Questions tagged [freeradius]
12 questions
17
votes
1 answer
How can Freeradius detect if the password provided is right when only the salted hash is stored in the database without the salt
I am discovering both Freeradius and the password hashing mechanism. I built a database (in MySQL) to store the passwords of some users. I have a user with the password in clear text, another one hashed in SHA256 without salt and the last one hashed…
molik
- 173
- 1
- 6
1
vote
1 answer
How to protect against MAC spoofing in WiFi network?
I have this scenario:
I want to create a WiFi network for a hotel that the customers should pay to gain access to the internet.
I tried Captive portal, but captive portal is very vulnerable against MAC spoofing.
So I tried wpa2-enterprise without…
Amir Sabeghi
- 11
- 1
1
vote
1 answer
Freeradius eap-tls - unknown CA
I'm trying to setup an EAP-TLS with latest Freeradius on Debian Buster
Used the Freeradius to make certificates
But keep running into "unknown CA" error :
(4) Found Auth-Type = eap
(4) # Executing group from file…
azurtem
- 21
- 1
- 5
1
vote
1 answer
OpenVPN using google authenticator
I'm a little new to OpenVPN. I'm trying to get google authenticator to work with OpenVPN but I'm having a little trouble. Currently I'm tring to setup a radius server to run the authentication then have the radius server use google authenticator as…
Anthony Fortner
- 31
- 1
- 2
1
vote
1 answer
Security concerns of RADIUS based server/workstation auth
So I'm using WPA2-EAP for a few years now with FreeRadius server. And it's pretty okay, I mean I don't really consider wifi access to be so super-duper critical break in success because it's pretty restricted anyways on other levels so I accepted…
Lapsio
- 217
- 1
- 9
1
vote
2 answers
What can I do with a radius shared secret?
During an authorized pentest, I found several radius servers and a /etc/raddb/server file that stores shared secret, e.g
10.10.10.10 123456 15
Now what could one do with this "shared secret", perhaps dump the database?
From what I know, this…
daisy
- 1,735
- 3
- 25
- 39
0
votes
0 answers
FreeRadius and Apache Mutual authentication
I set EAP-TLS on my FreeRadius server, and i want to try the certificate-based authentication for a testing. I set up an Apache as a webservice and enabled ssl on it. I could redirect the basic username-password authentication to the radius server,…
zsomborv
- 21
- 1
0
votes
1 answer
Are there other types of NT Password (NTLM Hash) besides raw MD4?
According to the freeradius document https://freeradius.org/radiusd/man/rlm_pap.txt I can use NT-Password as the type of storing user's password. However, I have only found the type of generating raw MD4 as NTLM Hash. As I need to use MSCHAPv2, I…
Steven Yang
- 101
0
votes
0 answers
Unable to decrypt password protected certificates with Freeradius or from GUI
I am trying to use Freeradius 3.0 for authentication with certificates. To generate the CA, Server and Client certificate, make is available, reading a specific configuration file for each certificates (more information about it here).
The generated…
molik
- 173
- 1
- 6
0
votes
1 answer
How are RADIUS packets encrypted?
This seems like an obvious question, but I can't easily find a clear answer.
I'm setting up a FreeRADIUS server on my LAN just for curiosity's sake, but I want to know if the packets are encrypted at all by default, and, if so, how?
I know requests…
Tim Morris
- 103
- 1
- 3
0
votes
0 answers
EAP-TLS : implementation and testing of a communication between two processes
I'm trying to make a simple EAP-TLS communication between two processes and capture it with Wireshark. Is there any library that can be used? (like mbedtls in the TLS case).
I have found a lot of TLS examples in c programming language, but nothing…
Sophia M
- 1
- 1
0
votes
1 answer
Break into WPA2-Enterprise RADIUS wifi network by stealing credentials
I need to ensure that no un-authorized DEVICE gains access to a wireless LAN network.
Notice I said, "device". This means that I need to ensure that only authorized personnel can join the LAN and also that they can't use a non-authorized device.
A…
user162881
- 7
- 3