Is this a job for FreeRadius?

Nathan Ward lists+freeradius at daork.net
Tue Sep 25 00:50:52 CEST 2018


Hi,

Really you’re asking if this is a job for RADIUS.

RADIUS can tell your NAS (i.e. your wireless router, maybe?) what to do, but the NAS needs to support those things.

If your wireless router supports putting users in to different groups, or something, and applying policy to those groups based on RADIUS, then sure, RADIUS is able to do that, and you can use FreeRADIUS to do that for you. RADIUS would be involved when they connect to wifi - *not* for every website they visit etc. It would push a profile or group or something to the NAS which would be something like “Restricted” or “Open” or “Homework time” or whatever, and the NAS would know that that profile means it needs to limit/permit x, y, z.
I don’t know any NASes that support this sort of behaviour - they may exist, but I don’t know of them. What I’m describing here is how RADIUS would fit in to such a solution if it were to exist - i.e. only for the “login” part.

My feeling though - I don’t know what your skill level is with this stuff.. but you’re probably better off getting “parental control” product. I work with ISPs, and have been testing and looking at a lot of these. They’re good.
They’ll give you a much simpler point and click type interface which can manage this.

There aren’t any canned solutions (which I’m aware of) for this with RADIUS where you use your own NAS etc. etc., you’ll be doing a lot of work building an interface - or when homework is done you’ll be off running SQL queries or editing files or whatever. Sounds like a chore to me !

Check our Koala (koalasafe.com) - that thing works pretty well. There are others as well, but that’s the better one that I’ve seen.

Again - you *can* use RADIUS as the authentication/signalling layer part of such a solution, but I don’t think doing that yourself is the right solution for a home. Certainly for a service provider, or a school or enterprise network, but not a home.

> On 25/09/2018, at 9:19 AM, Bret Schuhmacher <ultimatebeersnob at gmail.com> wrote:
> 
> Hi all,
> 
> First post... just seeing if I'm on the right track.
> 
> I have my router locked down to prevent my kids from bringing unauthorized
> devices into the house... I change the router passwords daily and have it
> locked down by MAC address.  However, once I give them the daily password
> they have full internet access to do homework.  Unfortunately, once they
> have the password they seem to be watching youtube and other things instead
> of doing homework.
> 
> Can I use FreeRadius to limit their access to the Internet to exclude a
> list of blacklisted sites until they prove their homework is done and I
> flip some bits to make policy changes **PER USER** and allow one child
> access to youtube without allowing the other child access?
> 
> I feel like I can, but all I'm looking for here is a "yes you can do that"
> and I'll keep trying to figure it out - I just want to see if I'm on the
> right track.
> 
> Thanks,
> 
> 
> Bret
> --
> Bret Schuhmacher | Sr. Solutions Architect | 865.257.9856 |
> bits.and.bytes.software at gmail.com
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list