Best way to prevent people using my wifi with shared password?

bahtsiz_bedevi · April 9, 2025, 11:17pm

I have less than 20 clients on my network, and they frequently share the wifi password with their friends, which I don't want. What are my options?

So far I tried

FreeRADIUS with Simultaneous-Use:= "1" : I can't get it to work
Captive Portal: OpenWrt Setup on raspberrypi 4B using as a router for OpenNDS captive portal - #14 by bahtsiz_bedevi
(I'm using now) Whitelisted MAC filter: Clients with dynamic MAC address is a problem

Dante · April 9, 2025, 11:28pm

Kick people out? Or:

And then kick people out who misbehave.

bahtsiz_bedevi · April 9, 2025, 11:30pm

Unfortunately it does not limit the concurrent use of a psk key. Multiple devices can use wifi with the same psk key,

Dante · April 9, 2025, 11:33pm

You can limit by MAC, and ask people to set a static MAC, or not let them in. Or:

Is there a reason why you're letting people abuse your network and then making it your problem and not their?

bahtsiz_bedevi · April 10, 2025, 12:03am

I don't know why some people on this forum keep posting suggestions with no knowledge. Is it for the user badges?

The problems with your suggestion:

There's no way to know which client(s) is sharing the password
Probably you'll suggest wpa_psk_file option again for unique password for each client. Hint: hostapd doesn't reveal the psk key client used

lleachii · April 10, 2025, 12:09am

Before you bash the poster (again), please realize you just added this requirement.

psherman · April 10, 2025, 12:10am

You can use 802.1x authentication. This means using a radius server and deploying credentials on a per-device basis, but should meet your needs to prevent sharing.

lleachii · April 10, 2025, 12:11am

He said that part.

bahtsiz_bedevi · April 10, 2025, 12:11am

He said kick the client who is sharing the password

lleachii · April 10, 2025, 12:15am

While a good idea, I agree it was quite an obtuse solution to your problem given your list of examples. Albeit, you proved little context as to why your use case requires you to admit people to your network, who subsequently compromise it.

Best wishes with getting RADIUS fixed.

psherman · April 10, 2025, 12:17am

Right. But despite the “can’t get it to work” statement from earlier, this is the way to achieve the goal, so working to resolve the problem(s) the op experienced would be the best path.

bahtsiz_bedevi · April 10, 2025, 12:18am

Yeah, it seems the best way. I just wanted know the alternatives. Thanks

iamyangyi · April 10, 2025, 1:55am

The simplest way is to write a script to restart when idle. Each time you restart, the MAC or the end of the SSID will be a random number. The shared WIFI is determined by the consistency of these two values to determine whether it is the same WIFI signal.

sfx2000 · April 10, 2025, 2:03am

Outside of the technical issues - I'm curious about the use case...

Most folks make assumptions, but I'm open to what you're trying to do here...

system · April 20, 2025, 2:04am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.