{{{#!wiki caution '''Last update 2004-10-18 Needs a new maintainer }}} == 802.1X Port-Based Authentication HOWTO == ==== Lars Strand ==== `<[mailto:lars strand (at) gnist org lars strand (at) gnist org]>` 2004-08-18[[BR]] ||<-3 tablestyle="width:100%"> '''Revision History''' || || Revision 1.0 || 2004-10-18 || Revised by: LKS || ||<-3> Initial Release, reviewed by TLDP. || || Revision 0.2b || 2004-10-13 || Revised by: LKS || ||<-3> Various updates. Thanks to Rick Moen for language review. || || Revision 0.0 || 2004-07-23 || Revised by: LKS || ||<-3> Initial draft. || This document describes the software and procedures to set up and use [http://standards.ieee.org/getieee802/download/802.1X-2001.pdf IEEE 802.1X Port-Based Network Access Control] using [http://www.open1x.org Xsupplicant] as Supplicant with [http://www.freeradius.org FreeRADIUS] as a back-end Authentication Server. ---- <> == 1. Introduction == This document describes the software and procedures to set up and use [http://standards.ieee.org/getieee802/download/802.1X-2001.pdf 802.1X: Port-Based Network Access Control] using [http://www.open1x.org Xsupplicant] with PEAP (PEAP/MS-CHAPv2) as authentication method and [http://www.freeradius.org/ FreeRADIUS] as back-end authentication server. If another authentication mechanism than PEAP is preferred, e.g., EAP-TLS or EAP-TTLS, only a small number of configuration options needs to be changed. PEAP/MS-CHAPv2 are also supported by Windows XP SP1/Windows 2000 SP3. ---- === 1.1. What is 802.1X? === The 802.1X-2001 standard states: "Port-based network access control makes use of the physical access characteristics of IEEE 802 LAN infrastructures in order to provide a means of ''authenticating'' and ''authorizing'' devices attached to a LAN port that has point-to-point connection characteristics, and of ''preventing access'' to that port in cases which the authentication and authorization fails. A port in this context is a single point of attachment to the LAN infrastructure." --- 802.1X-2001, page 1. images/8021X-Overview.png Figure 802.1X: A wireless node must be authenticated before it can gain access to other LAN resources. 1. When a new wireless node (WN) requests access to a LAN resource, the access point (AP) asks for the WN's identity. ''No other traffic than EAP is allowed before the WN is authenticated (the "port" is closed).''The wireless node that requests authentication is often called ''Supplicant'', although it is more correct to say that the wireless node ''contains'' a Supplicant. The Supplicant is responsible for responding to Authenticator data that will establish its credentials. The same goes for the access point; the ''Authenticator is'' not the access point. Rather, the access point contains an Authenticator. The Authenticator does not even need to be in the access point; it can be an external component.EAP, which is the protocol used for authentication, was originally used for dial-up PPP. The identity was the username, and either PAP or CHAP authentication [[http://www.ietf.org/rfc/rfc1994.txt RFC1994]] was used to check the user's password. Since the identity is sent in clear (not encrypted), a malicious sniffer may learn the user's identity. "Identity hiding" is therefore used; the real identity is not sent before the encrypted TLS tunnel is up. 1. After the identity has been sent, the authentication process begins. The protocol used between the Supplicant and the Authenticator is EAP, or, more correctly, EAP encapsulation over LAN (EAPOL). The Authenticator re-encapsulates the EAP messages to RADIUS format, and passes them to the Authentication Server.During authentication, the Authenticator just relays packets between the Supplicant and the Authentication Server. When the authentication process finishes, the Authentication Server sends a success message (or failure, if the authentication failed).'' The Authenticator then opens the "port" for the Supplicant.'' 1. After a successful authentication, the Supplicant is granted access to other LAN resources/Internet. See figure [#p8021x 802.1X] for explanation. Why is it called "port"-based authentication? The Authenticator deals with ''controlled'' and ''uncontrolled'' ports. Both the controlled and the uncontrolled port are logical entities (virtual ports), but use the same physical connection to the LAN (same point of attachment). images/8021X-Ports.png Figure port: The authorization state of the controlled port. Before authentication, only the uncontrolled port is "open". The only traffic allowed is EAPOL; see Authenticator System 1 on figure [#port port]. After the Supplicant has been authenticated, the controlled port is opened, and access to other LAN resources are granted; see Authenticator System 2 on figure [#port port]. 