LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-17-2007, 09:27 PM   #1
mpyusko
Member
 
Registered: Oct 2003
Location: Rochester, NY, USA
Distribution: Salckware ver 10.1 - 14.1, Debian too.
Posts: 432
Blog Entries: 1

Rep: Reputation: 41
Question require username and password for network access


Before you criticize my method, please understand that everyone has a different way, and this works for me.

I have a hybrid wired/wifi network.

I have a Broadband cable modem connected to a router. The router is directly connected to a NAS, a Desktop, and a WAP. The WAP allows the few laptops that come and go, access to the network and also the internet.

The Router (Static IP) provides DNS cache & DHCP for the laptops.
The Desktop (Static IP) (Linux) provides printer, and Intranet.
The NAS (Static IP) (DMZ) provides local SMB shares and remote FTP.
The WAP (Static IP) runs WEP, & MAC filtering (openWRT).
The Laptops are all XP. (7 rotate through)

What I would like to have is a way that when a laptop is authorized with a valid WEP key and Mac address, that it still require a valid username and password combination for access. The username and password would be validated by the Linux desktop.

I would also like it to be able to authorize for a Linux Laptop (in the future) as well.

If it can be done without installing software on the laptops that is best. However, if it needs client software, can it be automatically installed with a login script?

Last edited by mpyusko; 11-17-2007 at 09:28 PM.
 
Old 11-18-2007, 03:45 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,370
Blog Entries: 55

Rep: Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555
Quote:
Originally Posted by mpyusko View Post
Before you criticize my method
No, only the place. You're not talking about a security problem or control method but just the *software* for it, so I'll move this to Linux Software.


Quote:
Originally Posted by mpyusko View Post
What I would like to have is a way that when a laptop is authorized with a valid WEP key and Mac address, that it still require a valid username and password combination for access. The username and password would be validated by the Linux desktop.
Lookup Sourceforge/Freshmeat for "captive portal" or "wireless portal software" or check http://www.personaltelco.net/index.cgi/PortalSoftware for a nice list and http://en.wikipedia.org/wiki/Captive_portal for a description and less elaborate list.


Quote:
Originally Posted by mpyusko View Post
If it can be done without installing software on the laptops that is best. However, if it needs client software, can it be automatically installed with a login script?
Check items in given lists, read details, try, then ask.
 
Old 11-18-2007, 08:36 AM   #3
mpyusko
Member
 
Registered: Oct 2003
Location: Rochester, NY, USA
Distribution: Salckware ver 10.1 - 14.1, Debian too.
Posts: 432
Blog Entries: 1

Original Poster
Rep: Reputation: 41
My apologies. I was going to post it under the Networking section but after reading the sticky, it didn't quite fit.

I figured it fell under Security/Access Control.

Software is such a general term.

Anyway, again....

My apologies. Thank you for the info.
 
Old 11-18-2007, 10:35 AM   #4
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 234Reputation: 234Reputation: 234
This is an interesting problem, please post your results.
 
Old 11-18-2007, 11:56 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,370
Blog Entries: 55

Rep: Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555Reputation: 3555
Quote:
Originally Posted by mpyusko View Post
I figured it fell under Security/Access Control.
Awww, OK. I'll keep it here ;-p
 
Old 11-18-2007, 12:15 PM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
The only criticism I could offer is the use of WEP.
MAC address control doesn't offer much security.

The wpa_supplicant example/ directory has a couple examples that might be useful:
ieee8021x.conf wpa2-eap-ccmp.conf

These would be for the client side. I think that the starting point might be to look at what your router supports. For example you could select wpa enterprise or radius settings on a Linksys WRT54-G router. Then you would need to run a radius server. The first one is for WPA and the second for WEP. Otherwise you may need to use a host as an AP instead of the router.
 
Old 11-18-2007, 08:34 PM   #7
mpyusko
Member
 
Registered: Oct 2003
Location: Rochester, NY, USA
Distribution: Salckware ver 10.1 - 14.1, Debian too.
Posts: 432
Blog Entries: 1

Original Poster
Rep: Reputation: 41
I use WEP because I have some legacy hardware that doesn't support WPA. Besides, I live in a complex with a dozen other AP's in range. ESSID not broadcast, MAC filtering, and WEP 128bit are fine. If I can add username and password to it, then I've got a higher level. First you have to find the ESSID, then the WEP 128, then the MAC, then a username, then a password. Honestly, how long would that take to crack?

My router is a BEFSR41. My AP is WAP54G. I could reclaim my WRT54G, but I can't remember what version it is, hence if it's even open-source. The AP is running openWRT White Russian. It's the best it can handle.

I've got to be able to accomplish it somehow.
 
Old 11-19-2007, 04:51 AM   #8
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
add a second network card to the linux computer that you want everyone to authenticate to. Then connect the WAP to that computer and allow ip forwarding. Install openVPN on that linux machine and all laptops. Then they will have to use the vpn to get any network access. very secure wireless and still provides your username and password authentication for network access.

I would not do a user/pass setup any other way. If you just do a username and password and someone has already cracked the WEP then the password would not be encrypted at all. it would be sent in clear text and they could capture it.

Quote:
First you have to find the ESSID, then the WEP 128
the ESSID is very easy to find even when broadcasting is turned off. The AP does not broadcast the ESSID but all the clients still have to broadcast it back when they are connected and it can be found that way very easy... Wesside ( the program ) that will be on BT3 makes wep cracking for kiddies. Just start the program on the channel you want and thats it. once it has enough traffic it will begin cracking it.

Last edited by slimm609; 11-19-2007 at 05:00 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to import windows network username & password to OpenLdap aminsa Linux - Enterprise 3 07-29-2007 07:41 PM
How do I remount a network SMB share (on reboot) requiring a username & password BuckRogers01 Linux - Networking 1 07-09-2005 11:53 AM
Samba access without unix username/password? mdkelly069 Linux - Networking 0 09-13-2004 05:05 PM
Network Server username and password cache linuxzouk Linux - Networking 7 06-02-2004 08:08 AM
How to config sendmail to require username/password? jimwillsher Linux - Security 1 02-09-2004 09:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration