We have PF 5.7.0 running with OpenWRT 15.05 hostapd switches configured.
Our objective is to have users register or pre-register with an email
address, and then have access in combination with a locally posted
pre-shared key. This meets our requirement of allowing free access to any
local members and disallowing any non-members that happen to be able to get
signal in the boundary of the service area. We are not positive if this
can be done with Packetfence but believe it can.
We would like some help to figure out the pre-shared key part; Details
follow; any help appreciated.
cheers,
Ian
Dynamic VLAN switching and email registration are working with the default
captive portal profile. Users are redirected after the dynamic VLAN change
and have access. We learned a lot along the way.
The next step is to add the concept of a pre-shared key. This allows us
to limit access to only people that can see the posted 'pre-shared key'
Some ideas we have, that we would like some help with how to start are:
1) Somehow change the registration process to actually call a script that
creates a new user in an LDAP directory/flat file or other place that can
be used as an internal source with the login page/ We could hard code
everyone's cleartext password to the the pre-shared key - either in the
source itself, or using a radius filter of some kind. On the login page
after registration, they could use their email+preshared key to gain
access.
2) Somehow trick packetfence and hostapd into working like they are doing
wpa2 for dynamic VLANs but in fact set a psk2 shared key on the SSID. In
this model we use secure SSIDs and packetfence only needs to verify the
email and let the AP handle the pre-shared key. We tried this and the
radius stuff just stops working altogether once hostapd is configured for
psk2, so we are not optimistic that we can use PSK2 with the captive portal
and radius dynamic vlans.
In both cases the guest access would be time limited or restrictive, as
outlined in the registration email so that the user would know to use the
login page with pre-shared key when they return.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