802.1X plays a major role in the new IEEE wireless standard 802.11i. ---- === 1.2. What is 802.11i? === ==== 1.2.1. WEP ==== Wired Equivalent Privacy (WEP), which is part of the original 802.11 standard, should provide confidentiality. Unfortunately WEP is poorly designed and easily cracked. There is no authentication mechanism, only a weak form of access control (must have the shared key to communicate). Read more [http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html here]. As a response to WEP broken security, IEEE has come up with a new wireless security standard named 802.11i. 802.1X plays a major role in this new standard. ---- ==== 1.2.2. 802.11i ==== The new security standard, 802.11i, which was ratified in June 2004, fixes all WEP weaknesses. It is divided into three main categories: 1. ''Temporary Key Integrity Protocol (TKIP)'' is a short-term solution that fixes all WEP weaknesses. TKIP can be used with old 802.11 equipment (after a driver/firmware upgrade) and provides integrity and confidentiality. 1. ''Counter Mode with CBC-MAC Protocol (CCMP) [[http://www.ietf.org/rfc/rfc3610.txt RFC2610]]'' is a new protocol, designed from ground up. It uses AES [[http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 197]] as its cryptographic algorithm, and, since this is more CPU intensive than RC4 (used in WEP and TKIP), new 802.11 hardware may be required. Some drivers can implement CCMP in software. CCMP provides integrity and confidentiality. 1. ''802.1X Port-Based Network Access Control:'' Either when using TKIP or CCMP, 802.1X is used for authentication. In addition, an optional encryption method called "Wireless Robust Authentication Protocol" (WRAP) may be used instead of CCMP. WRAP was the original AES-based proposal for 802.11i, but was replaced by CCMP since it became plagued by property encumbrances. Support for WRAP is optional, but CCMP support is mandatory in 802.11i. 802.11i also has an extended key derivation/management, described next. ---- ==== 1.2.3. Key Management ==== ===== 1.2.3.1. Dynamic key exchange and management ===== To enforce a security policy using encryption and integrity algorithms, keys must be obtained. Fortunately, 802.11i implements a key derivation/management regime. See figure [#keyman KM]. images/8021X-KeyManagement.png Figure KM: Key management and distribution in 802.11i. 1. When the Supplicant (WN) and Authentication Server (AS) authenticate, one of the last messages sent from AS, given that authentication was successful, is a ''Master Key (MK)''. After it has been sent, the MK is known only to the WN and the AS. The MK is bound to this session between the WN and the AS. 1. Both the WN and the AS derive a new key, called the ''Pairwise Master Key (PMK)'', from the Master Key. 1. The PMK is then moved from the AS to the Authenticator (AP). Only the WN and the AS can derive the PMK, else the AP could make access-control decisions instead of the AS. The PMK is a fresh symmetric key bound to this session between the WN and the AP. 1. PMK and a 4-way handshake are used between the WN and the AP to derive, bind, and verify a ''Pairwise Transient Key (PTK)''. The PTK is a collection of operational keys: * ''Key Confirmation Key (KCK)'', as the name implies, is used to prove the posession of the PMK and to bind the PMK to the AP. * ''Key Encryption Key (KEK)'' is used to distributed the Group Transient Key (GTK). Described below. * ''Temporal Key 1 & 2 (TK1/TK2)'' are used for encryption. Usage of TK1 and TK2 is ciphersuite-specific.See figure [#pkh PKH] for a overview of the Pairwise Key Hierarchy. 1. The KEK and a 4-way group handshake are then used to send the ''Group Transient Key (GTK)'' from the AP to the WN. The GTK is a shared key among all Supplicants connected to the same Authenticator, and is used to secure multicast/broadcast traffic. images/8021X-KeyHierarchy.png Figure PKH: Pairwise Key Hierarchy ---- ===== 1.2.3.2. Pre-shared Key ===== For small office / home office (SOHO), ad-hoc networks or home usage, a pre-shared key (PSK) may be used. When using PSK, the whole 802.1X authentication process is elided. This has also been called "WPA Personal" (WPA-PSK), whereas WPA using EAP (and RADIUS) is "WPA Enterprise" or just "WPA". The 256-bit PSK is generated from a given password using PBKDFv2 from [[http://www.ietf.org/rfc/rfc2898.txt RFC2898]], and is used as the Master Key (MK) described in the key management regime above. It can be one single PSK for the whole network (insecure), or one PSK per Supplicant (more secure). ---- ==== 1.2.4. TSN (WPA) / RSN (WPA2) ==== The industry didn't have time to wait until the 802.11i standard was completed. They wanted the WEP issues fixed now! [http://www.wi-fi.org/ Wi-Fi Alliance] felt the pressure, took a "snapshot" of the standard (based on draft 3), and called it ''Wi-Fi Protected