Freeradius vs Security

Sebastian Hagedorn Hagedorn at
Tue Apr 2 15:48:13 CEST 2019


our solution is to "force" our users to use an installer for their 
settings. There is a free version of this kind of installer available here:


This installer installs the root certificate in the certificate chain and 
configures the client so that it actually checks the validity of the 
certificate the RADIUS server presents – especially Android devices don't 
usually do that.

--On 2. April 2019 um 10:32:17 -0300 Andre Forigato <andre.forigato at> 

> I need to share information about the safety of Eduroam.
> If a hacker installs an access point with the name of Eduroam, and this
> access point points to a Freeradius server, it is possible that the
> malicious person sees all the logins and passwords in the Freeradius logs.
> How to avoid this situation? Should user institutions force their
> students to use personal certificates? (certificate issued by the
> institution itself to its students)
> Reaffirming that the idea here is how to make users of university
> institutions not fall into the trap of malicious people. Anyone can set
> up an access point pointing to a fake freeradius server. And these
> malicious people can get the username and password from all the devices
> that connect to the Eduroam access point.
> How can we solve this problem?

    .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                 .:.Regionales Rechenzentrum (RRZK).:.
   .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.

More information about the Freeradius-Users mailing list