On Monday 15 September 2003 1:34 pm, Juliano Moises da Luz wrote: > Can someone point me some documentation about how to setup hotspot > authenticantion?
As Alan mentioned, there is no one simple answer -- mainly because there are
several ways of doing "a hotspot", some of which do not even NEED a "radius"
server!
> I need to setup a wi-fi hotspot and I am a little confused. I've already
> configured radius to authenticate users based on mac addresses, but i'm not
> sure this is the best way.
A better place to begin is with the "Access point" you'll be using [hereafter
referred to as a "NAS"] Some will do "all the work" for you [like the
Proxim/Orinoco AP-2500 that I have] while others will require a
behind-the-scenes approach [such as grabbing the least expensive AP at
Circuit City or Best Buy, then hanging it off of a used/refurbished system
running linux to act as a "gateway"]
Generally the NAS will be responsible for managing connections, IP addresses,
and so on. The proxim that I have will intercept a web-request, put up a
banner and a login screen, authenticate against an external RADIUS, and
enforce time limits if specified in the "reply" packet. Using a program such
as NOCAT will let you do the same in a roll-your-own environment.
The next question to consider is "are users going to pay for access?" For
instance, in a coffee-shop environment, it might make sense to "give away"
access time (i.e., don't charge at all) and use it as a "draw" to get
customers into the building. [otoh, coffee-house clientelle are often
"leeches" in that they will gladly sit around all day using your internet
connection without a hint of a purchase...] On the third hand, however,
folks who hang out at a coffee house are "regular" customers, so a "monthly
rate" is often a good compromise.
Other locations, such as an airport or hotel, have a much more "fluid"
clientelle -- you'll never see the same guy twice in a month [unless he's the
pilot...] so these people you want to hit with a per-hour rate, or even
per-quarter-hour [heck, T-mobile charges BY THE MINUTE]
The next question is HOW are they going to pay? cash is always the easiest,
but may lead to difficulties depending on the location [that airport
again...] Credit cards billed-as-used are great, but may require a merchant
account [which is OK if you are the owner of the location -- you're probably
already set up for such...] Again, the NAS may play a role in this -- the
Proxim can be configured to talk to an "industry standard" [hah!] website and
thus manage the billing for you. With a roll-your-own, well, you'll be
rolling it anyway, might as well build a custom merchant/CC gateway while
you're at it...
In my case I opted for a pre-paid/pre-printed "card" system. I generate a
number of user ID's and passwords, each with an hour's worth of "time"
associated with it, then print regular business-cards with the logo, user ID,
and password. Since these are stored in a locked drawer behind the counter,
I don't need fancy "scratch-off" style cards. One "hotspot-in-a-box" vendor
actually has a thermal printer included with the setup -- pressing a button
generates a user ID/password "on the fly" and allocates some amount of time
to it.
I've ALSO set up an interesting compromise to the aformentioned "leech"
problem: I've set up a "counter" that tallies time on a per-MAC basis, with a
limit of 15 minutes per day. This actually uses a set user ID/password
combo, which is actually included in the login banner. This lets people use
it seemingly like a promo ("with the purchase of a drink, you get...") yet
doesn't require extensive configuration on my part [i.e., building
potentially hundreds of "15 minute user ID's"] [search the archive for
details -- I have posted the configuration items neccesary to do this]
There are probably lots of other things that can be brought up for discussion,
but notice VERY LITTLE of the above discussion really "needs" (or involves)
Radius -- the NAS/AP can be configured with a list of known acceptible MAC
addresses and/or set for "billing" people via a credit card, or you may be in
a "don't care" situation in which case you really only need a "typical"
consumer/home "wireless access point" set with a known SSID (and with a DHCP
server enabled internally...) About the only thing you'll need a radius
server for is managing "pre-printed" access cards (in which case you'll
really be managing a mysql or postgresql database...) or "monthly
subscribers"
--
Yet another Blog: http://osnut.homelinux.net
pgp00000.pgp
Description: signature
