Hello everyone, I am writing this -long overdue- letter to express my gratitude to all FR developers and other people who help through this mailing list. I may not be an active poster, but this list's archive has been a tremendous help during my involvement with FreeRADIUS. Thanks to the intense support (and of course great open source software), my project was a success and I managed to learn a couple of things too :-).
To whom it may concern, I have deployed the following setup for my Univercity wifi hotspot: WiFi users connect to APs in the Univercity premises. Authentication follows two scenarios (depending on the particular AP site): Scenario A or NoCat Scenario (low security): -A NoCat captive gateway runs on a PC connected directly to the AP (or the AP itself, for embedded devices). This PC is also responsible for DHCP, firewall rules etc... -The user's web browser is redirected to the login page hosted at the AAA server for this building. There runs the NoCat Auth Server and (of course) a FreeRADIUS server. the NCA server gives the user credentials to FR, who in turns authorizes them against the local Windows AD (where Univercity users reside) and a mysql database (for temporary wifi accounts -can be duration-restricted). -After the NoCat gateway lets the user in, it periodically sends accounting information to the FR server (to be stored in the mysql DB). Scenario B or EAP scenario (high security): -A FreeRADIUS proxy runs on a PC connected directly to the AP (or the AP itself, for embedded devices). This PC is also responsible for DHCP, firewall rules etc... -The AP has WPA-Enterprise enabled and connects to the proxy FR for authentication. -Users IEEE.1X clients for EAP authentication (mainly PEAP). -The FR proxy forwards authentication packets to the central FR server (the same one as scenario A) who authenticates ands authorizes against the Windows AD and mysql DB. -Accounting packets are sent either by the AP (through the proxy) or a NoCat gateway (set in "Open" mode) which runs at the same PC with the proxy. Accounting information is monitored through the dialup_admin front-end, which is also used for temporary wifi accounts (that go in the mysql db). (The above may imply a large scale deployment but there are only two APs for now :-) [both running scenario A].) That's about it in a nutshell. I named the whole system the WAL (Wireless Aueb -my Univercity- Lan). As you can see, I have also made heavy use of the NoCat project (thanks to everyone in that mailing list/developer team too!!) but it saddens me to see that it got stuck in version 0.82 :-(. Anyway, thanks again and keep up the good work. I am not done with FR just yet, so I'll ne seeing you all :-). Stefanis Eleftherios MsC Student in Computer Science AUEB PS: Sorry for the long post, I just thought it would be nice for people to see what FR (combined with other great open source software) can do in a complete WiFi deployment. PS2: The total software cost for the WAL was 0$ and took one person (me) a total of about 2 months to architecture and setup. __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html