Is this possible

Peter Nixon listuser at peternixon.net
Sun Aug 5 00:02:14 CEST 2007


On Sun 05 Aug 2007, Fred Zinsli wrote:
> Hello everyone
>
> I am very new to freeradius and security type environments and I am
> feeling somewhat out of my depth at the moment.
>
> My current situation is that I have a chillispot WIFI setup.  A diagram
> of the current network can be seen at
> http://www.shooter.co.nz/network.pdf
>
> The problem I have with this setup is that unscrupulous people are
> connecting to the unprotected APs without authenticating and playing
> games between themselves therefore bogging down our network with their
> traffic.
>
> So what I am wanting to do is dispose of the chillispot server and
> authenticate the users directly from the APs (WAP54G) using WPA-
> Enterprise.

Putting chillispot on each individual AP is also a possibility..

> WPA-Enterprise on the WAP54G is radius authentication with 
> a WPA shared key between the AP and the radius server.
>
> I have got the APs talking to the radius server, but it seems the radius
> server is using the credentials from the PC to authenticate the users.

Thats what it is designed to do.

> Here is what I would like to do.  When a user attempts to connect to the
> AP, the user is presented with a login screen (much like chillispot),
> the user logs on and they are connected to the AP and can use the
> network as expected.  If a user cannot authenticate the attempt is
> logged and the connection attempt to the AP is dropped.

If you want a web based login screen use chillispot or something similar. If 
you want to use a PC based supplicant, then WPA is the correct solution..


-- 

Peter Nixon
http://peternixon.net/



More information about the Freeradius-Users mailing list