Is this possible
Fred Zinsli
fred.zinsli at shooter.co.nz
Sat Aug 4 23:34:29 CEST 2007
Hello everyone
I am very new to freeradius and security type environments and I am
feeling somewhat out of my depth at the moment.
My current situation is that I have a chillispot WIFI setup. A diagram
of the current network can be seen at
http://www.shooter.co.nz/network.pdf
The problem I have with this setup is that unscrupulous people are
connecting to the unprotected APs without authenticating and playing
games between themselves therefore bogging down our network with their
traffic.
So what I am wanting to do is dispose of the chillispot server and
authenticate the users directly from the APs (WAP54G) using WPA-
Enterprise. WPA-Enterprise on the WAP54G is radius authentication with
a WPA shared key between the AP and the radius server.
I have got the APs talking to the radius server, but it seems the radius
server is using the credentials from the PC to authenticate the users.
Here is what I would like to do. When a user attempts to connect to the
AP, the user is presented with a login screen (much like chillispot),
the user logs on and they are connected to the AP and can use the
network as expected. If a user cannot authenticate the attempt is
logged and the connection attempt to the AP is dropped.
This way a user cannot just blindly connect to our network and use
bandwidth.
Is that type of configuration possible? and if so where would I find
information on how it is done?
Many thanks in advance for you patience and comments.
Regards
Fred
More information about the Freeradius-Users
mailing list