Re: What is a good wireless solution for a small restaurant.
Be careful with the low-end AP's like Linksys, I pretty sure they don't support RADIUS.
Ken Connell
Intermediate Network Engineer
Computer & Communication Services
Ryerson University
350 Victoria St
RM AB50
Toronto, Ont
M5B 2K3
416-979-5000 x6709
- Original Message -
From: Guy Fraser <[EMAIL PROTECTED]>
Date: Thursday, December 11, 2003 5:49 pm
Subject: What is a good wireless solution for a small restaurant.
> Since many of the people on this list talk about wireless systems,
> I
> thought I could ask for some assistance.
>
> I have a customer with a chain of small restaurants, that want to
> provide wireless connections for his customers.
>
> I am looking for an inexpensive secure solution.
>
> I have heard people talking about 'walled gardens', and that may
> be the
> way to go.
>
> I have been asked about the d-link and linksys wireless routers,
> but
> have no experience with them. To date I have only had experience
> with
> long haul wireless, campus wireless and wired solutions.
>
> I don't have a firm direction from the customer yet, but there
> will be
> dozens of restaurants that will need to be hooked up.
>
> I am guessing that I could somehow use FreeRadius to provide
> centralized
> access controls.
>
> One of the prerequisites will likely be that there are NO moving
> parts
> {ie. no hard drives} on any of the devices and low power
> consumption {no
> large servers or monitors} in the restaurants. If required, the
> traffic
> could be backhauled to a centralized location over vpn's.
>
> I would appreciate any suggestions.
>
> --
> Guy Fraser
> Network Administrator
> The Internet Centre
> 780-450-6787 , 1-888-450-6787
>
> There is a fine line between genius and lunacy, fear not, walk the
> line with pride. Not all things will end up as you wanted, but you
> will certainly discover things the meek and timid will miss out on.
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to implement "walled garden" with freeRadius?
Open source captive portal http://nocat.net/ Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Rob Genovesi <[EMAIL PROTECTED]> Date: Wednesday, December 10, 2003 6:57 pm Subject: Re: How to implement "walled garden" with freeRadius? > Check out "Mikrotik" (www.mikrotik.com) -- a linux-based router > with > "Hotspot" functionality. > > I am using it to do this exact sort of thing. Mikrotik has a > built-in > radius client and it works flawlessly (so far) with FreeRadius on > the > backend. Users are redirected to a sign-in page and once they > sign in > firewall rules are updated to allow them access beyond the gateway. > > > -rob > > > At 10:46 AM 12/11/2003 +1100, you wrote: > >I am climbing a learning curve at the moment, and intend to > provide this > >sort of functionality. > > > >I am looking at setting up a regional wireless ISP. I am planning on > >allowing everyone to associate with the wireless APs. When they > open up a > >web browser and try to hit a page, I am going to use squid to > redirect>them to this "walled garden" page that provides limited > free content and > >instructions on how to subscribe to our services. > > > >Paid subscribers will then be able to login and access the > internet. I > >think there may be a few ways to achieve this, but I have been > testing it > >using PPPoe and a RADIUS server (freeradius). > > > >When they login, a PPP tunnel will be created and routed > correctly to the > >internet (with relevant access controls setup through squid). > > > >If anyone else has any ideas in respect to this sort of setup, I > would>welcome suggestions! > > > > > > > > > > Any recommendation on implementing "walled garden" > > > with freeRadius and cisco 1100 APs. The "walled > > > garden" allows wireless user to access some > > > pre-defined websites even BEFORE they login. > > > Has anyone done this before? The idea is to allow > > > user visit our sign-up website and download the > > > certificate (generated with OpenSSL). > > > After the user has installed the certificate, > > > freeRadius will autheticate the user with EAP-TLS and > > > the user can access any websites after that. > > > > > > Is there any other free software that supports the > > > "walled garden"? Any suggestions or URL refs are > > > appreciate. > > > Richard > > > > > > __ > > > Do you Yahoo!? > > > New Yahoo! Photos - easier uploading and sharing. > > > http://photos.yahoo.com/ > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > >- > >List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication process
