ZS does’t stop Odyssey Client to connect using EAP-TLS

Home Page Forums Network Management ZeroShell ZS does’t stop Odyssey Client to connect using EAP-TLS

This topic contains 4 replies, has 0 voices, and was last updated by  Drakh 9 years ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #42447

    Drakh
    Member

    I use EAP-TLS in Zeroshell to authenticate wireless clients to my network, sometimes I need to block access to some of them so I disable 802.1X Access in user properties and most wifi supplicants works as it should and cannot login until I enable 802.1X Access again… but If I use Odyssey Client Manager, it stills login even If I delete the user from Zeroshell, I tried every way to block it from inside Zeroshell with no luck, Odyssey still connects, the only way to stop it is to delele the certificate I install in the windows machine I use to login (I export and install a PKCS file I get from Zeroshell to install both the certificate and private key in my windows machine).

    Is this a bug? shouldn’t disabling 802.1X Access must prevent any attempt to successfully login to any supplicant?

    #50464

    ppalias
    Member

    Maybe Odyssey is using another way to connect on the ZS. EAP-TLS will use both server and clients keys to connect and is password-less if I remember well, so if you disable the certificates for that user he will not be allowed to connect, unless there is a backdoor.

    #50465

    Drakh
    Member

    No. revoking certificate, deleting it, even deleting user inside zeroshell doesn’t help, Odyssey still logins OK using EAP-TLS.

    btw, I’m using WPA2-AES Enterprise in my access point and my Odyssey suplicant is ccnfigured to only login that way.

    Here’s what I get, remember TLS-User is deleted in Zeroshell

    Login OK: [TLS-User] (from client D-Link port 0 cli 00-1D-92-XX-XX-XX)

    I’ve reinstalled Zeroshell from scratch and used the default CA, created new user, installed certificate in my windows machine, Odyssey loginsOK, deleted user(hence certificate) in Zeroshell and Odyssey still logins OK.

    #50466

    ppalias
    Member

    What about doing the install from scratch and try to connect with Odyssey without creating the user? I suspect that either Odyssey logs in with another way, or there is a bug in the web interface that doesn’t actually delete the users.

    #50467

    Drakh
    Member

    Did what you suggested (with a fresh install where I only activated radius service and added Ap client to list, no, It doesn’t stop it from entering, so Zeroshell doesn’t filter clients correctly once a certificate generated from zeroshell is installed in a PC (tried revoking/deleting/recreating admin certificate and root CA certificate also / restarting radius service).

    Yes, Odyssey is a pretty complex supplicant that has many features, one of them is skipping ZS security.

    #50468

    ppalias
    Member

    Then all you can do it report the bug in the appropriate section in this forum.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.