| View previous topic :: View next topic |
| Author |
Message |
Drakh
Joined: 19 Jun 2010
Posts: 3
|
 Posted: Sat Jun 19, 2010 12:34 am Post subject: ZS does't stop Odyssey Client to connect using EAP-TLS |
 |
|
I use EAP-TLS in Zeroshell to authenticate wireless clients to my network, sometimes I need to block access to some of them so I disable 802.1X Access in user properties and most wifi supplicants works as it should and cannot login until I enable 802.1X Access again... but If I use Odyssey Client Manager, it stills login even If I delete the user from Zeroshell, I tried every way to block it from inside Zeroshell with no luck, Odyssey still connects, the only way to stop it is to delele the certificate I install in the windows machine I use to login (I export and install a PKCS file I get from Zeroshell to install both the certificate and private key in my windows machine).
Is this a bug? shouldn't disabling 802.1X Access must prevent any attempt to successfully login to any supplicant? |
|
| Back to top |
|
 |
ppalias
Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece
|
| Posted: Sat Jun 19, 2010 10:16 am Post subject: |
|
|
| Maybe Odyssey is using another way to connect on the ZS. EAP-TLS will use both server and clients keys to connect and is password-less if I remember well, so if you disable the certificates for that user he will not be allowed to connect, unless there is a backdoor. |
|
| Back to top |
|
|
Drakh
Joined: 19 Jun 2010
Posts: 3
|
| Posted: Sat Jun 19, 2010 1:29 pm Post subject: |
|
|
No. revoking certificate, deleting it, even deleting user inside zeroshell doesn't help, Odyssey still logins OK using EAP-TLS.
btw, I'm using WPA2-AES Enterprise in my access point and my Odyssey suplicant is ccnfigured to only login that way.
Here's what I get, remember TLS-User is deleted in Zeroshell
Login OK: [TLS-User] (from client D-Link port 0 cli 00-1D-92-XX-XX-XX)
I've reinstalled Zeroshell from scratch and used the default CA, created new user, installed certificate in my windows machine, Odyssey loginsOK, deleted user(hence certificate) in Zeroshell and Odyssey still logins OK. |
|
| Back to top |
|
|
ppalias
Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece
|
| Posted: Sun Jun 20, 2010 10:15 am Post subject: |
|
|
| What about doing the install from scratch and try to connect with Odyssey without creating the user? I suspect that either Odyssey logs in with another way, or there is a bug in the web interface that doesn't actually delete the users. |
|
| Back to top |
|
|
Drakh
Joined: 19 Jun 2010
Posts: 3
|
| Posted: Wed Jun 23, 2010 1:41 pm Post subject: |
|
|
Did what you suggested (with a fresh install where I only activated radius service and added Ap client to list, no, It doesn't stop it from entering, so Zeroshell doesn't filter clients correctly once a certificate generated from zeroshell is installed in a PC (tried revoking/deleting/recreating admin certificate and root CA certificate also / restarting radius service).
Yes, Odyssey is a pretty complex supplicant that has many features, one of them is skipping ZS security. |
|
| Back to top |
|
|
ppalias
Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece
|
| Posted: Wed Jun 23, 2010 2:45 pm Post subject: |
|
|
| Then all you can do it report the bug in the appropriate section in this forum. |
|
| Back to top |
|
|
|
Search
Register
Usergroups
Profile
Log in
Private Message
