[isf-wifidog] Ok, the real message: RADIUS, MySQL, Postgres, reimplementations & the Sherbrooke meeting and other things

wlanmac wlan at mac.com
Mer 27 Mai 13:39:22 EDT 2009


I don't see how adding users via RADIUS is even relevant. It's not like
the WiFiDog "http AAA protocol" does that... so why would RADIUS need
to? 

Anyways, Marc took the conversation to the RADIUS extreme (which is
fine :), but the diagram I gave was a possible way to benefit from
RADIUS based NAS devices while still maintaining the "http AAA protocol"
by creating a RADIUS/WiFiDog-HTTP-AAA proxy. If the proxy were "native"
to the router, you'd have the same situation as now (HTTP coming out of
the router to website for provisioning). But, it also opens the doors
for pure RADIUS provisioned networks to be worked into WiFiDog by
placing this proxy out of the AP and next to WiFiDog (or in a setup with
FreeRADIUS as a proxy).

Here it is again:

AP/NAS/Proxy ---> <wifidog> ---> WiFiDog Portal (to support old-school
sites)

AP/NAS ---> <RADIUS> ---> Proxy/WiFiDog Portal (to support standard
access controllers)

AP/NAS ---> <RADIUS> ---> <FreeRADIUS/SuperProxy> ---> Multiple WiFiDog
Portals based on Realm (the future)

Though, it seems any mention of RADIUS is complete blasphemy in these
parts... :)

David


On Wed, 2009-05-27 at 13:01 -0400, Marc Blanchet wrote:
> Benoit Grégoire a écrit :
> >> All (well, just about) RADIUS servers allow adding users through plugins,
> >> or direct manipulation of their backend data store. However, as far as I
> >> know standard RADIUS extension to allow creating a user in a RADIUS server
> >> using only the RADIUS protocol.
> > 
> > 
> > ^ Oups, that sentence wasn't clear, I meant to say as far as I know
> > there aren't any such standardized extensions. Marc?
> 
> some vendors have done extensions for this, but I'm not sure that this
> feature (adding new users) would be appropriate directly through RADIUS
> in the community wifi free selfsubscribing scenarios.
> 
> Because adding a new user involves UI: i.e. ask a password, maybe
> redirect to https to secure the password, maybe check with javascript
> the strength of the password, maybe ask a captcha to remove the
> spammers, maybe the userid is already defined, therefore ask user to
> define a new id, maybe have a way to provide email of a new password
> when you forgot it, etc... Therefore, to me, adding a new user is made
> using standard http scripting. The script would most likely write into
> the RADIUS backend DB, it might also use the RADIUS extensions. would
> have to be looked at what is the most appropriate solution.
> 
> Marc.
> 
> > 
> > 
> > -- 
> > Benoit Grégoire
> > 
> > 
> > ------------------------------------------------------------------------
> > 
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> 
> 



Plus d'informations sur la liste de diffusion WiFiDog