[isf-wifidog] Re: update from municonference

Iurgi Arginzoniz iurgi at fon.es
Mer 21 Juin 17:55:37 EDT 2006


Hi all,

But there's something I don't seem to understand. What is the current status of the mac authentication? It's not included in the feature list and I can only see 2 open tickets related to it.

User+pass+mac shouldn't be difficult at all (I guess we are talking about the mac address of the AP to limit the user to a certain number of APs - correct me if I'm wrong - or are you talking about authenticating users that use an specific device? If so, what would be the use you are thinking on?): it'd probably mean a little change in the gateway and another one in the auth server+DB.

I am currently starting to deeply study wifidog to consider it as a substitution to chillispot in our network. One of the most important things for us is to be able to authenticate devices that don't have a html browser (no http redirection is possible). Furthermore, we dream to have devices identified based on their OUI (is that the name of the mac prefix?) and open the access depending on the expected service, i.e.: open access ONLY to nintendo gaming servers and ports to nintendo ds devices. This is good for both optimizing the access rules (non browser based devices require a limited number of ports/services open) and also avoid mac-spoofing for free authentication: if I spoof a nintendo ds' mac address with my PC I will only be able to use nintendo gaming servers and ports.

Any ideas, comments, info related to this?

Thanks!

Iurgi
---
Sent via BlackBerry

-----Original Message-----
From: "Ian White" <ian.white at datamile-computers.com>
Date: Wed, 21 Jun 2006 22:02:03 
To:"WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
Subject: Re: [isf-wifidog] Re: update from municonference

The locustworld mesh uses nocat, and you can setup users as validated against 
  
mac 
user+pass 
user+pass+mac 
  
depending on how secure you want your logings to be. 
  
It should be a simple change to add mac to the first login redirect, I'd do once I get a build env setup 
  
----- Original Message ----- 
From: Dana 
  Spiegel: <mailto:dana at nycwireless.net>  
To: WiFiDog Captive Portal: <mailto:wifidog at listes.ilesansfil.org>  
Sent: Wednesday, June 21, 2006 6:52 PM 
Subject: Re: [isf-wifidog] Re: update from municonference 

This would work for VOIP phones (I think we discussed this a few months ago).
 
 

 
Dana Spiegel 
Executive Director 
NYCwireless 
dana at NYCwireless.net: <mailto:dana at NYCwireless.net> 
www.NYCwireless.net: <http://www.NYCwireless.net> 
+1 917 402 0422
 
Read the Wireless Community blog: http://www.wirelesscommunity.info: <http://www.wirelesscommunity.info> 

 
 
On Jun 21, 2006, at 1:00 PM, François Proulx wrote:
 
I guess Nintendo has a few IEEE OUI. If we have add MAC whitelist via the auth server it could also support OUI groups. 

 

 
On 21-Jun-06, at 12:40 PM, Michael Lenczner wrote: 

 
How would the mac address get on the list? 

 
If the answer is that people would have to submit their mac address, I 
don't think that's a workable solution for tens of thousands of 
regular users. 

 
On 6/21/06, ian.white at datamile-computers.com: <mailto:ian.white at datamile-computers.com> 
<ian.white at datamile-computers.com: <mailto:ian.white at datamile-computers.com> > wrote: 
I think mac only auth needs adding to support devices that don't support 
html like nintendo DS etc. I think its a simple change of sending the mac 
is the first wifidog redirection as well as the second, and then auto 
permitting if the mac is in a list. 

 
Ian 
> update # 2 
> 
_______________________________________________ 
WiFiDog mailing list 
WiFiDog at listes.ilesansfil.org: <mailto:WiFiDog at listes.ilesansfil.org> 
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog: <http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog> 

 
_______________________________________________ 
WiFiDog mailing list 
WiFiDog at listes.ilesansfil.org: <mailto:WiFiDog at listes.ilesansfil.org> 
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog: <http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog> 
 
 
----------------
 

_______________________________________________
WiFiDog mailing list
WiFiDog at listes.ilesansfil.org
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog_______________________________________________
WiFiDog mailing list
WiFiDog at listes.ilesansfil.org
http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog


Plus d'informations sur la liste de diffusion WiFiDog