[isf-wifidog] Thanks, a bug (perhaps) and a question.

wlan at mac.com wlan at mac.com
Lun 30 Oct 02:40:33 EST 2006 

Hello,

Greg, from your previous e-mails, thanks for the kind word regarding  
CoovaAP. And, yes, I agree with your assessment of the Chillispot  
project being, well, stalled (if not dead). Which is why we felt the  
need to branch off the Coova Chilli project.

With respect to RADIUS, it is a highly flexible and widely supported  
authentication protocol, indeed AAA - authorization, authentication,  
and accounting - protocol. It, along with proper WISPr XML, is vital  
for WiFi roaming (iPass, Boingo, MNO, inter-community, etc). Like you  
said, it is also the standard for WPA enterprise authentication...  
what is really cool, is combining WPA with captive portal for secure  
guest access!

	http://coova.org/wiki/index.php/CoovaChilli/WithWPACaptivePortal

Of course, as you know, our firmware can work with either coova  
chilli or wifidog. With respect to the access controller bit, chilli  
and wifidog are "competitive" technologies, but each has its  
advantages and wifidog (as a project) is so much more than the access  
controller. The topic came up in our forum recently:

	http://coova.org/phpBB3/viewtopic.php?f=3&t=9

Cheers,
David

On Oct 29, 2006, at 8:20 PM, listserv.traffic at sloop.net wrote:

