On Sun 05 Aug 2007, Fred Zinsli wrote:
Hello everyone
I am very new to freeradius and security type environments and I am feeling somewhat out of my depth at the moment.
My current situation is that I have a chillispot WIFI setup. A diagram of the current network can be seen at http://www.shooter.co.nz/network.pdf
The problem I have with this setup is that unscrupulous people are connecting to the unprotected APs without authenticating and playing games between themselves therefore bogging down our network with their traffic.
So what I am wanting to do is dispose of the chillispot server and authenticate the users directly from the APs (WAP54G) using WPA- Enterprise.
Putting chillispot on each individual AP is also a possibility..
WPA-Enterprise on the WAP54G is radius authentication with a WPA shared key between the AP and the radius server.
I have got the APs talking to the radius server, but it seems the radius server is using the credentials from the PC to authenticate the users.
Thats what it is designed to do.
Here is what I would like to do. When a user attempts to connect to the AP, the user is presented with a login screen (much like chillispot), the user logs on and they are connected to the AP and can use the network as expected. If a user cannot authenticate the attempt is logged and the connection attempt to the AP is dropped.
If you want a web based login screen use chillispot or something similar. If you want to use a PC based supplicant, then WPA is the correct solution.. -- Peter Nixon http://peternixon.net/