Plz advice on a good captive portal for FreeRadius
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Sun Dec 12 21:47:15 CET 2010
Hi,
personally, for your office, I would not touch captive portals at all - you
are giv ing yourself a nice headache, single points of failure and a nice weak
security model.
go to 802.1X - and then configure your wireless AP to use the FreeRADIUS
box (or boxes!) as the RADIUS authentication/accounting. you can then
do all you rpoxy things etc just as a normal network. WPA2/AES with PEAP/MSCHAPv2
is very easy on pretty much all modern OS/clients
if you are hellbent on doing captive portal...well, I'd say just roll
your own. Linux.BSD box with ebtables/iptables 2 interfaces (one inside
the captive , the other outside - with a bridg interface on which the
apache server listens....about 30 lines of PERL which gives them a web page
with login box - please use HTTPS for at least some security!) - and then
PERL Auth::RADIUS to take user/pass details and pipe to RADIUS - the
POD pretty much gives you the code you need. you can then tweak/customise
as YOU need, rather then what somewhen else thinks you need......
802.1X means you can cut out all the rubbish and have pure network access
alan
More information about the Freeradius-Users
mailing list