Access (WPA)''. One requirement was that existing 802.11 equipment could be used with WPA, so WPA is basically TKIP + 802.1X. WPA is not the long term solution. To get a ''Robust Secure Network (RSN)'', the hardware must support and use CCMP. RSN is basically CCMP + 802.1X. RSN, which uses TKIP instead of CCMP, is also called Transition Security Network (TSN). RSN may also be called WPA2, so that the market don't get confused. Confused? Basically: * TSN = TKIP + 802.1X = WPA(1) * RSN = CCMP + 802.1X = WPA2 In addition comes key management, as described in the previous section. ---- === 1.3. What is EAP? === Extensible Authentication Protocol (EAP) [[http://www.ietf.org/rfc/rfc3748.txt RFC 3748]] is just the transport protocol optimized for authentication, not the authentication method itself: " [EAP is] an authentication framework which supports multiple authentication methods. EAP typically runs directly over data link layers such as Point-to-Point Protocol (PPP) or IEEE 802, without requiring IP. EAP provides its own support for duplicate elimination and retransmission, but is reliant on lower layer ordering guarantees. Fragmentation is not supported within EAP itself; however, individual EAP methods may support this." --- RFC 3748, page 3 ---- === 1.4. EAP authentication methods === Since 802.1X is using EAP, multiple different authentication schemes may be added, including smart cards, Kerberos, public key, one time passwords, and others. Some of the most-used EAP authentication mechanism are listed below. A full list of registered EAP authentication types is available at IANA: http://www.iana.org/assignments/eap-numbers. || ../images/warning.gif || Not all authentication mechanisms are considered secure! || * ''EAP-MD5:'' MD5-Challenge requires username/password, and is equivalent to the PPP CHAP protocol [[http://www.ietf.org/rfc/rfc1994.txt RFC1994]]. This method does not provide dictionary attack resistance, mutual authentication, or key derivation, and has therefore little use in a wireless authentication enviroment. * ''Lightweight EAP (LEAP):'' A username/password combination is sent to a Authentication Server (RADIUS) for authentication. Leap is a proprietary protocol developed by Cisco, and is not considered secure. Cisco is phasing out LEAP in favor of PEAP. The closest thing to a published standard can be found [http://lists.cistron.nl/pipermail/cistron-radius/2001-September/002042.html here]. * ''EAP-TLS:'' Creates a TLS session within EAP, between the Supplicant and the Authentication Server. Both the server and the client(s) need a valid (x509) certificate, and therefore a PKI. This method provides authentication both ways. EAP-TLS is described in [[http://www.ietf.org/rfc/rfc2716.txt RFC2716]]. * ''EAP-TTLS:'' Sets up a encrypted TLS-tunnel for safe transport of authentication data. Within the TLS tunnel, (any) other authentication methods may be used. Developed by Funk Software and Meetinghouse, and is currently an IETF draft. * ''Protected EAP (PEAP):'' Uses, as EAP-TTLS, an encrypted TLS-tunnel. Supplicant certificates for both EAP-TTLS and EAP-PEAP are optional, but server (AS) certificates are required. Developed by Microsoft, Cisco, and RSA Security, and is currently an IETF draft. * ''EAP-MSCHAPv2:'' Requires username/password, and is basically an EAP encapsulation of MS-CHAP-v2 [[http://www.ietf.org/rfc/rfc2759.txt RFC2759]]. Usually used inside of a PEAP-encrypted tunnel. Developed by Microsoft, and is currently an IETF draft. ---- === 1.5. What is RADIUS? === Remote Authentication Dial-In User Service (RADIUS) is defined in [[http://www.ietf.org/rfc/rfc2865.txt RFC2865]] (with friends), and was primarily used by ISPs who authenticated username and password before the user got authorized to use the ISP's network. 802.1X does not specify what kind of back-end authentication server must be present, but RADIUS is the "de-facto" back-end authentication server used in 802.1X. There are not many AAA protocols available, but both RADIUS and DIAMETER [[http://www.ietf.org/rfc/rfc3588.txt RFC3588]] (including their extensions) conform to full AAA support. AAA stands for Authentication, Authorization, and Accounting ([http://www.ietf.org/html.charters/aaa-charter.html IETF's AAA Working Group]). ---- == 2. Obtaining Certificates == || ../images/note.gif || OpenSSL must be installed to use either EAP-TLS, EAP-TTLS, or PEAP! || When using EAP-TLS, both the Authentication Server and all the Supplicants (clients) need certificates [[http://www.ietf.org/rfc/rfc2459.txt RFC2459]] . Using EAP-TTLS or PEAP, only the Authentication Server requires certificates; Supplicant certificates are optional. You get certificates from the local certificate authority (CA). If there is no local CA available, OpenSSL may be used to generate