Reliably identify guest users/clients

Alan DeKok aland at
Wed Jul 4 21:47:22 CEST 2018

On Jul 3, 2018, at 4:56 PM, Nico Thomas <nico.thomas at> wrote:
> Maybe I was too unspecific. The guest network operator/host is notified when a guest signs in. The first Access-Request is denied and the module waits for feedback from the host in the background. On subsequent access requests, the guest is either accepted or denied depending on the feedback.

  Waiting for feedback is probably not a good idea.  It's likely better to query the backend, and then immediately return "reject".

> As I wanted to make joining for guests as simple as possible, I was looking for ways to avoid passwords (unfortunately, key-based authentication is not an option, as additional client set-up would be necessary).
> I hoped to find some attributes which are hard to spoof, but already suspected that passwords would be the only reliable way to identify users...
> So I'll think about a solution involving per-user passwords.

  That's really the only solution.

  Alan DeKok.

More information about the Freeradius-Users mailing list