Is this possible

Fred Zinsli fred.zinsli at shooter.co.nz
Sat Aug 4 23:34:29 CEST 2007


Hello everyone

I am very new to freeradius and security type environments and I am 
feeling somewhat out of my depth at the moment.

My current situation is that I have a chillispot WIFI setup.  A diagram 
of the current network can be seen at 
http://www.shooter.co.nz/network.pdf

The problem I have with this setup is that unscrupulous people are 
connecting to the unprotected APs without authenticating and playing 
games between themselves therefore bogging down our network with their 
traffic.

So what I am wanting to do is dispose of the chillispot server and 
authenticate the users directly from the APs (WAP54G) using WPA-
Enterprise.  WPA-Enterprise on the WAP54G is radius authentication with 
a WPA shared key between the AP and the radius server.

I have got the APs talking to the radius server, but it seems the radius 
server is using the credentials from the PC to authenticate the users.

Here is what I would like to do.  When a user attempts to connect to the 
AP, the user is presented with a login screen (much like chillispot), 
the user logs on and they are connected to the AP and can use the 
network as expected.  If a user cannot authenticate the attempt is 
logged and the connection attempt to the AP is dropped.

This way a user cannot just blindly connect to our network and use 
bandwidth.

Is that type of configuration possible? and if so where would I find 
information on how it is done?

Many thanks in advance for you patience and comments.

Regards

Fred





More information about the Freeradius-Users mailing list