Plz advice on a good captive portal for FreeRadius

Alan Buxey A.L.M.Buxey at
Sun Dec 12 21:47:15 CET 2010


personally, for your office, I would not touch captive portals at all - you
are giv ing yourself a nice headache, single points of failure and a nice weak
security model.

go to 802.1X - and then configure your wireless AP to use the FreeRADIUS
box (or boxes!) as the RADIUS authentication/accounting.   you can then 
do all you rpoxy things etc just as a normal network.  WPA2/AES with PEAP/MSCHAPv2
is very easy on pretty much all modern OS/clients

if you are hellbent on doing captive portal...well, I'd say just roll
your own. Linux.BSD box with ebtables/iptables 2 interfaces (one inside
the captive , the other outside - with a bridg interface on which the
apache server listens....about 30 lines of PERL which gives them a web page
with login box - please use HTTPS for at least some security!) - and then
PERL Auth::RADIUS to take user/pass details and pipe to RADIUS  - the 
POD pretty much gives you the code you need.  you can then tweak/customise
as YOU need, rather then what somewhen else thinks you need......

802.1X means you can cut out all the rubbish and have pure network access


More information about the Freeradius-Users mailing list