802.1x wired

'User made' tutorials related to Porteus Kiosk edition.
Official kiosk documentation can be find here: http://porteus-kiosk.org/documentation.html
Forum rules
Porteus Kiosk section of the forum is unmaintained now. Its kept in a 'read only' mode for archival purposes.
Please use the kiosk contact page for directing your queries: https://porteus-kiosk.org/contact.html
Acoon
Ronin
Ronin
Posts: 2
Joined: 17 Jan 2019, 13:36
Distribution: 4.7.0

802.1x wired

Post#1 by Acoon » 17 Jan 2019, 13:41

Hi,

I'm introducing 802.1x and the time has now come to Porteus Kiosk.
I have made a new installation with 4.7.0 and entered username and password.

But it seems that porteus is very limited in terms of EAP methods.
As far as i have figured out it only support EAP-TTLS/PAP. Can someone verify that or correct me?

Is there a way to make it use EAP-PEAP / EAP-MSCHAPv2?

Br,
Thomas

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: 802.1x wired

Post#2 by fanthom » 17 Jan 2019, 15:08

Hi Thomas,

"As far as i have figured out it only support EAP-TTLS/PAP. Can someone verify that or correct me?"
Correct

"Is there a way to make it use EAP-PEAP / EAP-MSCHAPv2?"
As far as i know this method requires certificate to work? If yes the it will be more complicated to get it working properly as cert may expire and without network access you wont be able to update it easily.
The only way would be to load a new cert from the usb stick (which means that custom build would be required).
Please add [Solved] to your thread title if the solution was found.

Acoon
Ronin
Ronin
Posts: 2
Joined: 17 Jan 2019, 13:36
Distribution: 4.7.0

Re: 802.1x wired

Post#3 by Acoon » 17 Jan 2019, 20:32

fanthom wrote:
17 Jan 2019, 15:08
"Is there a way to make it use EAP-PEAP / EAP-MSCHAPv2?"
As far as i know this method requires certificate to work? If yes the it will be more complicated to get it working properly as cert may expire and without network access you wont be able to update it easily.
The only way would be to load a new cert from the usb stick (which means that custom build would be required).
Yes, and no.
If set up correct, a host name and a CA should be defined. Then you can update radius cert as you see fit as long as the CA and host name is the same.

I believe Porteus base is centos. If I can make 802.1x work on a standard centos, is it possible to alter the iso?

Br
Thomas

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: 802.1x wired

Post#4 by fanthom » 18 Jan 2019, 10:42

I'm sorry but i dont understand the concept (I thought when cert is not available or expires then network connection cant be established?)

Anyway - feel free to customize the ISO and make it working the way you want:
https://porteus-kiosk.org/kiosk-customization.html

Thanks
Please add [Solved] to your thread title if the solution was found.

Locked