OnHeL

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 22 total)
  • Author
    Posts
  • in reply to: Nessus scan of a Zeroshell box #46187

    OnHeL
    Member

    Any chance of a FreeRADIUS update? Version 2.02 is available now.

    in reply to: Generate cert besed on Certifificate Signing Request #46174

    OnHeL
    Member

    This pdf is a detailed tutorial on how to get your ZeroShell running as a RADIUS Server.

    http://www.addressplus.net/ZeroShell-WPA-Enterprise.pdf

    in reply to: Linux QOS is not efficient enough for VoIP over shared WANs #46160

    OnHeL
    Member

    @rochajoel wrote:

    I’ve never seen a router with RADIUS capabilities. Until i tried ZeroShell. 🙄

    http://us.zyxel.com/web/product_family_detail.php?PC1indexflag=20040520161256&CategoryGroupNo=PDCA2007057

    I used to use the above before I setup Zeroshell as my RADIUS Server. Its a wireless router with a built-in PEAP Server. Worked very well, and was easy to set up.

    in reply to: 192.168.142.142 ??? #46107

    OnHeL
    Member

    Understood Fulvio, thanks for the quick reply.

    in reply to: Auth. against local realm different from EXAMPLE.COM #46053

    OnHeL
    Member

    Rochajoel was kind enough to explain to you that what you need to do is create a new database and this will give you a new realm. This would require you either install Zeroshell to a HD, USB Drive or to a Compact Flash card. What device are you using to run Zeroshell?

    Read the FAQ on storage configuration and devices

    http://www.zeroshell.net/eng/faq/storage/#sto.faq2

    If you do have a storage device and need a tutorial for creating a database, then just read the first 6 pages of the below tutorial.

    http://www.addressplus.net/ZeroShell-WPA-Enterprise.pdf

    Good luck.

    in reply to: Bonding with Vmware #46039

    OnHeL
    Member

    I hate to be so elementary but are you trying to connect to Zeroshell at https://192.168.0.75 through a PC that is on the same subnet? The PC you’re running would have to manually be configured with an IP in the 192.168.0.0/24 subnet in order to reach the Zeroshell box and allow you to login.

    in reply to: WPA Enterprise installations #45848

    OnHeL
    Member

    Yes, it does work with EAP-TTLS [MSCHAPv2], but not EAP-TTLS [EAP-MSCHAPv2], which is strange because PEAP works with EAP-MSCHAPv2 as an inner authentication protocol (EAP-PEAP [EAP-MSCHAPv2]

    in reply to: Strange WPA Enterprise issue #45859

    OnHeL
    Member

    If interference is that bad, try changing the channel on your access point. You stated in your first post you tried different access points with the same result, so I wouldnt be so quick to blame the quality of the AP. Try changing the channel and see if maybe a higher gain antenna will override this interference.

    I live in NYC and I can clearly see 25 APs from my apartment with Netstumbler. Setting my AP to channel 1 makes my connection very unstable although channel 11 for me is rock solid.

    in reply to: WPA Enterprise installations #45845

    OnHeL
    Member

    Since you switched back to PEAP Joar, are your Vista clients retaining the user credentials between reboots then?

    in reply to: WPA Enterprise installations #45843

    OnHeL
    Member

    No Paul, using TTLS you dont have to use a client side certificate, it is basically very similar to PEAP, server cert only.

    in reply to: WPA Enterprise installations #45841

    OnHeL
    Member

    I’m not using ZeroShell in a business environment Paul, just a small home network in the big bad city, with several mobile clients for the extended family. I’d like to see your guide updated with the details to use TTLS as an auth protocol in Windows Vista using SecureW2.

    Vista supports PEAP but when used, it doesnt cache the user credentials reliably and requires the user to re-enter the credentials at each login. Using SecureW2 and TTLS avoids this problem.

    If you read this post:
    http://www.zeroshell.net/eng/forum/viewtopic.php?t=363

    You’ll see my post about halfway down with the link to your guide and a link to a university site that explains how to setup SecureW2. You could add these instructions to your guide to help those with Vista clients and ZeroShell.

    in reply to: Strange WPA Enterprise issue #45854

    OnHeL
    Member

    I get the following from my SysLog Server. If you notice the last line, which states successful authentication. I dont see that in your logs. Seems the station authenticates the server but when the server is supposed to authenticate the station, you’re not proceeding any further in the handshakes.

    Sep-11-2007 11:54:01 PM Daemon.Info XX.XX.XX.XX UDP radiusd[3503]: rlm_eap_mschapv2: Issuing Challenge

    Sep-11-2007 11:54:01 PM Daemon.Notice XX.XX.XX.XX UDP radiusd[3505]: Login OK: [UUUUUUU] (from client localhost port 0)

    Sep-11-2007 11:54:01 PM Daemon.Notice XX.XX.XX.XX UDP radiusd[3501]: Login OK: [UUUUUUU] (from client PPPPP port NN cli MMMMMMMMMMMM)

    Sep-11-2007 11:54:01 PM User.Notice XX.XX.XX.X UDP 802.1X: PEAP: “UUUUUUU” successfully authenticated on Access Point XX.XX.XX.XX

    The certificates are passed first (I believe) which you are logging in ok, so I believe the problem must lie in the username/password. Too long, ascii chars? Just to be thorough try using a simple username, with a simple password with only letters and numbers.

    I used your guide Paul to setup my own ZeroShell setup so excuse me if I’m being too elementary. Just trying to tease your brain, I’m sure you’ll figure it out.

    Furthermore, that error you’re getting in version 5 just means you’re not using a client certificate as you would if you were using TLS as an auth protocol. Using TTLS or PEAP gives you this error but is perfectly normal and is just a note that there is no client cert. of which there is supposed to be none.

    Personally using Beta6 with WPA2 Enterprise
    Buffalo AP with DD-WRT Firmware
    Vista and XP clients

    in reply to: ZeroShell and Vista #45649

    OnHeL
    Member

    Yep, working flawlessly.

    Great job Fulvio!

    in reply to: ZeroShell and Vista #45647

    OnHeL
    Member

    Great news, I’ll keep you updated

    in reply to: ZeroShell and Vista #45645

    OnHeL
    Member

    Glad to hear it worked for you without issue.

Viewing 15 posts - 1 through 15 (of 22 total)