www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Radius EAP-TTLS authentication for the Captive Portal

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1030

PostPosted: Sun Nov 25, 2007 4:42 pm    Post subject: Radius EAP-TTLS authentication for the Captive Portal Reply with quote

If you pick RADIUS authentication to validate the Captive Portal users, the current release of Zeroshell uses PAP (Password Authentication Protocol).
This authentication method sends the user passwords on the network just encrypted with a symmetric salted key based on the RADIUS shared secret.
For some organizations, PAP can provide an unsatisfactory security level, because the password could be discovered by using a network analyzer such as a sniffer.

To solve this problem, in the download section http://www.zeroshell.net/eng/download/ you can get a patch for the release 1.0.beta7 of Zeroshell which enables EAP-TTLS RADIUS authentication with PAP inner authentication for the Captive Portal.
The advantage of this authentication method is that the PAP messages are encapsulated in a TLS encrypted tunnel. This technique, already used in the protected WiFi accesses such as 802.1X, WPA and RSN, improves the security level of the authentication with the Captive Portal against a RADIUS server, because the user credentials cannot be captured by using a network sniffer.

To apply this patch that uses the wpa_supplicant package, you should use the following shell commands:

wget http://www.zeroshell.net/listing/zs-1.0.beta7-captive-portal-eap-ttls.patch.tar.bz2
tar xvfj zs-1.0.beta7-captive-portal-eap-ttls.patch.tar.bz2
./install.sh

Starting with the release 1.0.beta8 of Zeroshell, this patch will be included in the distribution and you won't need to apply it separately.

Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
DELETED
Guest





PostPosted: Mon Feb 14, 2011 6:36 am    Post subject: Reply with quote

DELETED
Back to top
Hannek



Joined: 19 Oct 2011
Posts: 2

PostPosted: Wed Oct 19, 2011 11:39 am    Post subject: Reply with quote

Great news! The only change from the previous setup i noticed is the use of one Windows Server 2008 R2, with Active Directory Domain Services and Network Policy Server roles.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group