FREERADIUS + Canopy

Hi
i have wifi lan + freeradius.
how to authetication user with SM (mac address) and freeradius , is possible withous prizm and bam?

Thanks

???
please specify your idea

Fabio

I guess what he wants to do is have authentication of SM modules against a Radius server without using BAM.

He is probably doing that on his WiFi network.

I think this is not possible with Canopy unless you have BAM.

no can’t do it… unless you want to hack around with BAM


Vanilla… first country to have nationwide coverage… mmmm… maybe it should be first country in europe :wink:

Hmmm which country beat us to it?

I would want to authenticate my user, through pppoe and passing also the MAC address of the sm from which the logon happens

I too am interested in running PPPOE on a linux box to authenticate my users, but am not familiar with the server setup. Anyone know where i might read up on that?

I don’t think you guys fully appriciate what you are asking for.

You’re baslically asking: “I don’t like or don’t want to pay for BAM/Prizm, how to I make my own?”

If someone where a skilled systems/networking programmer with the additional ability to reverse-engineer closed protocols, and they had a bunch of free time on their hands, then they could write their own BAM replacement authentication suite.

Said software engineer could then design their application to use freeRADIUS, incorporate LDAP as a backend, or whatever else they desired.

There are other options. I’ve heard of ISPs running their transport medium completely unrestricted (IE: any Canopy SM can connect to the AP with no bandwidth restrictions) The ISP controlls auth at the customer’s gateway device – forcing them to use some kind of authentication protocol (namely PPPoE) in the customer rotuer.

I would think a skilled SysAdmin could design and implement a system like that without having to code any custom software.

Another option would be a captive portal type solution. Again, the transport to EU would be wide open. This time, the user would be presented with some kind of authentication in their web browser everytime they went “on line.” Again, a skilled SysAdmin could design and implement a system like that using currenlty available protocols and software. Although, captive portal authentication on a system like Canopy seems a little silly.

Anyway, I think I’ll get off the soapbox now.

73, Andrew

ahull wrote:
There are other options. I've heard of ISPs running their transport medium completely unrestricted (IE: any Canopy SM can connect to the AP with no bandwidth restrictions) The ISP controlls auth at the customer's gateway device -- forcing them to use some kind of authentication protocol (namely PPPoE) in the customer rotuer.


We are running this. Freeradius, Oracle DB, PPPoE. The packet filters for PPPoE... I just love them. No more broadcast storms, everythig in bridge mode. Set up the colour code and IP on SM, make PPP connection and ready to go. You can plase more than one costumer on SM...

erkan,

Interesting, I am just starting with Canopy, Prizm, and already run and maintain radius servers so would be interested in how you are doing your PPPoE.

Larry Smith

Erkan,

We have the same setup as yours. Everything is on opensource. The only broadcast we get are the PADIs, sometimes somebody might do something stupid and enable pppoe server in their windows machine. Have you had any such issues?

would one of you be willing to post a how to on the pppoe setup, and how to make it talk to free radius?

I’m not the one doing the connections, but from what I understand the setup goes like this.

We set the PPPoE users in separate VLAN from static IP users. We install on the routers pppoe-server, which talks with the server on which we have free radius. The free radius is connected to the Oracle database where it checks are the user names and passwords OK.

If someone has specific question I can ask the network engineers.

nepalken wrote:
Erkan,

We have the same setup as yours. Everything is on opensource. The only broadcast we get are the PADIs, sometimes somebody might do something stupid and enable pppoe server in their windows machine. Have you had any such issues?


nepalken,

What filters do you use for PPPoE users?

We get broadcasts from users wich put the anntenna in swich so they can share the connection.

OMG, I never thought to have the router do the PPPoE. Was trying to have a single linux box do all functions… you’ve helped allready

What advantage do you expect to get out of migrating your users to a PPPoe connection?

Erkan,

We only let pppoe pass through the SM, but now we have backhauled everything over fiber and on seperate VLANs which has reduced the problems significantly,

Vanila,

PPPoe is dialup over ethernet. So you can have better AAA. You can have various packages for your customers, you save on your public IPs, better control and management I suppose

Yes. Currently anyone who buys an SM can connect to our network, and would probably go unnoticed for a little while. We would like some sort of authentication. From what I hear Prism isn’t anything spectacular, so I’m looking for an open source solution