Hi, > * 20 hotspots with a Linksys AP and a modified firmware (OpenWRT) and maybe > chilispot. > * Freeradius server > * apache2 webserver > * free-HS (SSID) > > The objective is to have some free hotspots on a certain area and the user, > as > soon as he chooses free-HS network, will be redirected to a register page. > Maybe using a proxy trick or a php redirect.
if you use something like Chilispot then this will do the redirect > * We don't have any certificate store to sign our certificate, > * We don't want people to install certificates I would get some certificates signed by a low cost known certifier but make sure that the signature is already in the known windows list - then they wont have to install one > Another questions. What type of protocols should we use? > EAP, PEAP, CHAP, MSCHAP, EAP/TLS, WEP ? > > The most simple for the window's users to access. ah. once you use one of these wireless encryption methods then you will have to make sure that the users know all the info in advance. in terms of real security, just use pure un-WEP'd wireless, make sure the login make is SSL encrpyted - eg AES256 HTTPS and then only allow secure protocols through the network - oh and WARN the users that the network is insecure and that passwords and credit card details should only be typed in when they are visiting HTTPS secure sites and using IMAPS etc (though most users will use web-based email on the move). using the basic 'secure' methods is useless as you would have to notify everyone what the key was (making the point of the key useless), even if you carefully inform users, WEP, EAP and PEAP with PSK etc are crackable within a fraction of time - at which point all those 'secure with WEP etc' password transactions are readable. EAP/TLS would mean giving the users certificates before they could connect to your wireless. how would you do that? via another wireless network? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
