802.1X Port Authentication using unix user/pass
Hi, I've looked at the 802.1X Port-Based Authentication HOWTO guide, I have a few questions. The guide authenticates using a "users" file which is a formatted text file. I wish to use the users unix (linux) user name and passwords which I are in /etc/password and the /etc/shadow which has the encrypted string for the password. My Question is: Can I follow the guide and trivially make it do what I want? I have a feeling somehow what I want to achieve requires the password to be sent plain text (not CHAP) ... correct? BUT is the "plain text" encrypted anyway between the access point and the wireless node using OpenSSL or if the password was sent plain text can it be sniffed? To make life easy... I want WPA-EAP authentication working, but I want the authentication be against the Linux username and its password. Is this possible? Guides and tips welcome Cheers Sura
lists.mailing@surasoft.com wrote:
To make life easy... I want WPA-EAP authentication working, but I want the authentication be against the Linux username and its password.
Is this possible? Guides and tips welcome
It is possible however only with EAP-TTLS and PAP inner tunnel authentication. Set up EAP and TTLS then make sure your WPA clients are using TTLS+PAP. Here are directions on how to set up clients http://vuksan.com/linux/dot1x/wpa-client-config.html Vladimir
Quoting Vladimir Vuksan <vlists@veus.hr>:
To make life easy... I want WPA-EAP authentication working, but I want the authentication be against the Linux username and its password.
Is this possible? Guides and tips welcome
It is possible however only with EAP-TTLS and PAP inner tunnel authentication. Set up EAP and TTLS then make sure your WPA clients are using TTLS+PAP. Here are directions on how to set up clients
Thanks for that. Does the Dlink DWL-2100AP support this? It supports 801.X WPA Here's is a screenshot of what the WPA configuration section looks like (on the AP's config page) http://support.dlink.com/emulators/dwl2100ap/html/CfgWepParam.html I'm hoping that I can use WPA-EAP with this option, but notice under encryption it has AES, Auto, TKIP... which one? Sura
lists.mailing@surasoft.com wrote:
Does the Dlink DWL-2100AP support this? It supports 801.X WPA Here's is a screenshot of what the WPA configuration section looks like (on the AP's config page) http://support.dlink.com/emulators/dwl2100ap/html/CfgWepParam.html
It appears it does. WPA-PSK is WPA with pre-shared key. It is akin to WEP key ie. there is a single key for all sessions. Thus use WPA-EAP.
I'm hoping that I can use WPA-EAP with this option, but notice under encryption it has AES, Auto, TKIP... which one?
I would go for Auto.
participants (3)
-
lists.mailing@surasoft.com -
Vladimir -
Vladimir Vuksan