wpa_psk_radius info...

Jouni Malinen j at w1.fi
Fri Oct 15 13:51:30 PDT 2021

On Tue, Oct 12, 2021 at 05:34:45PM +0200, Marco Gaiarin wrote:
> For my home i need to setup two AP, using LEDE/OpenWRT, but i want to use
> different WPA_PSK for different MAC address, but possibly using one central
> configuration repository.
> Clearly, i can 'rsync' the 'wpa_psk' file between the AP, but it is really
> and hack.
> I've read of 'wpa_psk_radius', that seems the thing i need, but i'm not able
> to find and example on how configure RADIUS server.

That depends on which RADIUS server you are thinking of using here. The
passphrase is provided in a Tunnel-Password attribute (as defined in RFC
2868). The only example within hostap.git is in an automated test case
for this functionality where a python script using pyrad implements a
minimal RADIUS authentication server for this: build_tunnel_password()
function at
but that is unlikely to be of much help or a more likely deployment
options with a complete RADIUS server implementation. I'd recommend
searching for Tunnel-Password in the documentation of whichever RADIUS
server you are using.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list