Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to configure FeeRadius MD5-password WPA-Enterprise

    Wireless
    2
    9
    2927
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kfkehua last edited by

      Hi all, maybe this is a noob question:
      I setup my Unifi APs to authenticate with FreeRadius that I installed in PFsense box.
      I got them to work but only with Clear-text password.
      As soon as I switch to MD5-Password it won't authenticate.

      What do I need to do?
      FYI: Using PFsense 2.3

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        if your going to take the time to setup freeradius and wpa enterprise why not just go with eap-tls?  Do you not want to install certs on your devices?

        I am currently traveling, but when I get home this weekend I will play with using md5, I currently use eap-tls.

        1 Reply Last reply Reply Quote 0
        • K
          kfkehua last edited by

          We used to simply use WEP with shared key, but now there's a requirement to have individual logins so we implemented Radius.
          I don't think we need TLS, don't need to be that fancy. It's just the clear-text password makes me a bit unease. Putting the MD5 in place will give us better peace of mind.
          I wonder if there's anything specific on the Unifi APs that you need to set.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            What eap are you using.. Are you confusing that the password is stored in clear text??  Vs storing the password with a hash method?

            So your using the freeradius users vs user manager in pfsense?  All of my users are in pfsense user manager, not in freeradius.

            1 Reply Last reply Reply Quote 0
            • K
              kfkehua last edited by

              1. I am using WPA-EAP-Enterprise
              2. yes, I want to store the password in Hash
              3. Yes, I am using the Freeradius user manager to define my users.

              is this approach wrong? Now I'm even more confused how you have your users stored in pfsense manager.

              if you can help me understand what that "clear-text" implies? Besides that the password is stored in clear text, does it also imply that between the access points and the Radius server the password exchange is sent in clear text?

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                I don't have any users stored in user manager, my bad on that - I just have certs created for the users in ca manager since I use eap-tls.

                What eap are you using.. You do understand only some eap support the md5 stored passwords.

                If I recall only PAP and eap-gtc work with md5 hashed passwords.  Your password is not being sent in clear, its just stored on pfsense in clear.

                edit: here you go this might help
                http://deployingradius.com/documents/protocols/compatibility.html

                Its not really that big deal stored clear

                1 Reply Last reply Reply Quote 0
                • K
                  kfkehua last edited by

                  OK, as long as the pw is not sent in clear during any part of the auth process that is fine. I was just worried that between the Access Points and the Radius server it's doing clear text.

                  Now, If I try to connect the pop up shows these:
                  Wi-fi security: WPA2 Enterprise
                  Authentication: Tunneled TLS
                  Cert Required: no
                  Inner authentication: MSCHAPv2

                  Now, what does that tell you? what is "inner authentication" vs "authentication", what is it referring to?

                  thanks.

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    Tells me your auth is sent inside a tunnel which is encrypted.  And tells me your using mschapv2 to send your info, which is not in clear..  But is quite old

                    https://en.wikipedia.org/wiki/MS-CHAP

                    1 Reply Last reply Reply Quote 0
                    • K
                      kfkehua last edited by

                      Thank you.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense Plus
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy