Wifi and Client-Side authentication

Phil Mayers p.mayers at imperial.ac.uk
Sun Feb 17 20:55:14 CET 2008

Bill Farina wrote:
> Here's the scenario, I have a Linksys WRT54GS running DD-WRT RC5 which 
> is fully configured for Radius.  I have a small FreeBSD server running 
> FreeRadius-1.1.7_2.  HTTPD (or Apache) has not been installed on the 
> system and in it's current configuration would be difficult to do so.  
> The BSD box is also running PAP which makes it very easy to configure 
> accounts and it's a account creation method that I'm familiar and 
> comfortable with.   The two machines are currently communicating.
> What I'm trying to do is figure out a way that I can authenticate 
> enduser machines using this setup.  What I would like to see is upon the 
> initial login attempt, a popup comes up and asks for username and 
> password.  From that point on, everything would be automatic on the 
> user-side and individual client machines would store all of the login 
> information.
> I'm not opposed to adding software to client machines to facilitate the 
> login.

This is not really a FreeRadius question. You want to investigate either 
"Captive Portal" or "WPA/WPA2" depending on your requirements.

Captive Portal - no encryption on the wireless. used web-based login 
which may (if you want) talk PAP to FreeRadius e.g. ChilliSpot

WPA/WPA2 - gives wireless encryption, REQUIRES 802.1x supplicant 
software on the clients (e.g. wpa_supplicant, xsupplicant, windows 
XP/Vists or MacOS X built-in) and a radius server

More information about the Freeradius-Users mailing list