FreeRadius + Mysql + MAC address authentication + linksys WRT54GS
Hi there, I'm sorry if this questions was already answered but I searched all day today and didn't come up with anything usefull for this situation. This is what I need. There will be: * 20 hotspots with a Linksys AP and a modified firmware (OpenWRT) and maybe chilispot. * Freeradius server * apache2 webserver * free-HS (SSID) The objective is to have some free hotspots on a certain area and the user, as soon as he chooses free-HS network, will be redirected to a register page. Maybe using a proxy trick or a php redirect. This page will ask simple questions like age, how did he found this but never username and password. The authentication will be made by MAC address but I could only find some examples regarding AP's MAC address in the users file. My problem is to have this auth made by the mysql database. If he disconnects and connects again his mac address will be in the data-base, and radius will find it and authorize and the internet will be normal, No proxy, no redirect. Maybe a 15m timeout of no activity... So basically what we need is a way for radius to check for this MAC address in the mysql db. I have a working freeradius+mysql server and I can do a radtest with a user's/password and the shared pass and all was ok. rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=163, length=20 My problems: * We don't have any certificate store to sign our certificate, * We don't want people to install certificates Another questions. What type of protocols should we use? EAP, PEAP, CHAP, MSCHAP, EAP/TLS, WEP ? The most simple for the window's users to access. Thank you in advance for the help With best regards Carlos Sobrinho -- ############################################################################# # These PRESERVES should be FORCE-FED to PENTAGON OFFICIALS!! # #############################################################################
Hi,
* 20 hotspots with a Linksys AP and a modified firmware (OpenWRT) and maybe chilispot. * Freeradius server * apache2 webserver * free-HS (SSID)
The objective is to have some free hotspots on a certain area and the user, as soon as he chooses free-HS network, will be redirected to a register page. Maybe using a proxy trick or a php redirect.
if you use something like Chilispot then this will do the redirect
* We don't have any certificate store to sign our certificate, * We don't want people to install certificates
I would get some certificates signed by a low cost known certifier but make sure that the signature is already in the known windows list - then they wont have to install one
Another questions. What type of protocols should we use? EAP, PEAP, CHAP, MSCHAP, EAP/TLS, WEP ?
The most simple for the window's users to access.
ah. once you use one of these wireless encryption methods then you will have to make sure that the users know all the info in advance. in terms of real security, just use pure un-WEP'd wireless, make sure the login make is SSL encrpyted - eg AES256 HTTPS and then only allow secure protocols through the network - oh and WARN the users that the network is insecure and that passwords and credit card details should only be typed in when they are visiting HTTPS secure sites and using IMAPS etc (though most users will use web-based email on the move). using the basic 'secure' methods is useless as you would have to notify everyone what the key was (making the point of the key useless), even if you carefully inform users, WEP, EAP and PEAP with PSK etc are crackable within a fraction of time - at which point all those 'secure with WEP etc' password transactions are readable. EAP/TLS would mean giving the users certificates before they could connect to your wireless. how would you do that? via another wireless network? alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Carlos Sobrinho