> Well, first, I hate hacking stuff myself. I'm no guru for PHP, and  
> I'd rather leave PHP and associated security with someone else.  
> (There's a lot of things I DO know and I'd rather spend time on  
> those things and do them right than go off and do stuff I don't  
> know half-assed. [No implication you are, just speaking for myself.])
>
>
>
> When you say "localhost" I assume you don't mean active Linux  
> accounts, but local as in PGSql...
>
>
>
> I suppose there's no huge benefit at all. In fact, it's an  
> additional thing to setup and maintain, but it's easy for me.
>
> The user accounts and passwords are all in a text file - users - in  
> radius. (If you use MySQL db backend support, I think there are web  
> user admin modules already setup for FreeRadius that will allow you  
> really easy user management.)
>
>
>
> How are you going to manage users in PGSql/locally? Either you  
> write your own web pages and have some security overlaid, or you'll  
> be installing or learning how to use PGSql on the command line or a  
> graphical tool - that's not much easier than installing Radius.
>
>
>
> As I've said before, having someone else maintain the code for a  
> wide group of people really cuts down on the load for a single guy.  
> I've done custom code and apps, but then you're married to the  
> thing. Security is hard to get right, and doing it by yourself is  
> even worse.
>
>
>
> Upsides?
>
> If at sometime in the future, we want to allow the system to do WPA- 
> Radius, it's all configured to go since I've got radius already  
> setup on the box. (And I must say, WPA-Radius is very, very cool -  
> I've implemented it on other systems!)
>
>
>
> Anyway, I'd rather leverage something that someone else built and  
> maintains than hand-tool a bunch of code myself. I think the  
> quality of code is better, is likely more secure, and gets better  
> scrutiny. When I must absolutely have something custom, then I'll  
> consider it. But I've seen too many places with gobs of bad code  
> that's not documented that the organization's come to rely on, and  
> they end up paying a boat-load of cash to keep it running because  
> they can't live without it...but it can't run on a new version of  
> the DB, or Perl, or something else. And upgrading it's out of the  
> question - it would be too expensive, and no-one knows what's going  
> to break etc...
>
>
>
> Snap-in radius protects me in the long term as things change in  
> WifiDog. Security isn't a issue that I have to worry about. If  
> Radius is found insecure, than a patch/upgrade for Radius fixes it.  
> Same with WiFiDog. WiFiDog DB changes won't impact me either.
>
>
>
> Plus I don't have to document for someone else how my custom  
> scripts work. Read the WiFiDog docs and Radius docs. I don't do  
> anything non-standard. (Just document the user move from Users to  
> Admin in the PGSql tables for admin access- but I'm going to add  
> that to the WiFiDog documentation myself anyway...)
>
>
>
> As long as WiFiDog supports Radius, I've got an in. (And I suspect  
> Radius support is just going to get better not worse!)
>
>
>
> Radius really is a pretty neat tool. Lots of stats if you want 'em  
> and such...
>
>
>
> I guess the basic reasoning is - I'd rather add to the public  
> commons and build and use the universal tools so everyone can  
> leverage the methods and effort of everyone else.
>
>
>
> -Greg
>
>
>
> >
>
> Hi Greg,
>
> I always wondered whats the real advantage of a RADIUS server.I too  
> have done a setup of wifidog captive system for a Hotel and i only  
> hacked into the local database and php codes to customize it for  
> the needs.
>
>
>
> Now as you use RADIUS whats the benefit that you get compared to  
> localhost authentication??
>
>
>
>
>
>
>
> Regards,
>
> Vinay
>
>
>
>
>
> On 10/26/06, listserv.traffic at sloop.net  
> <listserv.traffic at sloop.net> wrote:
>
>
>
> I had initially started working on a Chilli install, but abandoned  
> it. (Horribly unimpressed...)
>
>
>
> I don't care for the fact that DHCP, firewalling, routing etc, is  
> all built into Chilli. (At least that's what I understood - perhaps  
> I'm wrong.)
>
>
>
> I had quite a lot of trouble and the community there seemed dead. I  
> couldn't get replies to virtually anything, and their forum had  
> spam postings all over the place...
>
>
>
> Anyway, I heard rumor that Mac's had problems with the DHCP server  
> built into Chilli, and that's a serious problem for me. I can't be  
> baby sitting this thing all the time. So, having something that  
> just works, and uses as many standard linux apps as possible will  
> make life a lot easier I suspect. (Why recreate the wheel...and  
> all... And when something doesn't work right, which will get fixed  
> quicker, Chilli or the DHCP Daemon, or IPTables etc!)
>
>
>
> I've got WifiDog working mostly the way I want, though doing  
> modifications of the web-forms is a bit messy.
>
>
>
> Radius seems to work well! (Cheers to who ever did the radius thing!)
>
>
>
> Using PGAdmin3 allowed me to easily add the User ID to the "Admin"  
> table too, so that's fixed! [Getting an "Admin" equiv radius  
> login.] (Thanks Benoit!)
>
>
>
> I already had a few WRT54GL's sitting here for this project and I'm  
> loading Coova right now. (Man, that thing is really very, *very*  
> nice. I've never messed with OpenWRT, but Coova is just simply  
> slick, painless. Yay for the Coova folks.
>
>
>
> Anyway, other than some messy template edits, which I'll address  
> later - things are going quite well. (I'm in way too many hours to  
> recoup it all in fees, but I learned a lot, and frankly, I think  
> WifiDog is one of the best multi-purpose tools out there.  
> Unfortunately, multi-purpose tools tend to be fairly complex and  
> difficult to ramp up on...)
>
>
>
> Anyway - I must say, I'm impressed with the WD group here. The  
> documentation is thin, as it is on many GPL/Opensource projects,  
> but the list-serv is populated by a lot of you that want to help.  
> Thanks, a lot!!
>
>
>
> I'll do what I can to help on the documentation side - at least to  
> help someone duplicate what I've done and overcome some of the  
> issues I've encountered. (I've already edited the Wiki to help on  
> the PG security issue that many of us encounter.)
>
>
>
> Thanks again!
>
> -Greg
>
>
>
> >
>
> You may want to look at this tutorial.
>
> http://www.howtoforge.com/wifi_hotspot_setup
>
>
>
> It uses Radius + DD-WRT firmware with chillispot and user  
> management software called phpMyPrepaid. I tested this set during  
> summer and it might be a good solution for your need.
>
>
>
> ---
>
> V Patel
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
>
> WiFiDog mailing list
>
> WiFiDog at listes.ilesansfil.org
>
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
>
>
>
>
>
>
>
>
>
>
> -- 
>
> Best regards,
>
>  listserv                            mailto:listserv.traffic at sloop.net
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20061030/cf3e3744/attachment.htm

Plus d'informations sur la liste de diffusion WiFiDog