Is there a way to provide user-specific passwords for Wi-Fi?

wifi router password-management

What you need is WPA-2 Enterprise, combined with a RADIUS server for authenticating users.

If you have an existing Active Directory infrastructure, then you can use the Network Policy Server role in Windows to do the authentication and allow users to log on with their AD username/password.


Another possible solution is to set up multiple SSIDs and provide separate passwords for each one. It's not as elegant as having multiple passwords for the same SSID, but it would accomplish the same thing and would be easy to manage if your router supports multiple SSIDs.

One such router is Asus' RT line of consumer-level dual-band routers (I have the RT-AC66U) which supports up to three "Guest SSIDs" per band in addition to the main SSIDs. Each can have its own authentication and access policies. This even allows you to track usage time for each guest SSID.

Because most people aren't able to access the 5GHz band just yet, you would likely need 2 of these routers to provide enough 2.4GHz access points to do what you want for 7 people, but these routers can easily be configured as "AP-Only" mode so you can chain them together.

Alternate firmware may be able to handle more SSIDs, although I can't confirm that at the moment.


I would answer your question with another question...what do you hope to gain by having each user connect using a different password? The exercise seems somewhat pointless to me unless you're also hoping to attach some sort of network policies to the different credentials that you didn't mention in your original question.

Other respondents are correct, WPA-Enterprise coupled with a RADIUS server would be the proper way to accomplish this, but that is probably out of scope for what you are trying to accomplish.

If your desire to use different usernames is to be able to control access for different users without affecting other users, you might be able to use MAC address filtering instead. MAC filtering is by no means foolproof, but it would have the added benefit of preventing password sharing amongst users.

Another option is to move all of this out of the WiFi scope and further into the network. You could consider using a single WiFi password and using a captive portal upstream in the network to perform a second level of authentication. This could be accomplished with something like m0n0wall (http://m0n0.ch/wall/) relatively easily.

Related

Postgres: Non zero exit code when executing a sql file?
Docker pull: TLS handshake timeout
telnet counterpart for UDP
How to manage DNS in NetworkManager via console (nmcli)?
How do you test your porn filter
Passing default answers to apt-get package install questions?
What kind of network attack turns a switch into a hub?
Copy a file's owner permissions to group permissions
How do you Install PHP5 without installing Apache in ubuntu?
How do I disable root login in Ubuntu?
How to find and fix fragmented MySQL tables
How can I do a dump of only the table structure in PostgreSQL?