Suite of EAP supplicants for Microsoft Windows - IEEE 802.1X clients for enterprise network authentication
- Integrates into Windows seamlessly
- Wired and wireless network support
- EAP-TTLS with the following inner methods:
- PAP
- MSCHAPv2
- EAP-MSCHAPv2
- EAP-GTC: Challenge/Response and Password authentication modes
- System-installed EAP method chaining (experimental)
- Microsoft Windows Credential Manager stored user credentials
- User credentials can be shared between different network profiles, regardless of their connection: wired or wireless
- Encrypted EapHost inter-process communication
- TLS:
- Separate trusted root CA list
- Configurable list of accepted server names
- Post-authentication CRL check
- Reporting to Event Log channels: Operational and Analytic verbosity
- Real-time event monitoring utility
- Customizable helpdesk contact information
- Lockable network profile configuration
- Released as multi-lingual x86, x64, and ARM64 MSI packages; Group Policy deployment supported
- MsiUseFeature utility for the product install state testing (for embedding this product into other setup packages)
- CredWrite utility for automated user credential import to Credential Manager
- WLANManager utility to allow network profile configuration dialog shortcuts
- Windows Vista, Windows Server 2008
- Windows 7, Windows Server 2008 R2
- Windows 8 Desktop, Windows Server 2012
- Windows 8.1 Desktop, Windows Server 2012 R2
- Windows 10 Desktop, Windows Server 2016
Binaries are available for download here.
- Microsoft Windows Vista or later
- Microsoft Visual Studio 2019
- msgfmt.exe from gettext;
Hint: Poedit contains up-to-date binary Win32 compiled gettext-utilities. Install it and add
GettextTools\bin
folder to the system path. - sed.exe and grep.exe Hint: Git for Windows contains up-to-date set of GNU utilities.
- MsiDb.Exe and other command line utilities for MSI packaging distributed as a part of Microsoft Windows SDK (installed with Visual Studio). Add SDK's
Bin
folder to the system path.
This product is using wxWidgets static libraries. Since upstream wxWidgets libraries don't support ARM64 yet, a clone with ARM64 support was prepared at GitHub.
- Start command prompt
- Change working folder to
build\msw
- Run:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvarsamd64_x86.bat"
- Run:
nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 COMPILER_VERSION=142
- Run:
nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 COMPILER_VERSION=142 BUILD=release
- Start command prompt
- Change working folder to
build\msw
- Run:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
- Run:
nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 COMPILER_VERSION=142 TARGET_CPU=X64
- Run:
nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 COMPILER_VERSION=142 TARGET_CPU=X64 BUILD=release
- Start command prompt
- Change working folder to
build\msw
- Run:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvarsamd64_arm64.bat"
- Run:
nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 COMPILER_VERSION=142 TARGET_CPU=ARM64 USE_OPENGL=0
- Run:
nmake /f makefile.vc /ls RUNTIME_LIBS=static SHARED=0 COMPILER_VERSION=142 TARGET_CPU=ARM64 USE_OPENGL=0 BUILD=release
The product compilation references wxWidgets libraries using WXWIN
environment variable. Please set it to wxWidgets folder (i.e. C:\SDK\wxWidgets
).
In order to have the build process digitally sign the Release output files, one should setup either:
-
Local signing:
- A signing certificate/hardware key
- The following variables in the environment:
ManifestCertificateThumbprint
- set the value to certificate’s SHA1 thumbprint (hexadecimal, without spaces, e.g.bc0d8da45f9eeefcbe4e334e1fc262804df88d7e
).ManifestTimestampRFC3161Url
- set the value to URL used to perform timestamp signature (e.g.http://sha256timestamp.ws.symantec.com/sha256/timestamp
,http://timestamp.digicert.com
etc.). In order to perform the timestamp signing successfully, the computer running the build should be online and able to access this URL.
-
Microsoft Trusted Signing:
- Install Trusted Signing dlib package:
nuget install Microsoft.Trusted.Signing.Client -Version 1.0.53 -x`
- Provide a
manifest.json
file and place it at%APPDATA%\Microsoft.Trusted.Signing.Client.json
:notepad "%APPDATA%\Microsoft.Trusted.Signing.Client.json"
- Install Trusted Signing dlib package:
Debug configurations are not digitally signed by design.
This product has some submodules. When cloning Git repository, make sure to use --recursive
Git switch to clone submodules too. Example:
git clone --recursive "https://github.com/Amebis/GEANTLink.git" "C:\Projects\GEANTLink"
After clone is complete, grant Users local group read and execute permissions to output
subfolder (when working folder is private). This allows EapHost service to load DLL, and Event Viewer to display events.
The product can be build and debugged opening GEANTLink.sln in Visual C++ IDE.
Before one can attempt to debug EAP DLLs, you should run nmake register
from an elevated command prompt. See Building in command line chapter below.
Next, one must configure a network profile to actually use one of this product's EAP modules for the authentication.
EAP modules are divided into two DLLs: backend (i.e. EAP-TTLS.dll) and GUI (i.e. EAP-TTLS_UI.dll).
The backend DLL is loaded by Eap3Host.exe process when connecting to the network. One approach to debug the module is to start Visual C++ elevated, open GEANTLink.sln, and attach to the running Eap3Host.exe process.
On initial connection attempt Eap3Host.exe will load the DLL and will not release it until EapHost service is restarted. To release our DLL (i.e. for rebuild) you have to restart EapHost service manually or run nmake register
again.
To debug early life of our backend DLL, uncomment Sleep(10000)
in DllMain()
of the module, and set breakpoints. This should give you plenty of time to catch emerging Eap3Host.exe process and attach the debugger to it before our DLL starts servicing authentication.
The GUI DLL is loaded by DllHost.exe process on XML profile configuration import/export and when interactive user interface is required.
A few seconds after desired function call has finished, DllHost.exe terminates and releases the DLL.
To debug early life of our GUI DLL, uncomment Sleep(10000)
in DllMain()
of the module, and set breakpoints. This should give you plenty of time to attach the debugger to DllHost.exe process before our DLL starts.
Open Developer Command Prompt for VS 2019 for building.
Use Microsoft NMAKE to build the project.
Command | Explanation |
---|---|
nmake Clean |
Deletes all intermediate and output files. |
nmake Register |
Builds a debug version of project, registers DLLs, and adds Start Menu shortcuts. For testing and development purposes only! Requires elevated command prompt. |
nmake Unregister |
Removes Start Menu shortcuts, unregisters DLLs. For testing development purposes only! Requires elevated command prompt. |
nmake Setup |
Builds a release version of project and release MSI setup files. The resulting files can be found in output\Setup folder. |
nmake SetupDebug |
Builds a debug version of project and debug MSI setup files. The resulting files can be found in output\Setup folder. |
The /ls
flag can be appended to the commands above to reduce NMAKE’s verbosity. You can combine multiple targets (i.e. nmake Unregister Clean). Please, see NMAKE reference for further reading.
This product is fully localizable. We kindly invite you to help translating it on Transifex.