FreeRADIUS3 OTP and WiFi

  • Hello,

    I am using RADIUS for my WiFi network. It works fine with a username and password. EAP-PEAP with MSCHAPv2 works fine with my phones (iPhone, Android), tablets (iPad, Android) and my laptop (Debian GNU/Linux).

    I did notice OTP. Is it possible to use OTP with WiFI?

    Maybe this question is a bit odd, as the password keeps changing. I did test EAP-PEAP MSCHAPv2 and GTC to see if my phone authenticates once - just as a test - but it fails.

    GTC results in "EAP sub-module failed" and MSCHAPv2 results in "No NT/LM-Password".

    Any ideas if this is feasible? Or if something similar works better? Thanks.

  • LAYER 8 Global Moderator

    So why would you want to make your life so difficult? Who are the clients to access said wireless network?

    Why not just lock down who can access with eap-tls? Ie use a cert..

  • I'm just curious if something like this is possible. But I think you are right :-)

  • LAYER 8 Global Moderator

    Just because freerad supports such a thing - why would you think connecting to wifi network would.. Does your AP support such a model? With OTP to auth to the wifi network?

  • @johnpoz I just added my Ruckus R500 under "NAS / Clients" using a client shared secret and configured a test network on my access point.

    Authentication of the WiFi users is done by FreeRADIUS based on a username and password. It's just out of curiosity to see if OTP would work instead of a password.

  • LAYER 8 Global Moderator

    I guess it could replace the password with the otp... But that would really be such a pain the ass... What happens when wifi drops or something and you need to reauth.

Log in to reply