[isf-wifidog] WISPr and RADIUS

wlan at mac.com wlan at mac.com
Jeu 10 Mai 07:51:01 EDT 2007


Hello,

I have been making some changes to improve the WISPr and RADIUS  
implementations in WifiDog. The changes, thus far, amount to the  
following highlights:

In the gateway:
- The gw_mac (gw mac address - linux only) and mac (client mac  
address) parameters are sent to the login page
- Added WISPr Proxy XML to the initial redirect content (with NextURL  
being that of the login/ page, plus some extra attributes)
- Added ability to do a gateway:port/wifidog/auth?token=...&logout=1  
request on the gateway to kick-off a logout locally
- Added argument to auth_server_request() for a 'reason' field used  
during logout
- Removed the HTML pages printed to HTTP redirects (never gets seen  
anyway, not only have WISPr XML added)

In the portal:
- In WISPr mode (login/index.php?wispr=1&...) the login script will  
do a login after selecting the network from the username (supporting  
prefix and postfix RADIUS realms standards)
- WISPr XML added for several stages in login/index.php (login, token  
redirect, logout, etc)
- Logout() / acctStop() get sent incoming/outgoing stats, as well as  
reason
- Support for RADIUS Calling/Called-Station-Id attributes in access  
and accounting requests
- Support for RADIUS Acct-In/Output-Gigawords attributes for rollover  
of the Acct-In/Output-Octets (where acct-in/output-packets is  
mistakenly being used -- wifidog does not know in/out packet counts)
- Based on the reason, more appropriately setting Acct-Terminate- 
Cause (user-request, idle-timeout, etc)
- Major changes to AuthenticatorRadius to better control attributes  
(added file classes/RADIUS.php to overload Auth/RADIUS.php functions)

In the database:
- Added fields for node_mac and session_id to connections table

The database changes are needed to store some data for the RADIUS  
session. The reason for session_id is because I wanted to include  
Acct-Session-Id in the RADIUS Access-Request (a common thing to do).  
So, this 'token' is generated before the actual authentication token  
and is instead used for Acct-Session-Id. Node mac address is used for  
Called-Station-Id where the existing user_mac is used for Calling- 
Station-Id. I do put the user_mac into the database during record  
insert now though... (still gets updated later too)

For WISPr testing, I have been using this handy tool: http:// 
ap.coova.org/wifi/
You go to the url from behind the hotspot - where coova.org must be  
in your walled garden. It is a self-signed applet because it needs to  
access URLs that are not in your walled garden - just like a smart- 
client - to pick up the WISPr XML. Source is found here: http:// 
dev.coova.org/svn/cjradius/java/applet/

To do:
- Take attributes from AccessAccept (session-timeout, bandwidth  
limits, etc) and configure wifidog appropriately.

When done, you will be able to use and roam with Coova AAA! ;)

Benoit, thanks for your help on IRC -- I'll see you there.

Cheers,

David
coova.org


Plus d'informations sur la liste de diffusion WiFiDog