Hi, I wanted to ask whether a captive portal + radius server + radius server gui would be a useful feature and wanted to discuss possible implementation routes as this affects other services on the XSCE.
A radius server allows to have controlled access to server resources, internet connectivity, and allows one to create users, groups, and set aside network bandwidth. i.e. it is quite useful in a medium to large setup. A captive portal alongside it allows for good UX with notifications in phones, tablets and not having users to type http://school.lan. The existing captive portal PR (#771) is a very good step in that direction, but I believe we will eventually need to use some kind of standard implementations - radius + captive portal setups. Now that 6.1 is out of the door, I would like to propose a captive portal feature for 6.2. In the current setup I am testing, I am using freeradius[1] as the radius server, and CoovaChilli [2] as the captive portal. Coova does it's own dhcp so it will have to replace dhcpd if it is used. Also, starting/stopping the coova services affects iptables, so initially, having it run in conjunction with dansguardian and squid might be a little tricky (though it is certainly possible, just needs more time to test/develop). Also, while freeradius is available as a rpm package, coova, and a dependency needs to be complied from source. I can create the packages for it though - it did not seem complicated. So, the current approach I am proposing is: 1. If captive + radius is enabled, dhcpd is disabled, squid and dansguardian are disabled. Later, we can just have dhcpd disabled and the other two enabled if need be 2. If captive + radius is enabled, either we include a few knobs and levers to manage radius in our admin console (more difficult), or include a radius admin console (easier) At the same time I have a question, since my understanding of xsce networking is limited. When setup in LANcontroller mode with both the internal wifi + LAN being controlled by XSCE, does all the LAN side traffic flow through br0? Is it always the case? (in gateway mode too). If that is so, then I will configure coova to work on br0. [1] http://freeradius.org/ [2] http://coova.github.io/CoovaChilli/ Best, Anish On Tue, Sep 20, 2016 at 7:36 AM, Anish Mangal <anis...@umich.edu> wrote: > I believe I am able to get the captive portal working as intended > > http://people.sugarlabs.org/anish/captive.webm > > Now will need to work in a branch on a playbook. > > Another idea would be to have a web ui for radius to show all kids of user > stats, control per user/group bandwidth, and accounting. > > On Mon, Sep 19, 2016 at 8:54 PM, Anish Mangal <anis...@umich.edu> wrote: > >> >> >> On Mon, Sep 19, 2016 at 8:54 PM, Anish Mangal <anis...@umich.edu> wrote: >> >>> Hi, >>> >>> So I was able to setup freeradius and coovachilli on a centos x86 >>> machine to setup a captive portal using the method below: >>> https://www.howtoforge.com/tutorial/how-to-install-a-wireles >>> s-hotspot-with-captive-page-in-linux-using-coovachilli/ >>> >>> Now, this is progress since the user experience is exactly how you would >>> see in a coffee shop. Upon connecting, you will see a notification in your >>> phone, and be prompted by a login prompt (where we can redirect the user to >>> school.lan) or whatever afterwards. >>> >>> However, there are some notes: >>> 1. Coovachili does its own dhcp, so probably we might have to use that, >>> if the captive portal is being enabled. >>> 2. By default it does dhcp on a different subnet. and _maybe_ because of >>> that, a bunch of iptables rules dont work. name resolution doesnt work. >>> Will change the default subnet to what we currently use and disable dhcpd >>> and see what happens >>> >>> To setup coova and freeradius, they have to be compiled from source. The >>> compiling was pretty straightforward on centos, so either the same can be >>> done for ARM, but long term i think packages would be wonderful :-) >>> >>> All in all, this definitely looks like an approach worth pursuing :) >>> >>> Cheers, >>> Anish >>> >>> >> >> >> -- >> Anish >> >> >> > > > -- > Anish > > >
_______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
