On Jan 7, 2018 10:04 AM, "Victor Sudakov" <v...@mpeks.tomsk.su> wrote:
Freddie Cash wrote: > > > > I'm trying to setup a quasi-enterprise WiFi network for mobile > > devices. This will be a solution for a public library with the only > > requirement that guest users should get personal credentials for WiFi > > access from a librarian (not a shared PSK for everyone). > > You don't *need* RADIUS for this, although it may make some things easier > in some setups. > > All you need is a separate vlan for the "guest" wireless clients to connect > to, at the default gateway for that vlan to the FreeBSD machine, and use > firewall rules to redirect all "new" devices to a local Apache setup (new > meaning you don't know the MAC address). > > In Apache, you use mod_rewrite rules to change the requested URL to a local > webpage where you display your rules and whatnot, along with the login What you are suggesting is essentially a hand-made captive portal. I would be grateful for your mod_rewrite rules, but this will be a last resort. AFAIK there are implementations of a captive portal in M0n0wall and pfSense. I've also seen howtos like https://www.unixmen.com/ freebsd-10-1-x64-wifi-captive-portal/ But if I can, I'd try a pure WiFi solution first, of course if it exists. Ah, ok, now I see what you mean by "quasi-enterprise WiFi). You are looking for a way to create an encrypted wireless connection where a username/password combo is used instead of a PSK, using something like (but not as heavy as) 802.1x. Can't help with that. We stayed down the 802.1x path, had a working RADIUS setup, but balked at all the setup that would be required on the end-user devices and abandoned it. There may be a way to do it automatically nowadays, without requiring client certs and 802.1x clients, but we haven't looked into it in over 5 years. Good luck. Hopefully someone else has more insight. :D Cheers, Freddie _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
