Freeradius, SQL, Certs and Newbie

Daniel Zirkin zirkin at hotmail.com
Wed Oct 2 04:21:18 CEST 2019


Good evening all.  Perhaps I'm going overboard... I have two WAP's covering 3.5 acres.  I'd rather not have neighbors/neer-do-wells accessing our network.  I've setup a separate network for outside secured with Freeradius.

I have Freeradius 3.0.19 up and running on Fedora 30.  I am using Mariadb for account information.  All is well.

I've come to realize that plaintext authentication even with WPA3/2ent isn't all that secure.  Also, I'm trying to get a few IOT devices to connect.  Phones and laptops all work well.

I though perhaps adding client certs into the mix would tighten things up.

I've created them and I think configured things correctly.

eapol_test -a127.0.0.1 -p1812 -s ******* -c /root/Documents/eapol_test-eaptls.conf

gives me;

MPPE keys OK: 1  mismatch: 0
SUCCESS

So now I can connect with certs or with a plaintext user/pass from sql.  I can't seem to get it to require a cert then check the database for account info.

What am I missing?

Thanks



More information about the Freeradius-Users mailing list