Manage client in LDAP...

Marco Gaiarin gaio at
Sun Oct 10 18:15:09 CEST 2021

I'm not an expert on freeradius, but at work i manage successfully a setup
with freeradius binded to an AD domain, successfully autheticate wireless
clients with MSCHAPv2.

At home i need to extend my wireless coverage (for now, i use an hostapd and
a wireless interface in my server), and so i've thinked about using LDAP as
a source for auth data, using as AP some OpenWRT/LEDE routers.
Yes, i can use WPA/WPA2 personal, but i want to experiment and continue to
assign different credential for different MAC addess. ;)

I've found the basic setup info on:

and some other info on how add clients to the LDAP on:

Also i've found some forum/blog pages around, but all seems to be about
freeradius 2, and does not provide clues on why (at least to me).

For example, i suppose i have to use WPA2-Enterprise with EAP-TTLS, but i've
not found a place that clarify if the password in LDAP have to be 'in
clear', or hashed, and how hashed.

Someone have some info, or a good link? Thanks.

  There are only 10 kinds of people in the world --
  Those who understand binary, and those who don't.	(Roberto Maglica)

More information about the Freeradius-Users mailing list