Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Freeradius with WPA Enterprise and Personal

    Wireless
    3
    3
    329
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      markds last edited by

      Hi,

      I am using the FreeRadius package to provide authentication for WPA2 Enterprise SSID and also on a WPA2 Personal SSID to dynamically assign vlans based on mac addresses. The WPA2 Personal SSID is to provide connectivity for devices that do not support WPA2 Enterprise (with a reduced access).

      However, I notice when logging into the WPA2 Enterprise SSID, I can authenticate using valid mac address as the username and password, which obviously is a major security concern.

      Is there a way to limit the inclusion of a file (ie users / macs) based on the NAS connection? The thought was to configure the APs (UniFi) to use different Radius NAS credentials for the different use cases and hopefully avoid the problem.

      Many thanks.

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        So by 'valid mac address' you mean one that's registered for WPA2 Ent?

        I would not expect that to be able to be used as a username or password. Probably going to need to see more if we are going to try to replicate.

        Steve

        1 Reply Last reply Reply Quote 0
        • NogBadTheBad
          NogBadTheBad last edited by

          https://forum.netgate.com/topic/170795/freeradius-mac-addresses-treated-as-users?_=1647358224113

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • First post
            Last post