All Questions
19 questions
1
vote
0
answers
1k
views
Windows Server 2016 NPS with EAP TLS, Windows 10/11 clients, incorrect cipher?
G'day everyone!
I'd like to switch from PEAP-MSCHAPv2 user/password auth to certificate-based auth on my network. The current setup has been working for years without issues: two Windows 2016 domain ...
- 92
0
votes
0
answers
260
views
IKEv2 with certificate + EAP between an IPsec client a VPN server on an OpenWRT router, and a FreeRADIUS - Auhtntication issue
I need your help and expertise to resolve a situation I'm facing. I'm currently testing an IPsec tunnel using IKEv2 with certificate + EAP between an IPsec client (TheGreenBow), a VPN server on an ...
- 1
1
vote
0
answers
3k
views
802.1x NPS Machine authentication
We are trying to implement 802.1x to authenticate wirelless users (Aruba Controller) through RADIUS (Windows server 2019 NPS),
For mobile phones and guests devices, we have successfully configured the ...
3
votes
2
answers
5k
views
EAP / MSCHAPv2 authentications fails (only) on Windows with custom authenticator
I have a project that involves custom client authentication for the StrongSwan IKEv2 server implementation on Linux.
I am running: StrongSwan 5.4.0 with eap-radius plugin
Currently, we use FreeRadius ...
- 31
0
votes
1
answer
3k
views
How to configure FreeRADIUS with EAP-TLS and group-based authorization?
I configured FreeRADIUS to use EAP-TLS for certificate based authentication (self-signed certificates). Authentication works fine, except that I'd like to add group-based authorization.
More ...
0
votes
1
answer
2k
views
How to configure FreeRADIUS for use with strongSwan group selection?
Building a VPN service with strongSwan, I need to distinguish between several groups of users where each group is assigned a certain subnet with certain permissions (i.e. "group x" has access only to ...
0
votes
1
answer
301
views
Requesting access to a Radius server after having requested a previous (succeful) access to another Radius server
I don't know if this idea is non-sense but I was wondering if it was possible.
I have a FreeRadius server backed by a LDAP server with uses EAP-TTLS (that is, username+password) to authenticate. So ...
- 135
1
vote
1
answer
87
views
WPA2 Enterprise: no risks for preconfigured clients when it comes to Rogue APs?
We are using, as default, PEAP and MS-CHAPv2 as inner authentication.
I was concerned with security risks when it comes to rogue APs but a colleague told me that there are no risks for preconfigured ...
- 111
1
vote
1
answer
3k
views
Is it ok to use PAP with TTLS on radius server?
We have deployed Radius server ( Freeradius 3.x ) and connected it to our LDAP database (ForgeRock OpenDJ).
We have successfully configured EAP-TTLS with valid certificates and set it as default ...
- 137
1
vote
0
answers
550
views
Freeradius Proxy eap-mschapv2 auth to non-eap Radius server
I'm using strongswan 5.6.0 & Freeradius 3.0.13 on CentOS7 as vpn server
- Strongswan send radius requests to freeradius
- freeradius proxy all request to another Radius Server that not support EAP ...
2
votes
1
answer
9k
views
Freeradius VLAN assignment with EAP-TLS and WiFi 802.1x
I'm using FreeRadius with a Ubitquiti WiFi AP with 802.1x auth using EAP-TLS (mutual client/server cert based auth). This is working well for static VLANs (i.e. specified on the AP).
I'd like to ...
- 61
5
votes
2
answers
1k
views
pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?
I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down.
Since the ...
- 5,770
2
votes
1
answer
2k
views
EAP-TLS for Wireless with Active Directory
My question is more from a conceptual point of view, rather than implementation (even though I'm asking about proprietary protocols and products).
Assuming I have users and credentials set up in my ...
- 71
2
votes
1
answer
7k
views
EAP-PWD with FreeRADIUS 3
I'm trying to setup EAP-PWD using FreeRADIUS 3.
However, I can't get it to work and documentation is virtually non-existent. Thus, I don't know whether the problem I'm running into is a ...
- 414
1
vote
1
answer
629
views
EAP-TLS: is it possible eavesdropping when sharing client certificate?
I want to know how to share a network of WPA2 enterprise with EAP-TLS, authenticating users with a common certificate. They share the same certificate.
I'm afraid they can monitor each other. Is ...
- 25
0
votes
1
answer
654
views
RADIUS authentication requests not relayed to RADIUS server
I am trying to set up a RADIUS server for 802.1x NAC over a Cisco IE 3000 Network Switch, using freeRadius to implement it.
I know the switch knows where the RADIUS server is because I set up the ...
- 11
0
votes
1
answer
200
views
What decides what tunnels inside EAP-TTLS?
If EAP-TTLS is a EAP method that establishes a TLS tunnel, what goes in the tunnel? It could be another EAP method, but it could also be PAP. What decides? The server, the supplicant, or do they ...
- 677
5
votes
3
answers
38k
views
Troubleshooting Windows EAP/RADIUS connectivity issues
So, I guess the short version of the question is:
I'm unable to get clients to connect to an enterprise-WPA wireless network after setting up a "new" NPS server and a new CA. After I manually ...
- 54.1k
3
votes
1
answer
6k
views
Auth-Type :- Reject in RADIUS users file matches inner tunnel request but sends Access-Accept
I have WPA2 802.11x EAP authentication setup using FreeRADIUS 2.1.8 on Ubuntu 10.04.4 talking to OpenLDAP, and can successfully authenticate using PEAP/MSCHAPv2, TTLS/MSCHAPv2 and TTLS/PAP (both via ...
- 31.2k