FreeRADIUS – WindowsTechs.com

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

Posted on July 9, 2024 by Help Net Security

A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. While the vulnerability can be difficult to exploit, the possible impact of an exploit is subst… Continue reading Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack→

Ubuntu 22.04 LTS: EAP-TLS not working [migrated]

Posted on September 19, 2023 by RichardLiu

I’m setting up RADIUS server using FreeRADIUS and self-signed certificate. Tested using eapol_test and successfully logged in. But when I’m trying to add a PC running Ubuntu 22.04 LTS to the network, it failed to pass EAP-TLS authenticate…. Continue reading Ubuntu 22.04 LTS: EAP-TLS not working [migrated]→

EAP TLS identity requriements

Posted on May 5, 2023 by shortshrift

I am using freeradius to test EAP-TLS. Authorization only succeeds if I specify an identity. It doesn’t even have to match any fields in the client certificate. Why is that required if I have a cert and private key? I know the EAP protocol… Continue reading EAP TLS identity requriements→

WPA(2/3)-PSK-compatible per-device Wi-Fi passwords to prevent AP MITM on IoT networks

Posted on November 20, 2022 by Facundo

While WPA2-PSK and WPA3-SAE are really secure once a connection has been established, my understanding is that if you have access to the Wi-Fi password you can impersonate the AP without any problems. I’m starting to add more and more IoT … Continue reading WPA(2/3)-PSK-compatible per-device Wi-Fi passwords to prevent AP MITM on IoT networks→

FreeRadius and Apache Mutual authentication

Posted on February 7, 2022 by zsomborv

I set EAP-TLS on my FreeRadius server, and i want to try the certificate-based authentication for a testing. I set up an Apache as a webservice and enabled ssl on it. I could redirect the basic username-password authentication to the radiu… Continue reading FreeRadius and Apache Mutual authentication→

Are there other types of NT Password (NTLM Hash) besides raw MD4?

Posted on September 30, 2021 by Steven Yang

According to the freeradius document https://freeradius.org/radiusd/man/rlm_pap.txt I can use NT-Password as the type of storing user’s password. However, I have only found the type of generating raw MD4 as NTLM Hash. As I need to use MSCH… Continue reading Are there other types of NT Password (NTLM Hash) besides raw MD4?→

Are there other types of NT Password (NTLM Hash) besides raw MD4?

Posted on September 30, 2021 by Steven Yang

How to encrypt user password in Freeradius [migrated]

Posted on September 20, 2021 by wallacex

I recently set up a freeradius server and would like to change the user password that is presently in cleartext to encrypted in the /etc/freeradius/3.0/users file.
This is what it looks like on the server.

When I authenticate on the serve… Continue reading How to encrypt user password in Freeradius [migrated]→

Unable to decrypt password protected certificates with Freeradius or from GUI

Posted on June 7, 2021 by molik

I am trying to use Freeradius 3.0 for authentication with certificates. To generate the CA, Server and Client certificate, make is available, reading a specific configuration file for each certificates (more information about it here).
The… Continue reading Unable to decrypt password protected certificates with Freeradius or from GUI→

How can Freeradius detect if the password provided is right when only the salted hash is stored in the database without the salt

Posted on May 4, 2021 by molik

I am discovering both Freeradius and the password hashing mechanism. I built a database (in MySQL) to store the passwords of some users. I have a user with the password in clear text, another one hashed in SHA256 without salt and the last … Continue reading How can Freeradius detect if the password provided is right when only the salted hash is stored in the database without the salt→