0

I'm working on radius authentication. Server for this moment and production is windows server 2016. The authenticator is a hp ProCurve 2610-pwr 24p supplicants is a windows pc running windows 10 1903 and all the other are IP cams: bosch and axis.

As for this moment, the radius is working with the windows supplicant using peap.

bosch camera uses identity and password which is the same as user-created on active directory. For the bosch camera, I also added a DNS a record. I read for ipcams or other devices you use the mac address for user and password, so my user and pw is just the mac address.

For the camera, I do get an access-request and the response is an access-challenge. So for this moment, it is not authenticated. Since the bosch camera is eap-md5 or eap-tls can I use peap? I assume yes since it's a wrapper.

What am I doing wrong and or how do I add an ipcam to my domain/server

As last one axis camera are different they only support eap-tls which requires ca and client cert. I did set up ad cs with root ca being the windows server. How do I create client cert and how to download them?

MSalters
  • 2,699
  • 1
  • 15
  • 16
Tim Clinckemalie
  • 101
  • "I read for ipcams or other devices you use the mac address for user and password". So a simple ARP scan of your network, checking for Bosch MAC prefixes gives you the username **and** password of all your camera's? In fact, there are only 16 million suffixes; you can brute-force that. Seriously: take those devices offline while you are still in control of them. – MSalters Sep 17 '19 at 14:32
  • true but I don't control that eap-tls would be much better if I say so myself but as for this moment i still didn't find a way for the cameras to accept eap-tls on windows – Tim Clinckemalie Sep 23 '19 at 12:54
  • Sorry, but I have no idea what you meant with that comment. And to be fair, I think one of the reasons you did not gen an answer so far is because the question is not exactly clear either. – MSalters Sep 23 '19 at 13:09
  • it's also not that easy to explain. to keep it simple winserver 2016 is my radius server. authenticator = procurve 2610 supplicant windows pc with peap = working so far. camera is rejected even with mac address as user and pass and even with putting my calling station id in the policy. Question is very simple how do I use the camera to be accepted in the radius using eap-tls if possible? – Tim Clinckemalie Sep 23 '19 at 14:36

0 Answers0