FreeRADIUS3 cleartext password in users file
scream88 last edited by
I build a solution to authenticate the wifi users with radius to get dynamic VLAN assignment to work.
I use UniFi APs with a controller and the freeradius3 package on my existing pfsense.
Everything work fine so far. I use the "users" function of freeradius package itself.
One point that is really annoying for me is the fact that the password of all users is stored in plaintext in the users-file that can be displayed over "view config" -> "users".
If I select "MD5-Password" the password is stored as hash but wifi authentication doesn't work anymore :(
Is there any solution to get my wifi authentication work but without seeing the passwords in cleartext in the users-file?
(I also tried with LDAP but I can not find a solution to map groups to VLANs in Freeradius. So what I look for is ldap group "wifi-lan" = vlan10, "wifi-guest" = vlan20, "wifi-voip" = vlan30 ...)
Even if they were encrypted before being put in there, they are still in plain text in
config.xml. If you don't like that, set the user password to MD5-Password and put the hash in and not the actual password in FreeRADIUS.
Keeping them plaintext but encrypting/hashing them in the users file would be pointless.