IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [radius]

69 questions
4
votes
3 answers

Restrict Microsoft Network Policy Server (NPS) to only trust client certificates from a given CA?

I'm working on an install of a Microsoft Network Policy Sever (NPS) / RADIUS server for controlling access to corporate Wi-Fi using 802.1x / WPA2-Enterprise - using client certificates for authentication. We already have an internal AD-integrated…
ziesemer
  • 171
  • 1
  • 8
3
votes
1 answer

Can a Radius server mitigate an ARP spoofing attack?

I'm helping my school network administrator to try to find a way to mitigate a current ARP spoofing attack on our wifi network. We detected an unknown host (MAC address seem to change, he is probably using mac-changer or something similar) sending…
Dremor
  • 131
  • 1
3
votes
1 answer

what is the role of RADiUS server and Active Directory to increase the security in wireless networks?

In the CBT Nuggets Video Training, one slide about Wireless networks : i want to know about the role of Radius to increase the security and how? in this project: Deploy Active Directory and IAS/RADIUS for wireless network authentication and…
saber tabatabaee yazdi
  • 1,038
  • 5
  • 16
  • 26
3
votes
2 answers

WiFi security in 2018

On my wireless network I have implemented WPA2 protocol with AES encryption. Last year there was several warnings that WPA2 is broken, hacked. Now there are announcements that WPA3 is comming in 2018. But until it comes, and everyone accepts it…
John
  • 167
  • 4
3
votes
0 answers

Can a non-root process (MySQL) authenticate to RADIUS via PAM?

I've run across a dilemma with PAM RADIUS authentication for the database layer. In our environment, the OS login authenticates via PAM to a RADIUS server which accepts a token code and authenticates based on the time-based token and PIN. Because…
Mike McManus
  • 1,415
  • 10
  • 17
3
votes
2 answers

WPA2 with 802.1x - how is the server certificate validated?

I want to replace my current WPA2/PSK Setup with WPA2+802.1x with RADIUS authentication. There are various algorithms which can be used for that, roughly divided in two groups: The user uses a certificate to authenticate to the server. The user has…
masgo
  • 133
  • 1
  • 5
2
votes
1 answer

FreeRADIUS EAP TLS Authenticate based on client certificate CN

I'd like to run FreeRADIUS for EAP TLS authentication but instead of running my own Certification Authority I'd like to use StartSSL. I've setup EAP TLS with StartCom as the only Trusted Root CA and that works ok, but means anyone with a StartSSL…
Hybrid
  • 4,178
  • 2
  • 21
  • 23
2
votes
0 answers

Does EAP-TLS provide a two-factor authentication?

I am currently setting up FreeRADIUS on my pfSense firewall to authenticate WLAN clients (mainly iOS) via EAP-TLS. I have therefor created a user certificate and a user within the FreeRADIUS user management (including password). The certificates CN…
Matthias Güntert
  • 265
  • 2
  • 11
2
votes
1 answer

Does WPA2 Enterprise also authenticate clients to the 802.1X protected switch port?

In an 802.1X protected LAN, the switch port is usually set to "Multiple Hosts" mode and the access point is configured as an 802.1X supplicant which authenticates to the switch and "opens" the port. The access point can now freely bridge wireless…
Monstieur
  • 253
  • 1
  • 7
2
votes
1 answer

Is there a way to generate a Yubikey OTP without touch?

I'm trying to automate an authentication canary in a workflow that includes a mandatory Yubikey OTP (the 44-character unique password). Is there a way to configure a single Yubikey in such a way that I can generate the Yubikey long-touch OTP via…
TrackZero
  • 21
  • 3
2
votes
2 answers

WPA2 Enterprise: no risks for preconfigured clients when it comes to Rogue APs?

We are using, as default, PEAP and MS-CHAPv2 as inner authentication. I was concerned with security risks when it comes to rogue APs but a colleague told me that there are no risks for preconfigured clients. He told me there are risks only for…
Jade Kush
  • 21
  • 2
2
votes
0 answers

How can a 802.11 client verify the authenticity of an AP it is trying to connect to?

With the onset of hardware like the WiFi pineapple, it has become somewhat harder to protect the privacy of your WiFi network. WPA2 Enterprise with Radius authentication could come to rescue here, but it offers a variety of different methods that…
Konrad Gajewski
  • 593
  • 5
  • 16
2
votes
1 answer

Access-Challenge EAP Request

From my understanding, after the Access-Request, the authentication server (RADIUS) sends a reply (encapsulated in the Access-Challenge packet) to the authenticator (AP). The Access-Challenge packet contains an EAP Request in which it is specified…
loopOfNegligence
  • 177
  • 1
  • 11
2
votes
1 answer

RADIUS authentication: is it possible to get the user groups or other attributes?

RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management. The question if is it possible to get the user groups or other attributes. According my understanding the answer is not but I…
Michael
  • 1,457
  • 1
  • 18
  • 36
2
votes
0 answers

Windows NPS: Policy should check Issuing CA

I have some trouble in configuring a Windows NPS, maybe anybody of you have an idea. Is it possible for NPS to check whether a client certificate was signed by a specific issuing CA? I have two SSIDs (SSID-1, SSID-2) I have one Root-CA and two…
Rene
  • 81
  • 1
1
2
3 4 5