EAP - TLS Client Certification Stored Removable Media
Hello All; I have a question about EAP - TLS . How can I configure client certification stored from removable media (ex: usb memor, smartcard, etc..). I have already used EAP - TLS with client certification stored on Windows (cliet) but i need a solution that user can authenticate when insert his usb memory and logout when remove his usb memory ? My system running with EAP - TLS authentication and LDAP authorization and clients are use 802.1x ... Thank You For Your Relation, Aydin Kocak, TURKOM.
On Tue, Nov 4, 2008 at 11:18 AM, Aydın KOÇAK <akocak@turkom.com.tr> wrote:
Hello All; I have a question about EAP - TLS . How can I configure client certification stored from removable media (ex: usb memor, smartcard, etc..). I have already used EAP - TLS with client certification stored on Windows (cliet) but i need a solution that user can authenticate when insert his usb memory and logout when remove his usb memory ?
This is a question specific to the client OS. Specifically, you are relying on functionality provided by middleware (and OS hooks). Also, let's be clear here, you're talking about a USB *token* not a USB flash drive. While similar in technology, very different in many ways.
Ayd?n KOÇAK wrote:
Hello All; I have a question about EAP - TLS . How can I configure client certification stored from removable media (ex: usb memor, smartcard, etc..). I have already used EAP - TLS with client certification stored on Windows (cliet) but i need a solution that user can authenticate when insert his usb memory and logout when remove his usb memory ?
it depends on the supplicant used. If you use Windows Supplicant , in the wireless configuration tab, 1) select your ssid associated with your EAP-TLS auth, 2) click on "settings" button 3) click on Authentication tab 4) On the EAP Type dropdown list, select "smartcard support" instead of PEAP 5) Click on "settings" 6) Click on the radio button "Use my smartcard" It work here with Gemalto tokens or Rainbow ikey3000 tokens...It only asks the users their PINCode to join wireless lan(You first have to install the middleware/driver of your smartcard of course) Hope this helps Paul
My system running with EAP - TLS authentication and LDAP authorization and clients are use 802.1x ...
Thank You For Your Relation, Aydin Kocak, TURKOM.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ============================ Paul TAVERNIER Equipe Reseaux-Securite Division Informatique Rectorat de ROUEN Tel: 02.32.08.94.18 Fax: 02.32.08.94.12 Mob: 06.25.45.84.10 "Je suis accablé de tant de riens, si surchargé de billevesées" (Voltaire) ============================
I have a question about EAP - TLS .
No, you don't.
How can I configure client certification stored from removable media (ex: usb memor, smartcard, etc..). I have already used EAP - TLS with client certification stored on Windows (cliet) but i need a solution that user can authenticate when insert his usb memory and logout when remove his usb memory ?
My system running with EAP - TLS authentication and LDAP authorization and clients are use 802.1x ...
This is implemented in a hospital I work for: http://www.gemauth.com/ You want something like that. Nothing to do with radius. Ivan Kalik Kalik Informatika ISP
Aydın KOÇAK wrote:
Hello All; I have a question about EAP - TLS . How can I configure client certification stored from removable media (ex: usb memor, smartcard, etc..). I have already used EAP - TLS with client certification stored on Windows (cliet) but i need a solution that user can authenticate when insert his usb memory and logout when remove his usb memory ?
This is an issue for the local OS, not for RADIUS. See the OS documentation for how to do this. Alan DeKok.
Hello Aydiin Do let me know if things have started working for you... Actually I would assume that in order to use a smart card on the client you would not need to make any changes on the radius server configuration. just that the application which is reading certificates on the client should be configured to use the correct CSP. I am assuming the certificate in the smart card is from the CA configured on the freeradius server. I hope I understood your question correctlly!!! Cheers!! Suraj ----- Original Message ---- From: Aydın KOÇAK <akocak@turkom.com.tr> To: "freeradius-users@lists.freeradius.org" <freeradius-users@lists.freeradius.org> Sent: Tuesday, 4 November, 2008 9:48:38 PM Subject: EAP - TLS Client Certification Stored Removable Media Hello All; I have a question about EAP - TLS . How can I configure client certification stored from removable media (ex: usb memor, smartcard, etc..). I have already used EAP - TLS with client certification stored on Windows (cliet) but i need a solution that user can authenticate when insert his usb memory and logout when remove his usb memory ? My system running with EAP - TLS authentication and LDAP authorization and clients are use 802.1x ... Thank You For Your Relation, Aydin Kocak, TURKOM. - List info/subscribe/unsubscribe? See http://www.freeradius..org/list/users.html Connect with friends all over the world. Get Yahoo! India Messenger at http://in.messenger.yahoo.com/?wm=n/
participants (6)
-
Alan DeKok -
Aydın KOÇAK -
Paul TAVERNIER -
Stephen Bowman -
Suraj Sharma -
tnt@kalik.net