self-signed certificates. Included with the FreeRADIUS source are some helper scripts to generate self-signed certificates. The scripts are located under the `scripts/` folder included with the FreeRADIUS source: `CA.all` is a shell script that generates certificates based on some questions it ask. `CA.certs` generates certificates non-interactively based on pre-defined information at the start of the script. || ../images/note.gif || The scripts uses a Perl script called `CA.pl`, included with OpenSSL. The path to this Perl script in `CA.all` and `CA.certs` may need to be changed to make it work. || || ../images/tip.gif || More information on how to generate your own certificates can be found in the [http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/ SSL certificates HOWTO]. || ---- == 3. Authentication Server: Setting up FreeRADIUS == FreeRADIUS is a fully GPLed RADIUS server implementation. It supports a wide range of authentication mechanisms, but PEAP is used for the example in this document. ---- === 3.1. Installing FreeRADIUS === '''Installing FreeRADIUS''' 1. Head over to the FreeRADIUS site, http://www.freeradius.org/, and download the latest release.|| {{{ `# ``''''''cd '''/usr/local/src'''` `# ``''''''wget '''ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.0.tar.gz'''` `# ``''''''tar '''zxfv freeradius-1.0.0.tar.gz'''` `# ``''''''cd '''freeradius-1.0.0'''` }}} || 1. Configure, make and install:|| {{{ `# ``''''''./configure''''''` `# ``''''''make''''''` `# ``''''''make install''''''` }}} || ''You can pass options to '''configure'''. Use '''./configure --help''' or read the README file, for more information.'' The binaries are installed in `/usr/local/bin` and `/usr/local/sbin`. The configuration files are found under `/usr/local/etc/raddb`. If something went wrong, check the `INSTALL` and `README` included with the source. The [http://www.freeradius.org/faq/ RADIUS FAQ] also contains valuable information. ---- === 3.2. Configuring FreeRADIUS === FreeRADIUS has a big and mighty configuration file. It's so big, it has been split into several smaller files that are just "included" into the main `radius.conf` file. There is numerous ways of using and setting up FreeRADIUS to do what you want: i.e., fetch user information from LDAP, SQL, PDC, Kerberos, etc. In this document, user information from a plain text file, `users`, is used. || ../images/tip.gif || The configuration files are thoroughly commented, and, if that is not enough, the `doc/` folder that comes with the source contains additional information. || '''Configuring FreeRADIUS''' 1. The configuration files can be found under `/usr/local/etc/raddb/`|| {{{ `# ``''''''cd '''/usr/local/etc/raddb/'''` }}} || 1. Open the main configuration file `radiusd.conf`, ''and read the comments!'' Inside the encrypted PEAP tunnel, an MS-CHAPv2 authentication mechanism is used. 1. MPPE [[http://www.ietf.org/rfc/rfc3078.txt RFC3078]] is responsible for sending the PMK to the AP. Make sure the following settings are set:|| {{{ # under MODULES, make sure mschap is uncommented! mschap { # authtype value, if present, will be used # to overwrite (or add) Auth-Type during # authorization. Normally, should be MS-CHAP authtype = MS-CHAP # if use_mppe is not set to no, mschap will # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2 # use_mppe = yes # if mppe is enabled, require_encryption makes # encryption moderate # require_encryption = yes # require_strong always requires 128 bit key # encryption # require_strong = yes authtype = MS-CHAP # The module can perform authentication itself, OR # use a Windows Domain Controller. See the radius.conf file # for how to do this. } }}} || 1. Also make sure the "authorize" and "authenticate" contains:|| {{{ authorize { preprocess mschap suffix eap files } authenticate { # # MSCHAP authentication. Auth-Type MS-CHAP { mschap } # # Allow EAP authentication. eap } }}} || 1. Then, change the `clients.conf` file to specify what network it's serving:|| {{{ # Here, we specify which network we're serving client 192.168.0.0/16 { # This is the shared secret between the Authenticator (the # access point) and the Authentication Server (RADIUS). secret = SharedSecret99 shortname = testnet } }}} || 1. The `eap.conf` should also be pretty straightforward. 