Results 1 to 3 of 3
Hi y'all. After literally days, I have manged to get freeradius running under ubuntu. So now I need some outline how to continue with the task of setting up a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 03-03-2014 #1
- Join Date
- Mar 2014
captive portal setup - Radius is running, what now?
After literally days, I have manged to get freeradius running under ubuntu.
So now I need some outline how to continue with the task of setting up a captive portal.
How do I link a site with the captive portal where users are redirected to...
Is PHP/HTML/MySQL sufficient to create that site?
How do I add users?
How do I connect my router (linksys with open wrt or dd wrt, havent decided yet...) with the radius server.
I would be very grateful if someone could point me in the right direction where to look for info on this subject.
- 03-13-2014 #2
What do you mean by 'captive portal'? Do you mean a landing page, similar to 'pay-to-connect' wifi hotspots which auto-redirect you to a sign-in or register page?
If so, start with a simple page wanting a username and password. Then, when it all works, progress to an https page with certificate. Enforce https for all connections for user security.
Adding users can be done via what's called a 'flat file' (basically a manually-updated list), or by using a more sophisticated database system.
But, you'll have to tell your radius system where the flat file is, or configure the more sophisticated user management system to use your radius server for authentication.
Connecting the router to use the server is (or should be) as simple as ticking the box to tell it to 'use' radius, and then telling it the IP address of the radius server.
Essentially, the person wanting to connect is prompted to put in a username and password. The router encrypts the package using a secret shared with the radius server, then the encrypted package is sent to the radius IP address. The radius server decrypts, compares the name and password with its list or database, then sends a return. The return is basically an 'allow' or 'deny', at which point the router either disconnects the person, or starts the DHCP process (or similar).
You will almost certainly want to use either OpenWRT or DDWRT instead of the standard router firmware, as the original probably won't have all three As (authentication, authorisation, accounting).
Hope this helps.
- 03-13-2014 #3
- Join Date
- Mar 2014
thank you very much. Yes, every little bit helps.
I have moved forward to using radiusdesk as administration for radius (think that takes care of the database) but especially your comment on router software was helpful.
Just ordered three linksys54gl routers so when they arrive (I live at the end of the world) I will take it from there.