FreeRADIUS3 cleartext password in users file



  • Hi together

    I build a solution to authenticate the wifi users with radius to get dynamic VLAN assignment to work.
    I use UniFi APs with a controller and the freeradius3 package on my existing pfsense.
    Everything work fine so far. I use the "users" function of freeradius package itself.

    One point that is really annoying for me is the fact that the password of all users is stored in plaintext in the users-file that can be displayed over "view config" -> "users".

    If I select "MD5-Password" the password is stored as hash but wifi authentication doesn't work anymore :(

    Is there any solution to get my wifi authentication work but without seeing the passwords in cleartext in the users-file?

    (I also tried with LDAP but I can not find a solution to map groups to VLANs in Freeradius. So what I look for is ldap group "wifi-lan" = vlan10, "wifi-guest" = vlan20, "wifi-voip" = vlan30 ...)


  • Rebel Alliance Developer Netgate

    Even if they were encrypted before being put in there, they are still in plain text in config.xml. If you don't like that, set the user password to MD5-Password and put the hash in and not the actual password in FreeRADIUS.

    Keeping them plaintext but encrypting/hashing them in the users file would be pointless.