AW: IP Camera does not work properly with 802.1X and 3COM 5500 Switch

Klein Niklas Niklas.Klein at geutebrueck.com
Tue Jul 17 08:39:47 CEST 2018


Hi everyone,

just wanted to give a quick update on my issue. I got it solved with the manufacturers help. They send me some guide which was a bit outdated but I still was able to follow most instructions. In general it was about creating your own ca certificate, creating certificates for server and client (camera) and setting some stuff in the RADIUS eap.conf (I think it is just "eap" in FreeRADIUS 3).

The most important parts were probably:

1. Setting in the eap file "default_eap_type = tls"
2. Concatenating the server cert and the key to just one file srv_keycert.pem

However, I also want to thank you guys for your suggestions!




Geutebrueck GmbHTel:+49 2645 137-722
im Nassen 7-9Fax:+49 2645 137-999
D-53578 WindhagenEmail:niklas.klein at geutebrueck.com

Geschäftsführer/CEO: Katharina Geutebrück, Christoph Hoffmann; UST-Ident-Nr.: DE813443473; Handelsregister: HRB 14475 Montabaur

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Weder die GEUTEBRÜCK GmbH noch der Absender (Niklas Klein) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren  Anhänge auf Viren zu prüfen. Versand am 17.07.2018 08:39 UTC+02:00 von Klein, Niklas
-----Ursprüngliche Nachricht-----
Von: Freeradius-Users [mailto:freeradius-users-bounces+niklas.klein=geutebrueck.com at lists.freeradius.org] Im Auftrag von Arran Cudbard-Bell
Gesendet: Samstag, 30. Juni 2018 00:15
An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Betreff: Re: IP Camera does not work properly with 802.1X and 3COM 5500 Switch



> On Jun 29, 2018, at 6:04 PM, Peter Lambrechtsen <peter at crypt.nz> wrote:
>
> Often CCTV cameras also have a SD card and that should support logging.

...and if not that, the vast majority support syslog.

But yeah I agree with Peter.

SD might be internal, so maybe crack one open?

I guess worst case scenario is it's logging to a ramdisk to save the SD card, but you can still probably tweak the syslog settings.

> The issue you will face is since there won't be a serial port to
> diagnose the issue the best you will have is logging the output
> somewhere before you need to unplug it and factory reset it to get it
> back to standard unauthed DHCP.

Or if the entire file system is on the SD, look for wpa_supplicant.conf and you'll be able to configure the supplicant directly.

> I would turn on all EAP methods as you would hope it supports at least
> TTLS or PEAP since I would have assumed it supported EAP-MD5 like my
> camera does. Not that I have setup EAP.

> But the camera manufacturer should be able to tell you what EAP
> methods it supports.
>
> Also it could always be the switch you are using is busted so might be
> worth trying another vendor.

They rarely intercede in the EAP conversation, but I guess it's possible.

-Arran



More information about the Freeradius-Users mailing list