There is an open-source project called NoCatAuth which is a box that acts like a "BlueSocket" appliance. It hi-jacks HTTP sessions and passes off the authentication to a radius box. I haven't yet tried the NoCatAuth soulution, but I had done the above with a BlueSocket box and a FreeRadius server. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: ZORBADELOS KONSTANTINOS <[EMAIL PROTECTED]> Date: Thursday, November 27, 2003 3:42 am Subject: Re: Authentication process > At Wed, 26 Nov 2003 11:55:30 -0800 (PST), > Mike Million wrote: > > > Hi, > I had a talk with a guy in my company that has experience setting up > wireless stuff as I do not have any experience on that (I have a bit > in the radius part). He told me that there are commercial solutions > that offer the functionality you request, that is direct a user to a > web page for AAA and engage a radius session. They are used in > wireless environments and intercept the traffic before the outgoing > router and enforce the policy you configure. Some solutions are > Cisco BBSM, Nomadix USG, Nokia PO22. > Without having any experience on that as I told you before, if I had > to do such a project I would also try to find out if the > functionality can be achieved using open source (free) software. We > already have the radius part. I have seen a relevant article in linux > journal > http://www.linuxjournal.com/article.php?sid=6897 > (Linux Makes Wi-Fi Happen in New York City) > > and also > http://www-106.ibm.com/developerworks/library/l-wap.html?ca=dnt-429 > (Building a wireless access point on Linux) > > I don't know if I helped at all but I also cc that to the list for > archiving purposes. > > > [1 ] > > hello! > > > > Thanks a bunch. > > > > Apart from web form & executing a CGI script, is there any way > around? The accounting will have to be from the radius client in > the NAS. > > > > This is the problem that I am trying to solve. > > When my users go to any of my location (hotel, cafe etc) I want > to authenticate them and also time them. They will be initially > served a login page. I know there are lots of people doing this > already, like the guys who set up hotspots. When I go to a > starbucks house, this T-mobile login page comes up which then > authenticates me. I am looking for pretty much the same > functionality. > > > > I deeply appreciate your tips. > > > > Thanks again > > Mike > > > > ZORBADELOS KONSTANTINOS <[EMAIL PROTECTED]> wrote: > > At Tue, 25 Nov 2003 20:18:30 -0800 (PST), > > Mike Million wrote: > > > > > > [1 ] > > > I am a novice here, so my question may sound pretty silly. > > > > > > I am trying to authenticate users through an Orinico AP-2500 > WAP using an username & a password. AP-2500 provides this "portal > page" feature where you can redirect the users to a webpage (in an > external webserver) for then to log-in. So, I once I have a > external form with the sufficient fields I want, how will i pass > that information (username, pass etc) to the radius server. I mean > what is the format that I use. Are there any client API's that I > can call. ? > > > > > > Any help would be appreciated. > > > > > > Sincerely, > > > Mike > > > > > > > > Your web form should generate a valid radius message > > (access-request). Now if this form sends the message directly to > the radius > > server your script will be the radius client and should > therefore be > > declared in clients.conf (the IP of your web server that is). What > > about the accounting? Is this sent by the NAS equipment? > > Now if you need to create a cgi script or something like that that > > generates radius messages you should look for Radius libraries > > (modules) for your language of choice. The format of the message is > > specified in the rfcs. > > > > > > > > > > > - > > > Do you Yahoo!? > > > Free Pop-Up Blocker - Get it now > > > [2 ] > > > > > == > > Kostas Zorbadelos > > Currently at: Otenet IT Department > > [EMAIL PROTECTED] > > > > Out there in the darkness, out there in the night > > out there in the starlight, one soul burns brighter > > than a thousand suns. > > > > > > - > > Do you Yahoo!? > > Free Pop-Up Blocker - Get it now > > [2 ] > > > == > Kostas Zorbadelos > Currently at: Otenet IT Department > [EMAIL PROTECTED] > > Out there in the darkness, out there in the night > out there in the starlight, one soul burns brighter > than a thousand suns. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can this be done & first time user
FOR MAC based auth only - Make sure the IP address of you AP's are in the clients.conf - edit the "users" file and add the MAC address of the clients as the user name. Thepassword is the "key" you set on your AP's. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Michael Shanafelt <[EMAIL PROTECTED]> Date: Wednesday, November 19, 2003 4:28 pm Subject: Can this be done & first time user > Hello everyone, > > I've never used FreeRadius before. I think I successfully > installed it > on RedHat and it seems to start up OK. I added my windows XP IP > addressin the clients file along with a key; added the same IP > address, short > name, and "portslave" as the type; and uncommented out the 3 lines in > the radiusd.conf file for password, shadow, and group. > > I'm using a utility on my XP box called NTRadPing Test Utility to > see if > the radius server responds. So far, I'm not getting any > responses, just > the "no response from server" error. > > This is my first time messing with a RADIUS server. Does anyone > see a > step that I missed? > > Also, the reason I'm doing this is to build a list of MAC > addresses that > are allowed to associate with our several wireless access points. > Rightnow, each one has a static list of valid MAC addresses, and > when we get > a new employee, we have to go to each one and enter the MAC address. > From what I read, a RADIUS server can be set up so that we can > centralize this list. Is this a correct assumption? > > Thanks very much, > Mike > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
