPsec client (TheGreenBow), a VPN server on an ...
- 1
0
votes
1
answer
63
views
Can a WPA2-EAP network be created with consumer hardware for testing purposes?
We are working on the firmware of some device containing a WiFi SoC. (The firmware of the SoC is not modified by us.) Our customer now wants support for WPA2-EAP because the WiFi chip seems to have ...
- 101
0
votes
0
answers
1k
views
SSL Error with EAP-TLS FreeRadius
My RADIUS Server is configured for EAP-TLS. I have a valid Server Certificate, Private Key and Fullchain file. When testing the authentication with a Client Certificate using eapol_test i get the ...
1
vote
2
answers
696
views
FreeRADIUS keeps complaining about TLS 1.0/1.1, despite tls_min_version setting has been set to 1.2
I'm implementing EAP-TTLS with FreeRADIUS 3.0.21. Devices are able to connect, server is running. However, FreeRADIUS complains about TLS 1.0/1.1 are still available in its starting log messages. Here'...
- 111
1
vote
0
answers
771
views
How to configure MACSEC Key Agreement (MKA) with hostapd & wpasupplicant?
I'm trying to setup MKA between some clients (using wpa_supplicant) and an authenticator (using hostapd).
Additionally I have a RADIUS server(using FreeRADIUS) that is going to be handling the ...
- 500
1
vote
0
answers
3k
views
802.1x NPS Machine authentication
We are trying to implement 802.1x to authenticate wirelless users (Aruba Controller) through RADIUS (Windows server 2019 NPS),
For mobile phones and guests devices, we have successfully configured the ...
0
votes
1
answer
82
views
Is there exist in a market some usb->ethernet->wifi combo dongle?
I have a USB-ended device which I want to connect to Enterprise Wireless network (EAP/TLS via FreeRadius). Is there any device in a market which can act as a WiFi client with EAP/TLS possibility?
Now ...
- 101
0
votes
0
answers
682
views
Wireless EAP / Freeradius, is there a way to check Mac Address in LDAP?
So we have EAP-PEAP over MSCHAP working. What I'd like to do is have a MAC Address check, for the purpose of making sure people aren't putting their credentials into random devices. I know SCEP would ...
0
votes
1
answer
1k
views
Radius authentication does not work in Strongswan, when comming from a Windows VPN client?
My strongswan VPN server is authenticating VPN clients against a local Freeradius server.
All user logings is proxied to remote radius server, that validates users against a Samba Active Directory ...
- 1,253
3
votes
2
answers
5k
views
EAP / MSCHAPv2 authentications fails (only) on Windows with custom authenticator
I have a project that involves custom client authentication for the StrongSwan IKEv2 server implementation on Linux.
I am running: StrongSwan 5.4.0 with eap-radius plugin
Currently, we use FreeRadius ...
- 31
0
votes
1
answer
609
views
Can a Linux box be configured with IEEE 802.1x while grabbing the info from a Windows box?
A managed Windows device can join the wired network of my corporate company, while a personal Linux one can't.
As far as I understand, this is possible thanks to IEEE 802.1x standard.
Looking at the ...
- 155
0
votes
1
answer
3k
views
How to configure FreeRADIUS with EAP-TLS and group-based authorization?
I configured FreeRADIUS to use EAP-TLS for certificate based authentication (self-signed certificates). Authentication works fine, except that I'd like to add group-based authorization.
More ...
0
votes
1
answer
2k
views
How to configure FreeRADIUS for use with strongSwan group selection?
Building a VPN service with strongSwan, I need to distinguish between several groups of users where each group is assigned a certain subnet with certain permissions (i.e. "group x" has access only to ...
0
votes
1
answer
301
views
Requesting access to a Radius server after having requested a previous (succeful) access to another Radius server
I don't know if this idea is non-sense but I was wondering if it was possible.
I have a FreeRadius server backed by a LDAP server with uses EAP-TTLS (that is, username+password) to authenticate. So ...
