Community discussions

MikroTik App
 
socios
just joined
Topic Author
Posts: 3
Joined: Fri Oct 01, 2021 11:23 am

hotspot with radius

Fri Nov 11, 2022 2:12 pm

Hi,

I'm trying to set up hotspot on mikrotik but it should use freeradius server for authentication. Is it possible to do so without user manager?

I can't use CHAP because of backend so I assumed if I configure hotspot login with HTTP PAP and put a check mark on the "Use radius" option it will forward user and password in radius packet to the radius server. But when I do it like this my radius server doesn't recognize the request as PAP so it doesn't respond.

Also if this is possible how secure is it? If I use HTTPS option on hotspot config I assume the communication between user browser and mikrotik is safe. But after that the radius request from mikrotik to freeradius is plaintext I assume?

I had working wifi deployment with eap-ttls but some requirements changed so I have to use hotspot now and trying to find a way to reconfigure freeradius, get wanted functionality and keep the communication safe end to end
 
binooetomo
just joined
Posts: 17
Joined: Sat Nov 12, 2016 7:08 am

Re: hotspot with radius

Sat Mar 11, 2023 10:07 am

Hi,

I'm trying to set up hotspot on mikrotik but it should use freeradius server for authentication. Is it possible to do so without user manager?
Yes yo can

I can't use CHAP because of backend so I assumed if I configure hotspot login with HTTP PAP and put a check mark on the "Use radius" option it will forward user and password in radius packet to the radius server. But when I do it like this my radius server doesn't recognize the request as PAP so it doesn't respond.
We need to see your Freeradius server configuration

Also if this is possible how secure is it? If I use HTTPS option on hotspot config I assume the communication between user browser and mikrotik is safe. But after that the radius request from mikrotik to freeradius is plaintext I assume?
I think it's encrypted using 'shared secret'
Better to find away to harden the line between radius-client to radius-server (i.e: use VPN between them)

-bino-

Who is online

Users browsing this forum: Azarath, Nullcaller and 22 guests