Change freeradius2 password weekly via script



  • I'd like to change our radius password for a user weekly, using a script. I really just need to rotate between a dozen or so passwords.

    Any suggestions?


  • Rebel Alliance Global Moderator

    curious on why?  Is the user sharing this password?  seems like a lot of logistics - are you just looking to confuse the users on what password they should use?

    What exactly does this get you other than user complaints that they can't log in and have to tell them what weeks password to use.  Is this a shared account for like guest access and you want to limit how long they have access for?  Maybe captive portal would be easier with vouchers?

    What sort of cat are you trying to skin and we can go over the best ways to do it ;)



  • It's a feeble attempt to prevent the account from being overused.

    Basically, the account is used for guest access, but the password leaks out (very quickly). Currently we manually change the password once per week, and the support staff are getting tired of doing that.

    This is used in a k-12 school, and while we already have bandwidth limits per user, the problem is that if 1000 students all have smartphones, eventually they'll all be logged in to the wireless all the time and the sum total of having all the background  facebook updates and app downloads and everything else uses quite a bit of bandwidth. At the same time, if they want to actually use the guest network, we don't want the bandwidth limit to be so low as to be useless.

    So the idea is we change the password weekly, I can't do much about teachers giving the password out, but I can at least try to prevent them from saturating the guest firewall over the long haul.


  • Rebel Alliance Global Moderator

    hmmm ok now that we know what breed of cat we have to skin ;)

    What about a captive portal that has a limited time for them to be active.  So while they need a password that you could still change now and then, it would also kick off user after say 1 hour or whatever time you think is appropriate and they would have to once again auth to the portal.

    This should lower the amount of background stuff going on.  So while the kids are checking their facebook pages actively they are fine.. But when they put the phone in their pocket after x amount of time it would be disconnected and internet wouldn't work until they again click through the portal.

    You could also setup voucher system and create vouchers to they can give out to kids that are good for say 1 hour of usage.  There is no way to hand out this password since its all vouchers.  Once your time expires on that voucher you need a new one ;)

    Just a couple of ideas off the top of my head vs having to script any sort of change of password that actually gives you more control.

    You could also prob get fancy with radius account and limiting amount of bandwidth - but that could get crazy with 1000's of students.



  • Hi,

    would also try it with Captive Portal and disallow simulatenous connections. So when someone give the password to someone else then they are kicking thmself off the network because only the least active connection will have access. So on the first days they will share their credentials but if there are 10 people sharing the same credentials they will not have any fun with that.