- 135
0
votes
1
answer
9k
views
MikroTik EAP-TLS WiFi Config using Certificates
What are the upsides and downsides of using EAP-TLS authentication with certificates for WiFi client connections? How is this superior than just using standard WPA2 password authentication?
How do I ...
- 425
1
vote
1
answer
87
views
WPA2 Enterprise: no risks for preconfigured clients when it comes to Rogue APs?
We are using, as default, PEAP and MS-CHAPv2 as inner authentication.
I was concerned with security risks when it comes to rogue APs but a colleague told me that there are no risks for preconfigured ...
- 111
1
vote
0
answers
2k
views
FreeRADIUS default vs. inner-tunnel sites and EAP-TLS workflow
I am trying to setup EAP-TLS with FreeRADIUS and an IPA backend. I understand that a typical workflow is to authorize the user against LDAP first and then to authenticate the user using a certificate.
...
- 183
2
votes
0
answers
961
views
Wired 802.1x on Windows 10 1803 isn't utilizing cache
So I’ve been trying to resolve 802.1x Wired authentication issues for quite some time now with limited success. The environment is based on Server 2012, Enterasys NAC using EAP-TLS1.2, with a ...
- 19
1
vote
1
answer
3k
views
Is it ok to use PAP with TTLS on radius server?
We have deployed Radius server ( Freeradius 3.x ) and connected it to our LDAP database (ForgeRock OpenDJ).
We have successfully configured EAP-TTLS with valid certificates and set it as default ...
- 137
1
vote
1
answer
458
views
vpn connection to an azure virtual network
I have to connect to a Azure VNet, Which uses a certificate to authenticate that has been provided to me. When i try to connect to the VNet i get below error
The Extensible Authentication Protocol ...
- 111
2
votes
0
answers
859
views
Run DHCP only after wpa_supplicant has connected (wired 802.1x)
I have a network here that uses 802.1x on the wired network to authenticate for greater privilege, BUT without (or "before") auth will place the machine in a default/quarantine network. For good luck, ...
- 121
1
vote
1
answer
2k
views
Strongswan IKEv2 auth - pubkey and EAP
I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials.
My certificate is ok. I tested pubkey auth and it was ok, also EAP ...
- 15
1
vote
1
answer
5k
views
How to enable 802.1x EAP-TTLS with PAP in Windows 7?
By default, Windows 7 doesn't support EAP-TTLS authentication method natively. If I enable IEEE 802.1X authentication in Windows 7, I can see only two authentication methods:
Microsoft smart cards or ...
- 31
2
votes
1
answer
2k
views
How to store hashes in ipsec.secrets when using Strongswan with eap-mschapv2?
I am using eap-mschapv2 as an authentication method. It requires to store plain text passwords in ipsec.secrets. I.e. I have a password like this:
user : EAP "mypassword"
I want to use something ...
- 783
1
vote
0
answers
550
views
Freeradius Proxy eap-mschapv2 auth to non-eap Radius server
I'm using strongswan 5.6.0 & Freeradius 3.0.13 on CentOS7 as vpn server
- Strongswan send radius requests to freeradius
- freeradius proxy all request to another Radius Server that not support EAP ...
0
votes
1
answer
1k
views
JBoss EAP XA datasource with MDB failing
I have an MDB running that is posting data to an oracle db. XA data source configured as:
<xa-datasource jndi-name="java:/jdbc/HIF-BannerPU" pool-name="HIF-BannerPU" enabled="true" spy="true" use-...
- 135
1
vote
1
answer
4k
views
Missing raddb folder
Various tutorials on setting up a freeRADIUS server refers to the eap.conf file in the /etc/raddb folder. However when i install freeRADIUS on my ubuntu server, the eap.conf file are found in /etc/...
- 113
2
votes
1
answer
9k
views
Freeradius VLAN assignment with EAP-TLS and WiFi 802.1x
I'm using FreeRadius with a Ubitquiti WiFi AP with 802.1x auth using EAP-TLS (mutual client/server cert based auth). This is working well for static VLANs (i.e. specified on the AP).