1. Set "default_eap_type" to "peap":|| {{{ default_eap_type = peap }}} || 1. Since PEAP is using TLS, the TLS section must contain:|| {{{ tls { # The private key password private_key_password = SecretKeyPass77 # The private key private_key_file = ${raddbdir}/certs/cert-srv.pem # Trusted Root CA list CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = /dev/urandom } }}} || 1. Find the "peap" section, and make sure it contain the following:|| {{{ peap { # The tunneled EAP session needs a default # EAP type, which is separate from the one for # the non-tunneled EAP module. Inside of the # PEAP tunnel, we recommend using MS-CHAPv2, # as that is the default type supported by # Windows clients. default_eap_type = mschapv2 } }}} || 1. The user information is stored in a plain text file `users`. A more sophisticated solution to store user information may be preferred (SQL, LDAP, PDC, etc.).Make sure the `users` file contains the following entry:|| {{{ "testuser" User-Password == "Secret149" }}} || ---- == 4. Supplicant: Setting up Xsupplicant == The Supplicant is usually a laptop or other (wireless) device that requires authentication. Xsupplicant does the bidding of being the "Supplicant" part of the IEEE 802.1X-2001 standard. ---- === 4.1. Installing Xsupplicant === '''Installing Xsupplicant''' 1. Download the latest source from from http://www.open1x.org/|| {{{ `# ``''''''cd '''/usr/local/src'''` `# ``''''''wget '''http://belnet.dl.sourceforge.net/sourceforge/open1x/xsupplicant-1.0.tar.gz'''` `# ``''''''tar '''zxfv xsupplicant-1.0.tar.gz'''` `# ``''''''cd '''xsupplicant'''` }}} || 1. Configure, make, and install:|| {{{ `# ``''''''./configure''''''` `# ``''''''make''''''` `# ``''''''make install''''''` }}} || 1. If the configuration file wasn't installed (copied) into the "etc" folder, do it manually:|| {{{ `# ``''''''mkdir '''-p /usr/local/etc/1x'''` `# ``''''''cp '''etc/tls-example.conf /usr/local/etc/1x'''` }}} || If installation fails, check the `README` and `INSTALL` files included with the source. You may also check out the [http://sourceforge.net/docman/display_doc.php?docid=23371&group_id=60236 official documentation]. ---- === 4.2. Configuring Xsupplicant === '''Configuring Xsupplicant''' 1. The Supplicant must have access to the root certificate.If the Supplicant needs to authenticate against the Authentication Server (authentication both ways), the Supplicant must have certificates as well.Create a certificate folder, and move the certificates into it:|| {{{ `# ``''''''mkdir''' -p /usr/local/etc/1x/certs'''` `# ``''''''cp''' root.pem /usr/local/etc/1x/certs/'''` `# `(copy optional client certificate(s) into the same folder) }}} || 1. Open and edit the configuration file:|| {{{ # startup_command: the command to run when Xsupplicant is first started. # This command can do things such as configure the card to associate with # the network properly. startup_command = /usr/local/etc/1x/startup.sh }}} || The `startup.sh` will be created shortly. 1. When the client is authenticated, it will transmit a DHCP request or manually set an IP address. Here, the Supplicant sets its IP address manually in `startup2.sh`:|| {{{ # first_auth_command: the command to run when Xsupplicant authenticates to # a wireless network for the first time. This will usually be used to # start a DHCP client process. #first_auth_command = dhclient %i first_auth_command = /usr/local/etc/1x/startup2.sh }}} || 1. Since "-i" is just for debugging purpose (and may go away according to the developers), "allow_interfaces" must be set:|| {{{ allow_interfaces = eth0 deny_interfaces = eth1 }}} || 1. Next, under the "NETWORK SECTION", we'll configure PEAP:|| {{{ # We'll be using PEAP allow_types = eap_peap # Don't want any eavesdropper to learn the username during the # first phase (which is unencrypted), so 'identity hiding' is # used (using a bogus username). identity = anonymous eap-peap { # As in tls, define either a root certificate or a directory # containing root certificates. root_cert = /usr/local/etc/1x/certs/root.pem #root_dir = /path/to/root/certificate/dir #crl_dir = /path/to/dir/with/crl chunk_size = 1398 random_file = /dev/urandom #cncheck = myradius.radius.com # Verify that the server certificate # has this value in its CN field. #cnexact = yes # Should it be an exact match? session_resume = yes # Currently 'all' is just mschapv2. # If no allow_types is defined, all is assumed. #allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM allow_types = eap_mschapv2 # Right now, you can do any of these methods in PEAP: eap-mschapv2 { username = testuser password = Secret149 } } }}} || 1. The Supplicant must first associate with the access point. The script `startup.sh` does that job. It is also the first command Xsupplicant executes.|| ../images/note.gif || Notice the bogus key we give to iwconfig (''enc 000000000'')! This key is used to tell the driver to run in encrypted mode. The key gets replaced after successful authentication. This can be set to ''enc off'' only if encryption is disabled in the AP (for testing purposes). || Both `startup.sh` and `startup2.sh` must be saved under `/usr/local/etc/1x/`.|| {{{ #!