Collaborate Disseminate
I am building a small network virtualization using VirtualBox, with the goal of testing and implementing various security concepts. The network includes a pfSense VM acting as the router, three Ubuntu Desktop users, and two Ubuntu Server &… Continue reading Implement continuous authentication of users within an internal network using FreeRADIUS in pfsense
I am building a small network virtualization using VirtualBox, with the goal of testing and implementing various security concepts. The network includes a pfSense VM acting as the router, three Ubuntu Desktop users, and two Ubuntu Server &… Continue reading Implement continuous authentication of users within an internal network using FreeRADIUS in pfsense
A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. While the vulnerability can be difficult to exploit, the possible impact of an exploit is subst… Continue reading Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack
I’m setting up RADIUS server using FreeRADIUS and self-signed certificate. Tested using eapol_test and successfully logged in. But when I’m trying to add a PC running Ubuntu 22.04 LTS to the network, it failed to pass EAP-TLS authenticate…. Continue reading Ubuntu 22.04 LTS: EAP-TLS not working [migrated]
I am using freeradius to test EAP-TLS. Authorization only succeeds if I specify an identity. It doesn’t even have to match any fields in the client certificate. Why is that required if I have a cert and private key? I know the EAP protocol… Continue reading EAP TLS identity requriements
While WPA2-PSK and WPA3-SAE are really secure once a connection has been established, my understanding is that if you have access to the Wi-Fi password you can impersonate the AP without any problems. I’m starting to add more and more IoT … Continue reading WPA(2/3)-PSK-compatible per-device Wi-Fi passwords to prevent AP MITM on IoT networks
I set EAP-TLS on my FreeRadius server, and i want to try the certificate-based authentication for a testing. I set up an Apache as a webservice and enabled ssl on it. I could redirect the basic username-password authentication to the radiu… Continue reading FreeRadius and Apache Mutual authentication
According to the freeradius document https://freeradius.org/radiusd/man/rlm_pap.txt I can use NT-Password as the type of storing user’s password. However, I have only found the type of generating raw MD4 as NTLM Hash. As I need to use MSCH… Continue reading Are there other types of NT Password (NTLM Hash) besides raw MD4?
According to the freeradius document https://freeradius.org/radiusd/man/rlm_pap.txt I can use NT-Password as the type of storing user’s password. However, I have only found the type of generating raw MD4 as NTLM Hash. As I need to use MSCH… Continue reading Are there other types of NT Password (NTLM Hash) besides raw MD4?
I recently set up a freeradius server and would like to change the user password that is presently in cleartext to encrypted in the /etc/freeradius/3.0/users file.
This is what it looks like on the server.
When I authenticate on the serve… Continue reading How to encrypt user password in Freeradius [migrated]