Freeradius with WPA Enterprise and Personal

markds

Hi,

I am using the FreeRadius package to provide authentication for WPA2 Enterprise SSID and also on a WPA2 Personal SSID to dynamically assign vlans based on mac addresses. The WPA2 Personal SSID is to provide connectivity for devices that do not support WPA2 Enterprise (with a reduced access).

However, I notice when logging into the WPA2 Enterprise SSID, I can authenticate using valid mac address as the username and password, which obviously is a major security concern.

Is there a way to limit the inclusion of a file (ie users / macs) based on the NAS connection? The thought was to configure the APs (UniFi) to use different Radius NAS credentials for the different use cases and hopefully avoid the problem.

Many thanks.

stephenw10

So by 'valid mac address' you mean one that's registered for WPA2 Ent?

I would not expect that to be able to be used as a username or password. Probably going to need to see more if we are going to try to replicate.

Steve

NogBadTheBad

https://forum.netgate.com/topic/170795/freeradius-mac-addresses-treated-as-users?_=1647358224113