/bin/bash echo "Starting startup.sh" # Take down interface (if it's up) /sbin/ifconfig eth0 down # To make sure the routes are flushed sleep 1 # Configuring the interface with a bogus key /sbin/iwconfig eth0 mode managed essid testnet enc 000000000 # Bring the interface up and make sure it listens to multicast packets /sbin/ifconfig eth0 allmulti up echo "Finished startup.sh" }}} || 1. This next file is used to set the IP address statically. This can be omitted if a DHCP server is present (as it typically is, in many access points).|| {{{ #!/bin/bash echo "Starting startup2.sh" # Assigning an IP address /sbin/ifconfig eth0 192.168.1.5 netmask 255.255.255.0 echo "Finished startup2.sh" }}} || ---- == 5. Authenticator: Setting up the Authenticator (Access Point) == During the authentication process, the Authenticator just relays all messages between the Supplicant and the Authentication Server (RADIUS). EAPOL is used between the Supplicant and the Authenticator; and, between the Authenticator and the Authentication Server, UDP is used. ---- === 5.1. Access Point === Many access point have support for 802.1X (and RADIUS) authentication. It must first be configured to use 802.1X authentication. || ../images/note.gif || ''Configuring and setting up 802.1X on the AP may differ between vendors.'' Listed below are the required settings to make a Cisco AP350 work. Other settings to TIKP, CCMP etc. may also be configured. || The AP must set the ESSID to "testnet" and must activate: images/8021X-CiscoAP.png Figure AP350: The RADIUS configuration screen for a Cisco AP-350 * ''802.1X-2001:'' Make sure the 802.1X Protocol version is set to "802.1X-2001". Some older Access Points support only the draft version of the 802.1X standard (and may therefore not work). * ''RADIUS Server:'' the name/IP address of the RADIUS server and the shared secret between the RADIUS server and the Access Point (which in this document is "SharedSecret99"). See figure [#ciscoAP AP350]. * ''EAP Authentication:'' The RADIUS server should be used for EAP authentication. images/8021X-CiscoAP2.png Figure AP350-2: The Encryption configuration screen for a Cisco AP-350 * ''Full Encryption'' to allow only encrypted traffic. Note that 802.1X may be used without using encryption, which is nice for test purposes. * ''Open Authentication'' to make the Supplicant associate with the Access Point before encryption keys are available. Once the association is done, the Supplicant may start EAP authentication. * ''Require EAP'' for the "Open Authentication". That will ensure that only authenticated users are allowed into the network. ---- === 5.2. Linux Authenticator === An ordinary Linux node can be set up to function as a wireless Access Point and Authenticator. How to set up and use Linux as an AP is beyond the scope of this document. Simon Anderson's [http://oob.freeshell.org/nzwireless/LWAP-HOWTO.html Linux Wireless Access Point HOWTO] may be of guidance. ---- == 6. Testbed == === 6.1. Testcase === images/8021X-Testbed.png figure testbed: A wireless node request authentication. Our testbed consists of two nodes and one Access Point (AP). One node functions as the Supplicant (WN), the other as the back-end Authentication Server running RADIUS (AS). The Access Point is the Authenticator. See figure [#testbedimg testbed] for explanation. || ../images/important.gif || It is crucial that the Access Point be able to reach (ping) the Authentication Server, and vice versa! || ---- === 6.2. Running some tests === '''Running some tests''' 1. The RADIUS server is started in debug mode. This produces ''a lot'' of debug information. The important snippets are below:|| {{{ `# ``''''''radiusd''' -X'''` Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf ...... Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) ...... Module: Loaded eap eap: default_eap_type = "peap" ../images/callouts/1.gif eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 tls: rsa_key_exchange = no ../images/callouts/2.gif tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "SecretKeyPass77" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" ../images/callouts/3.gif peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) ...... Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" ../images/callouts/4.gif ...... Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. ../images/callouts/5.gif }}} || [#rad_peap ../images/callouts/1.gif]:: Default EAP type is set to PEAP.[#rad_tls ../images/callouts/2.gif]:: RADIUS's TLS settings are initiated here. The certificate type, location, and password are listet here.[#rad_mschapv2 ../images/callouts/3.gif]:: Inside the PEAP tunnel, MS-CHAPv2 is used.[#rad_users ../images/callouts/4.gif]:: The username/password information is found in the `users` file.[#rad_finished ../images/callouts/5.gif]:: RADIUS server started successfully. Waiting for incoming requests.The radius server is now ready to process requests!The most interesting output is included above. If you get any error message instead of the last line, go over the configuration (above) carefully. 