RE: Wireless MAC Authentications
http://www.mikrotik.com/docs/ros/2.8/guide/aaa.content Mikrotik Rules - I use it EVERYWHERE, for hotspots AND normal AP traffic... In your AP setup, you want to check ON RADIUS MAC Authentication under the security tab on the wireless card And, in your /radius, you can enable radius auth for wireless there too. R -Original Message- From: Chris Knipe [mailto:[EMAIL PROTECTED] Sent: Monday, February 21, 2005 4:40 PM To: freeradius-users@lists.freeradius.org Subject: Wireless MAC Authentications Hi, Before anyone jump and say this is related to your NAS, please just let me start by saying that while my nas (Mikrotik) does support Radius, it is badly documented. MAC Authentication is not documented at all. Is there anyone who managed to get MAC Authentication to work on Mikrotik, that can shed some light? Up to now, I have no idea what the check items are, and the reply items I managed to get out of Mikrotik are not inside any dictionary. The reply items I have been provided: # Wireless-Forward - not forward the client's frames back to the wireless infrastructure if this attribute is set to 0 (Wireless only) # Wireless-Skip-Dot1x - disable 802.1x authentication for the particulat wireless client if set to non-zero value (Wireless only) # Wireless-Enc-Algo - WEP encryption algorithm: 0 - no encryption, 1 - 40-bit WEP, 2 - 104-bit WEP (Wireless only) # Wireless-Enc-Key - WEP encruption key for the client (Wireless only) As I said, none of these are in any dictionary, these are the option names in the router's GUI. I hardly doubt whether these are the right reply attributes to begin with. Hope anyone can shed some light for me. -- Chris. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.1.0 - Release Date: 2/18/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.1.0 - Release Date: 2/18/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Prepaid (Scratchcard) Wi-Fi Hotspot with NoCat and FreeRadius
Or Mikrotik http://www.mikrotik.com Much better, well rounded routing package on the whole. -Original Message- From: Bartosz Jozwiak [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 8:06 AM To: [EMAIL PROTECTED] Subject: Re: Prepaid (Scratchcard) Wi-Fi Hotspot with NoCat and FreeRadius Hello list, I'm new to Radius in general, so please excuse me for this question which I'm sure is probably quite simple. I've spent ages looking through the archives and have been unable to find an answer to my question. I'm trying to set up a Wi-Fi hotspot that will use prepaid tickets (scratch-cards) using NoCatAuth 0.82 + RADIUS patch and FreeRadius 1.0.0-1 on Debian Linux i386. I have the hotspot part working fine, I am able to connect and can use a username and password combo in the /etc/freeradius/users file to authenticate and connect. The problem I'm having is with timeouts. I understand that Session-Timeout can be sent to the NAS (in this case NoCat) on acceptance, and the NAS is supposed to handle chucking the user off after the appropriate number of seconds. I also understand that the counter module is supposed to keep track of some predefined limit and send the appropriate Session-Timeout, decrementing the time remaining as time is used up. I have enabled the counter module, put it in instantiate, authorize and accounting (making sure it is after files in the authorize section), and set a Max-Daily-Session value in the users file. However, when I connect, the rlm_counter module just says We only run on Accounting-Stop packets, but as the user is never going to log out (he is meant to time out) this means the counter never gets run, and he can stay logged in indefinitely. Do I need a patch to rlm_counter, or do I need to modify the NAS (NoCat)? Could someone please help me with this? I know that I must just be missing some basic information on how Radius and NASes work, but I don't know what it is as I'm new to it all. Please excuse my ignorance! Thank you very much. There is a better solution that NoCat. Use FreeRadius + ChilliSpot ( www.chillispot.org ) Bartosz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: New Opensource project-AAAadmin
Yeah, dialupadmin needs some work, but it's good as it is, too. -Original Message- From: Kostas Kalevras [mailto:[EMAIL PROTECTED] Sent: Friday, July 23, 2004 8:46 AM To: [EMAIL PROTECTED] Subject: Re: New Opensource project-AAAadmin On Fri, 23 Jul 2004, Amit Gupta wrote: This solution will be avaible in perl and biferno too. Also more features that I will disclose soon. first let me know ur expectations. WIll you join me??? I really don't see any point in reinventing the wheel. Why not just add the extra features in dialupadmin instead of creating a new one? expectations: dialup_admin/doc/TODO Also see dialup_admin/doc/HELP_WANTED As for joining, sorry I 've already got an interface that suits my needs and is in constant development. The question would be why abandon it for a new one? Amit - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 5:01 AM Subject: Re: New Opensource project-AAAadmin On Fri, 23 Jul 2004, Amit Gupta wrote: Hi friends , I have decided to develop opensource project-AAAadmin. Its URL is dmin.sourceforge.net. I invite you to share your expectations from such solution. I also invite you to join development. What's wrong with dialupadmin? Amit Gupta --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Calculating Remaining Time for Session-Timeout
OK, I have several Mikrotik based hotspots out there. They auth users via RADIUS. I'm now running FreeRadius 1.0.0. I right now can auth users on them via FreeRadius - works great - and I'm using MySQL which is even better. Only problem is, right now they all get non-expiring sessions when they paid for half-hour increments :) Mikrotik expects Session-Timeout back as a clue on when to kick the user to pay for more time. How do I tell FreeRadius that User x bought 15 minutes on a hotspot, and tell Mikrotik to kick him when his time's up ? I understand about putting the Session-Timeout value in the radcheck table - that works. Just need to figure out how to update that Session-Timeout value every time the user logs in and out Thanks, Rick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Calculating Remaining Time for Session-Timeout
I know the rlm_sqlcounter module is there. I just need to find an example on how to set up FreeRadius to use it. I'm very familiar with writing sql queries, just not in this environment. Anyone have a sample radiusd.conf and sql.conf for calculating Session-Timeout's ? -Original Message- From: Keith Yoder [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 01, 2004 8:07 AM To: [EMAIL PROTECTED] Subject: Re: Calculating Remaining Time for Session-Timeout Rick, You'll want to use the rlm_sqlcounter module. You can set a Max-All-Session = 36000 to limit a user to 10 hours of total access for example. FreeRadius will calculate how much time was used and set the Session-Timeout attribute automatically. Hope that helps, Keith Yoder Rick Smith escreveu: OK, I have several Mikrotik based hotspots out there. They auth users via RADIUS. I'm now running FreeRadius 1.0.0. I right now can auth users on them via FreeRadius - works great - and I'm using MySQL which is even better. Only problem is, right now they all get non-expiring sessions when they paid for half-hour increments :) Mikrotik expects Session-Timeout back as a clue on when to kick the user to pay for more time. How do I tell FreeRadius that User x bought 15 minutes on a hotspot, and tell Mikrotik to kick him when his time's up ? I understand about putting the Session-Timeout value in the radcheck table - that works. Just need to figure out how to update that Session-Timeout value every time the user logs in and out Thanks, Rick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html