sophana <[EMAIL PROTECTED]> wrote: > In my project, I don't own the hotspots, and don't know about the > hotspots ISPs. > The hotspots communicate to the radius server though the internet.
I would suggest using another method to get a secure connection to the hotspot. Maybe IPSec. Barring that, each hotspot has a dynamic IP within a small network range. So you can list the network in "clients.conf", and at least have one shared secret per hotspot location. This *is* documented in clients.conf, please read it. > Ok. I don't know much about the radius protocol details, maybe you could > help me understanding how secure would be a solution where the secret is > know by everybody. I thought I said it WOULDN'T be secure. What part of my response was unclear? > Now, once a user is authenticated, how does the nas send accounting info? Read the documentation. That's what it's there for. > Does it have to authenticate again, or is its ip address (and its > (public known)secret) sufficient to authenticate? > Do you need at least a session id? You're confused. Users authenticate. NASes don't. > Imagine that the malicious use cannot listen to the radius > communications. What can it do without authentication? Not get on the network? I don't understand why you're asking these questions. > I need security, because I will use accounting info to perform > facturation... Facturation isn't an english word. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

