[isf-wifidog] WISPr and RADIUS
wlan at mac.com
wlan at mac.com
Jeu 10 Mai 07:51:01 EDT 2007
Hello,
I have been making some changes to improve the WISPr and RADIUS
implementations in WifiDog. The changes, thus far, amount to the
following highlights:
In the gateway:
- The gw_mac (gw mac address - linux only) and mac (client mac
address) parameters are sent to the login page
- Added WISPr Proxy XML to the initial redirect content (with NextURL
being that of the login/ page, plus some extra attributes)
- Added ability to do a gateway:port/wifidog/auth?token=...&logout=1
request on the gateway to kick-off a logout locally
- Added argument to auth_server_request() for a 'reason' field used
during logout
- Removed the HTML pages printed to HTTP redirects (never gets seen
anyway, not only have WISPr XML added)
In the portal:
- In WISPr mode (login/index.php?wispr=1&...) the login script will
do a login after selecting the network from the username (supporting
prefix and postfix RADIUS realms standards)
- WISPr XML added for several stages in login/index.php (login, token
redirect, logout, etc)
- Logout() / acctStop() get sent incoming/outgoing stats, as well as
reason
- Support for RADIUS Calling/Called-Station-Id attributes in access
and accounting requests
- Support for RADIUS Acct-In/Output-Gigawords attributes for rollover
of the Acct-In/Output-Octets (where acct-in/output-packets is
mistakenly being used -- wifidog does not know in/out packet counts)
- Based on the reason, more appropriately setting Acct-Terminate-
Cause (user-request, idle-timeout, etc)
- Major changes to AuthenticatorRadius to better control attributes
(added file classes/RADIUS.php to overload Auth/RADIUS.php functions)
In the database:
- Added fields for node_mac and session_id to connections table
The database changes are needed to store some data for the RADIUS
session. The reason for session_id is because I wanted to include
Acct-Session-Id in the RADIUS Access-Request (a common thing to do).
So, this 'token' is generated before the actual authentication token
and is instead used for Acct-Session-Id. Node mac address is used for
Called-Station-Id where the existing user_mac is used for Calling-
Station-Id. I do put the user_mac into the database during record
insert now though... (still gets updated later too)
For WISPr testing, I have been using this handy tool: http://
ap.coova.org/wifi/
You go to the url from behind the hotspot - where coova.org must be
in your walled garden. It is a self-signed applet because it needs to
access URLs that are not in your walled garden - just like a smart-
client - to pick up the WISPr XML. Source is found here: http://
dev.coova.org/svn/cjradius/java/applet/
To do:
- Take attributes from AccessAccept (session-timeout, bandwidth
limits, etc) and configure wifidog appropriately.
When done, you will be able to use and roam with Coova AAA! ;)
Benoit, thanks for your help on IRC -- I'll see you there.
Cheers,
David
coova.org
Plus d'informations sur la liste de diffusion WiFiDog