Free Radius setup help
Since the internal Radius server on the latest controller won't work with Android, I have been trying to get Free Radius up and running.
Currently, I can authenticate if I use cleartext passwords, but that is not acceptable.
If I use md5, then it will no longer work from my Omada system, however, it will work if I use radtest. Even if I use radtest remotely.
Would ANYONE who has experience with FreeRadius setup be wiling to help me with this? I have googled a ton, but really haven't found any answers on this.
Thanks!
PS: I am happy to provide whatever details are needed, but I don't want to put 97 million lines of logs/config files if I don't need to.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I figured out a workable solution. It appears that I can us ntlm 'out of the box'. So instead of MD5-Password:= "some md5 hash" I am using NT-Password:= "Some NTLM hash".
I am using a website the NTLM hashes (once again, I can't post links, but a Google search will get you any number of sites to generate the hashes for you!). it appears to be working now. Although I have to confirm that on-site.
My plan is to have my users generate the hashes and send those to me directly. Then I will create their user accounts in the Freeradius user file. That way I don't know their password.
- Copy Link
- Report Inappropriate Content
I haven't tried that, but I still hope these tplink articles can give you a inspiration:
API and Code Sample for RADIUS Server with External Web Portal
Configuration Guide on EAP-TLS authentication for WPA-Enterprise (with FreeRADIUS)
- Copy Link
- Report Inappropriate Content
Thanks, but neither of those links help. The first one is regarding the API which I am not using, and the other one requires certificates to be installed on the end user's devices, which I don't want.
I am just simply looking to have the users log in with a username and password that is unique to them. I just want the passwords to be a md5 hash since I don't want to have access to whatever password they use.
- Copy Link
- Report Inappropriate Content
I figured out a workable solution. It appears that I can us ntlm 'out of the box'. So instead of MD5-Password:= "some md5 hash" I am using NT-Password:= "Some NTLM hash".
I am using a website the NTLM hashes (once again, I can't post links, but a Google search will get you any number of sites to generate the hashes for you!). it appears to be working now. Although I have to confirm that on-site.
My plan is to have my users generate the hashes and send those to me directly. Then I will create their user accounts in the Freeradius user file. That way I don't know their password.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 259
Replies: 3
Voters 0
No one has voted for it yet.