1. Now the Supplicant is ready to get authenticated. Start Xsupplicant in debug mode. Note that we'll see output produced by the two startup scripts: `startup.sh` and `startup2.sh`.|| {{{ `# ``''''''xsupplicant''' -c /usr/local/etc/1x/1x.conf -i eth0 -d 6'''` Starting /etc/1x/startup.sh Finished /etc/1x/startup.sh Starting /etc/1x/startup2.sh Finished /etc/1x/startup2.sh }}} || 1. At the same time, the RADIUS server is producing a lot of output. Key snippets are shown below:|| {{{ ...... rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS ../images/callouts/1.gif eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK ../images/callouts/2.gif rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 8 modcall: group authenticate returns ok for request 8 Login OK: [testuser/] (from client testnet port 37 cli 0002a56fa08a) Sending Access-Accept of id 8 to 192.168.2.1:1032 ../images/callouts/3.gif MS-MPPE-Recv-Key = 0xf21757b96f52ddaefe084c343778d0082c2c8e12ce18ae10a79c550ae61a5206 ../images/callouts/4.gif MS-MPPE-Send-Key = 0x5e1321e06a45f7ac9f78fb9d398cab5556bff6c9d003cdf8161683bfb7e7af18 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" }}} || [#rpro_tls ../images/callouts/1.gif]:: TLS session startup. Doing TLS-handshake.[#rpro_peap ../images/callouts/2.gif]:: The TLS session (PEAP-encrypted tunnel) is up.[#rpro_accept ../images/callouts/3.gif]:: The Supplicant has been authenticated successfully by the RADIUS server. An "Access-Accept" message is sent.[#rpro_reckey ../images/callouts/4.gif]:: The ''MS-MPPE-Recv-Key'' [[http://www.ietf.org/rfc/rfc2548.txt RFC2548] section 2.4.3] contains the Pairwise Master Key (PMK) destined to the Authenticator (access point), encrypted with the MPPE Protocol [[http://www.ietf.org/rfc/rfc3078.txt RFC3078]], using the shared secret between the Authenticator and Authentication Server as key. The Supplicant derives the same PMK from MK, as described in [#Key Key Management]. 1. The Authenticator (access point) may also show something like this in its log:|| {{{ 00:02:16 (Info): Station 0002a56fa08a Associated 00:02:17 (Info): Station=0002a56fa08a User="testuser" EAP-Authenticated }}} || That's it! The Supplicant is now authenticated to use the Access Point! ---- == 7. Note about driver support and Xsupplicant == As described in [#Key Key Management], one of the big advantages of using Dynamic WEP/802.11i with 802.1X is the support for session keys. A new encryption key is generated for each session. Xsupplicant only supports "Dynamic WEP" as of this writing. Support for WPA and RSN/WPA2 (802.11i) is being worked on, and is estimated to be supported at the end of the year/early next year (2004/2005), according to Chris Hessing (one of the Xsupplicants developers). Not all wireless drives support dynamic WEP, nor WPA. To use RSN (WPA2), new support in hardware may even be required. Many older drivers assume only one WEP key will be used on the network at any time. The card is reset whenever the key is changed to let the new key take effect. This triggers a new authentication, and there is a never-ending loop. At the time of writing, most of the wireless drivers in the base Linux kernel require patching to make dynamic WEP/WPA work. They will, in time, be upgraded to support these new features. Many drivers developed outside the kernel, however, support for dynamic WEP; HostAP, madwifi, Orinoco, and atmel should work without problems. Instead of using Xsupplicant, [http://hostap.epitest.fi/wpa_supplicant/ wpa_supplicant] may be used. It has support for both WPA and RSN (WPA2), and a wide range of EAP authentication methods. ---- == 8. FAQ == Do not forget to check out the FAQ section of both the [http://www.freeradius.org/faq/ FreeRADIUS] (highly recommended!) and [http://sourceforge.net/docman/display_doc.php?docid=23371&group_id=60236#ch7 Xsupplicant] Web sites! 8.1. [#AEN626 Is it possible to allow user-specific Xsupplicant configuration, to avoid having a global configuration file? ]:: 8.2. [#AEN632 I don't want to use PEAP; can I use EAP-TTLS or EAP-TLS instead?]:: 8.3. [#AEN637 Can I use a Windows Supplicant (client) instead of GNU/Linux? ]:: 8.4. [#AEN643 Can I use a Active Directory to authenticate users? ]:: 8.5. [#AEN649 Is there any Windows Supplicant clients available? ]:: '''8.1. ''' Is it possible to allow user-specific Xsupplicant configuration, to avoid having a global configuration file? No, not at the moment. '''8.2. '''I don't want to use PEAP; can I use EAP-TTLS or EAP-TLS instead? Yes. To use EAP-TTLS, only small changes to the configuration used in this document are required. To use EAP-TLS, client certificates must be used as well. '''8.3. ''' Can I use a Windows Supplicant (client) instead of GNU/Linux? Yes. Windows XP SP1/Windows 2000 SP3 has support for PEAP MSCHAPv2 (used in this document). A Windows HOWTO can be found here: [http://text.dslreports.com/forum/remark,9286052~mode=flat FreeRADIUS/WinXP Authentication Setup] '''8.4. ''' Can I use a Active Directory to authenticate users? Yes. FreeRADIUS can authenticate users from AD by using "ntlm_auth". '''8.5. ''' Is there any Windows Supplicant clients available? Yes. As of Windows XP SP1 or Windows 2000 SP3, support for WPA (PEAP/MS-CHAPv2) is supported. Other clients include (not tested) [http://www.securew2.com Secure W2] (free for non-commercial) and [http://wire.cs.nthu.edu.tw/wire1x/ WIRE1X]. [http://www.funk.com Funk Software] also has a commercial client available. ---- == 9. Useful Resources == Only IEEE standards older than 12 months are available to the public in general (through the [http://standards.ieee.org/getieee802/ "Get IEEE 802 Program"]). So the new ''802.11i'' and ''802.1X-2004'' standards documents are not available. You must be a IEEE participant to get hold of any drafts/work in progress papers (which actually isn't that hard - just join a mailing list and say you are interested). 1. FreeRADIUS Server Project[http://www.freeradius.org/ http://www.freeradius.org/] 1. Open1x: Open Source implementation of IEEE 802.1X (Xsupplicant)[http://www.open1x.org/ http://www.open1x.org/] 1. The Open1x User's Guide[http://sourceforge.net/docman/display_doc.php?docid=23371&group_id=60236 http://sourceforge.net/docman/display_doc.php?docid=23371&group_id=60236] 1. Port-Based Network Access Control (802.1X-2001)[http://standards.ieee.org/getieee802/download/802.1X-2001.pdf http://standards.ieee.org/getieee802/download/802.1X-2001.pdf] 1. RFC2246: The TLS Protocol Version 1.0[http://www.ietf.org/rfc/rfc2246.txt http://www.ietf.org/rfc/rfc2246.txt] 1. RFC2459: Internet X.509 Public Key Infrastructure - Certificate and CRL Profile[http://www.ietf.org/rfc/rfc2459.txt http://www.ietf.org/rfc/rfc2459.txt] 1. RFC2548: Microsoft Vendor-specific RADIUS Attributes[http://www.ietf.org/rfc/rfc2548.txt http://www.ietf.org/rfc/rfc2548.txt] 1. RFC2716: PPP EAP TLS Authentication Protocol[http://www.ietf.org/rfc/rfc2716.txt http://www.ietf.org/rfc/rfc2716.txt] 1. RFC2865: Remote Authentication Dial-In User Service (RADIUS)[http://www.ietf.org/rfc/rfc2865.txt http://www.ietf.org/rfc/rfc2865.txt] 1. RFC3079: Deriving Keys for use with Microsoft Point-to-Point Encryption (MPPE)[http://www.ietf.org/rfc/rfc3079.txt http://www.ietf.org/rfc/rfc3079.txt] 1. RFC3579: RADIUS Support For EAP[http://www.ietf.org/rfc/rfc3579.txt http://www.ietf.org/rfc/rfc3579.txt] 1. RFC3580: IEEE 802.1X RADIUS Usage Guidelines[http://www.ietf.org/rfc/rfc3580.txt http://www.ietf.org/rfc/rfc3580.txt] 1. RFC3588: Diameter Base Protocol[http://www.ietf.org/rfc/rfc3588.txt http://www.ietf.org/rfc/rfc3588.txt] 1. RFC3610: Counter with CBC-MAC (CCM)[http://www.ietf.org/rfc/rfc3610.txt http://www.ietf.org/rfc/rfc3610.txt] 1. RFC3748: Extensible Authentication Protocol (EAP)[http://www.ietf.org/rfc/rfc3748.txt http://www.ietf.org/rfc/rfc3748.txt] 1. Linux Wireless Access Point HOWTO [http://oob.freeshell.org/nzwireless/LWAP-HOWTO.html http://oob.freeshell.org/nzwireless/LWAP-HOWTO.html] 1. SSL Certificates HOWTO[http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/ http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/] 1. OpenSSL: x509(1)[http://www.openssl.org/docs/apps/x509.html http://www.openssl.org/docs/apps/x509.html] ---- == 10. Copyright, acknowledgments and miscellaneous == === 10.1. Copyright and License === Copyright (c) 2004 Lars Strand. Permission is granted to copy, distribute and/or modify this document under the terms of the [http://www.gnu.org/licenses/fdl.html GNU Free Documentation License], Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". ---- === 10.2. How this document was produced === This document was written in DocBook XML using Emacs. ---- === 10.3. Feedback === Suggestions, corrections, additions wanted. Contributors wanted and acknowledged. Flames not wanted. I can always be reached at `<[mailto:lars strand at gnist org lars strand at gnist org]>` Homepage: http://www.gnist.org/~lars/ ---- === 10.4. Acknowledgments === Thanks to Andreas Hafslund `<[mailto:andreha at unik no andreha at unik no]>` and Thales Communication for initial support. Also thanks to Artur Hecker `<[mailto:hecker at enst fr hecker at enst fr]>`, Chris Hessing `<[mailto:chris hessing at utah edu chris hessing at utah edu]>`, Jouni Malinen `<[mailto:jkmaline at cc hut fi jkmaline at cc hut fi]>` and Terry Simons `<[mailto:galimore at mac com galimore at mac com]>` for valuable feedback! Thanks to Rick Moen `<[mailto:rick at linuxmafia com rick at linuxmafia com]>` for doing a language review! ---- <>