I'd like to ...
- 61
1
vote
0
answers
768
views
802.1x Wifi with NPS Server, using EAP-PEAP and a certificate for Authentication
I don't know if what I am trying to do is possible but here we go.
I have a bunch of iPad's that I am going to supervise before they go on to my network. The iPad's will connect to the wifi via 802....
- 255
0
votes
1
answer
2k
views
freeradius gives "no shared cipher" for windows 10 client
I have a working configuration of 802.1X authentification on my switch. The radius server is a freeradius instance with EAP-TLS configured. Everything works fine on linux (and android devices), but ...
0
votes
1
answer
46
views
Unable to access server using remote desktop and detect access point in controller software at the same time
I have following topology:
I am not a networking expert but somehow using the help of the Internet I was able to successful configure my topology so that I can access the Server remotely from any ...
5
votes
2
answers
1k
views
pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?
I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down.
Since the ...
- 5,770
1
vote
1
answer
775
views
Windows cannot connect to Enterprise WPA2 WiFi access point with EAP-TTLS PAP authentication using freeradius
I was working on having an Enterprise WiFi access point where my clients need to enter username and password (which are in OpenLDAP directory), using AES, TTLS PAP.
I setup my freeradius according to ...
2
votes
1
answer
2k
views
EAP-TLS for Wireless with Active Directory
My question is more from a conceptual point of view, rather than implementation (even though I'm asking about proprietary protocols and products).
Assuming I have users and credentials set up in my ...
- 71
1
vote
1
answer
1k
views
802.1x Login Window profile fails because it "can't prompt for missing properties"
I'm trying to configure a TTLS 802.1x Login Window profile on OS X 10.10.1 Yosemite.
The profile has been installed (via MDM) and the login window now shows (above the username/password input boxes) ...
- 422
3
votes
0
answers
173
views
JBoss EAP 6.2 high availability without HTTP server
i'm looking for some solution to make a Jboss Cluster ( 2 nodes ) in H.A. ( 1 live, 1 backup) but i don't want to use a third element ( machine, service or whatever ).
Most configuration I found uses ...
- 141
2
votes
1
answer
7k
views
EAP-PWD with FreeRADIUS 3
I'm trying to setup EAP-PWD using FreeRADIUS 3.
However, I can't get it to work and documentation is virtually non-existent. Thus, I don't know whether the problem I'm running into is a ...
- 414
1
vote
1
answer
629
views
EAP-TLS: is it possible eavesdropping when sharing client certificate?
I want to know how to share a network of WPA2 enterprise with EAP-TLS, authenticating users with a common certificate. They share the same certificate.
I'm afraid they can monitor each other. Is ...
- 25
0
votes
0
answers
400
views
EAP-TLS Passthrough from pppd to Radius?
I am setting up an IPSec+L2TP VPN for a couple of Windows boxes connecting to a Debian 7.6 (Wheezy) machine running ipsec tools and xl2tpd/pppd. Client authentication via mschapv2 works well enough; ...
- 1
4
votes
1
answer
3k
views
Why does Windows CA Server issue multiple certificates for the same user?
I am currently implementing an EAP/TLS WIFI implementation to replace our EAP/MSCHAP2 wifi implementation. I am using Windows Server 2008 and I've installed a certificate authority. User certificates ...
- 43
0
votes
1
answer
654
views
RADIUS authentication requests not relayed to RADIUS server
I am trying to set up a RADIUS server for 802.1x NAC over a Cisco IE 3000 Network Switch, using freeRadius to implement it.
I know the switch knows where the RADIUS server is because I set up the ...
- 11
3
votes
1
answer
1k
views
Is using EAP-MD5 in strongSwan a security risk?
Quoting Wikipedia:
It offers minimal security; the MD5 hash function is vulnerable to dictionary attacks, and does not support key generation, which makes it unsuitable for use with dynamic WEP, or ...
- 384