Versions Compared

Old Version 19

changes.mady.by.user Chandrakanth Pokuru

Saved on

compared with

New Version 20

changes.mady.by.user Chandrakanth Pokuru

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Username and Password Authentication

To map Wi-Fi Passpoint with Username and Password Authentication, you would typically use EAP-TTLS (Tunneled Transport Layer Security) or EAP-PEAP (Protected Extensible Authentication Protocol). These authentication methods allow the use of usernames and passwords securely over Wi-Fi networks. In these protocols, an outer TLS tunnel is established to protect the inner authentication, where the user credentials (username and password) are verified

Steps to Map Username and Password Authentication with Wi-Fi Passpoint

1. Understanding EAP-TTLS and EAP-PEAP:

      • EAP-TTLS and EAP-PEAP are both Extensible Authentication Protocol (EAP) types used for WPA2-Enterprise or WPA3-Enterprise networks. They both work by establishing a secure TLS tunnel between the client and the authentication server (usually a RADIUS server).
      • Inside this tunnel, user credentials (username and password) are sent securely for authentication.
      • EAP-TTLS supports multiple inner authentication mechanisms (such as PAP, CHAP, MS-CHAPv2, etc.).
      • EAP-PEAP typically uses MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2) to authenticate with a username and password.

2. Components Involved:

      • Passpoint Profile: Configured on the client device to define how the device should connect to a Passpoint-enabled network that supports username and password-based authentication.
      • Access Point (AP): Configured to support WPA2/WPA3-Enterprise with EAP-TTLS or EAP-PEAP as the authentication method.
      • RADIUS Server: Performs authentication by validating the username and password. It also validates the server’s certificate.
      • Client Device: Configured with a Passpoint profile that includes the username and password for authentication.

3. Configure the RADIUS Server for EAP-TTLS or EAP-PEAP:

The RADIUS server must be configured to support EAP-TTLS or EAP-PEAP. The RADIUS server will authenticate the username and password against a backend database, such as LDAP, Active Directory, or a local user database.

Steps:

      • Install the server certificate on the RADIUS server, which is used to establish the TLS tunnel for secure communication.
      • Configure the RADIUS server to support EAP-TTLS or EAP-PEAP and to verify the username and password credentials.