Date: Sun, 7 Jan 2018 21:30:51 +0700 From: Victor Sudakov <vas@mpeks.tomsk.su> To: freebsd-net@freebsd.org Subject: Quasi-enterprise WiFi network Message-ID: <20180107143051.GA44962@admin.sibptus.transneft.ru>
next in thread | raw e-mail | index | archive | help
Colleagues, I'm trying to setup a quasi-enterprise WiFi network for mobile devices. This will be a solution for a public library with the only requirement that guest users should get personal credentials for WiFi access from a librarian (not a shared PSK for everyone). The library has a FreeBSD router with FreeRADIUS3, and several TP-Link APs which support "Enterprise WiFi" and can be RADIUS clients. The point is I don't want to require customers to install X.509 certificates on their mobile devices, the network setup should be simple and transparent for the customer. I don't care if some Evil Hacker impersonates my quasi-enterprise network and collects all the passwords, so I really need no certificates to authenticate the network to customers. The only condition is that each customer has a personal login/password which expires daily (any RADIUS server can expire accounts, I'm sure FreeRADIUS is no exception). I would also consider a variant with FreeBSD+hostapd as AP (instead of the TP-Link routers) if it's more feasible. Could you please point me in the right direction. Maybe I'm totally wrong and I should use a different approach altogether? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180107143051.GA44962>