Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRADIUS3 OTP and WiFi

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    6 Posts 2 Posters 573 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • boukeB
      bouke
      last edited by

      Hello,

      I am using RADIUS for my WiFi network. It works fine with a username and password. EAP-PEAP with MSCHAPv2 works fine with my phones (iPhone, Android), tablets (iPad, Android) and my laptop (Debian GNU/Linux).

      I did notice OTP. Is it possible to use OTP with WiFI?

      Maybe this question is a bit odd, as the password keeps changing. I did test EAP-PEAP MSCHAPv2 and GTC to see if my phone authenticates once - just as a test - but it fails.

      GTC results in "EAP sub-module failed" and MSCHAPv2 results in "No NT/LM-Password".

      Any ideas if this is feasible? Or if something similar works better? Thanks.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        So why would you want to make your life so difficult? Who are the clients to access said wireless network?

        Why not just lock down who can access with eap-tls? Ie use a cert..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • boukeB
          bouke
          last edited by

          I'm just curious if something like this is possible. But I think you are right :-)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Just because freerad supports such a thing - why would you think connecting to wifi network would.. Does your AP support such a model? With OTP to auth to the wifi network?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            boukeB 1 Reply Last reply Reply Quote 0
            • boukeB
              bouke @johnpoz
              last edited by

              @johnpoz I just added my Ruckus R500 under "NAS / Clients" using a client shared secret and configured a test network on my access point.

              Authentication of the WiFi users is done by FreeRADIUS based on a username and password. It's just out of curiosity to see if OTP would work instead of a password.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                I guess it could replace the password with the otp... But that would really be such a pain the ass... What happens when wifi drops or something and you need to reauth.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.