EAP-TTLS/EAP-TLS with freeRADIUS

Sven Hartge sven at svenhartge.de
Sun Nov 27 01:23:08 CET 2011 

Mr Dash Four <mr.dash.four at googlemail.com> wrote:

>>> In other words, EAP-TTLS/EAP-TLS isn't actually supported in
>>> freeRADIUS?

>> It is. I believe you misunderstood how RADIUS works.
>>   
> Maybe, considering I've been reading about RADIUS for just over 2 days...

>> The connection between the AP (called NAS in RADIUS) and the
>> RADIUS-Server is only protected by the shared secret configured in
>> clients.conf. 
>>
>> Yes, this is kind of weak.
> It is *very* weak, not least because connections can be intercepted as, 
> I presume is the case here, this "shared secret" is transmitted in the 
> clear over the wire. If that is not the case and it is hashed, then, 
> that's another story.

No, the shared secret is not transmitted over the wire. 

For additinal information see RFC2865, §2:

"When a password is present, it is hidden using a method based on the
RSA Message Digest Algorithm MD5. (see RFC131).

>> And because of this weakness a protocol like RADsec has been
>> developed, which is essentially RADIUS-with-SSL-over-TCP, thus
>> providing strong encryption of the whole RADIUS session.

> Interesting, noted. It would be nice if this works in a similar way as
> the SSL handshake works - this is very secure, tested and already
> established in the real world.

RadSec works this way, yes. Think of it like HTTPS for RADIUS.

>> Back to EAP-(T)TLS:
>>
>> The connection between a connecting device such as a laptop, which
>> connects to a NAS, can be secured via EAP-(T)TLS, which is a protocol
>> transported via RADIUS packets.
>>
>> This of course is supported by FreeRADIUS since ages.

> OK, my understanding of EAP-TTLS/EAP-TLS is that the authentication 
> happens in two distinct stages: the first stage (EAP-TTLS) is the outer 
> authentication where the server presents its credentials/certificate to 
> the client and then the secure channel is established. Phase two 
> (EAP-TLS in my case) is where the client - via its client certificate - 
> is actually authenticated to the RADIUS server. Now, I was hoping that 
> the AP does this in a similar sort of way when authenticating itself to 
> the RADIUS server, but it seems that is not the case and this is indeed 
> a weak point.

No, the AP does not authenticate itself to the RADIUS server via TLS,
just via the shared secret configured in clients.conf.

> My question still remains though  - since this is a two-phase
> authentication, two distinct sets of (ca, server, client) certificates
> can be used. How do I specify these in RADIUS?

Which distinct set of certificates?

The server certificate and key is configured via eap.conf.

Which client certificates the RADIUS server trusts is configured via
CA_file, also in eap.conf.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

More information about the Freeradius-Users mailing list