Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Freeradius with WPA Enterprise and Personal

    Scheduled Pinned Locked Moved Wireless
    3 Posts 3 Posters 761 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      markds
      last edited by

      Hi,

      I am using the FreeRadius package to provide authentication for WPA2 Enterprise SSID and also on a WPA2 Personal SSID to dynamically assign vlans based on mac addresses. The WPA2 Personal SSID is to provide connectivity for devices that do not support WPA2 Enterprise (with a reduced access).

      However, I notice when logging into the WPA2 Enterprise SSID, I can authenticate using valid mac address as the username and password, which obviously is a major security concern.

      Is there a way to limit the inclusion of a file (ie users / macs) based on the NAS connection? The thought was to configure the APs (UniFi) to use different Radius NAS credentials for the different use cases and hopefully avoid the problem.

      Many thanks.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        So by 'valid mac address' you mean one that's registered for WPA2 Ent?

        I would not expect that to be able to be used as a username or password. Probably going to need to see more if we are going to try to replicate.

        Steve

        1 Reply Last reply Reply Quote 0
        • NogBadTheBadN
          NogBadTheBad
          last edited by

          https://forum.netgate.com/topic/170795/freeradius-mac-addresses-treated-as-users?_=1647358224113

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.