AuthPuppy

1 MAC per user

Asked by Aymen

Hello,

Thanks to gbastien in the wifidog mailing list, I could know about authpuppy and its capabilities... Really awesome, well done guys!

Anyway, I needed this auth server for implementing an extra functionality to the captive portal. I need to manage users so their accounts will expire within a specified amount of time, and I don't want users to exchange their logins... So 1 MAC address per user account.

The problem is although I know that Authpuppy is the authentication server, I don't really figure out the modification I'll make should go with the gateway part (wifidog) or the Auth server (Authpuppy).

Here's the scenario: When the user provides correct logins for the first time, his MAC address will be recorded for further authentications.

And for expiry, it won't be a matter as I could make a thread that will check for expired account and deletes them from DB.

I would be pleased if you could explain to me the mechanism of the authentication in a captive portal, wifidog will ask for confirmation from auth server? What will it provide and what does it expect as a response.

Thank you!

Question information

Language:
English Edit question
Status:
Answered
For:
AuthPuppy Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
gbastien (gbastien02) said : 		#1

What you need would be implemented on the auth server part. The gateway just contacts the auth server and must remain as simple as possible.

For your setting, I would suggest using the apAuthLocalUserPlugin for user registration. They can either self-create their accounts or the accounts can be created by an administrator.

As for the one mac/one account functionnality, you could write a very simple plugin that has a hook with the following event: connection.status_verification (see events you can connect to at url http://www.authpuppy.org/doc/Events) This event is triggered when the connection has been initiated, the MAC is available and the user is redirected to the portal page just after thta. You can check if this user already has a connection for his account and if so, check the MAC. So the user may have one minute of internet with this scheme, but will be disconnected soon enough.

To get him some explanations, you may use the node.gw_message, and optionally the portalpage.request event to display whatever message you need to.

For some examples of using these events, see the apConnectionPoliciesPlugin that uses them all. It may also be useful to you to expire the users after a given time ;-)

For more information on the gateway/server protocol, see the following pages in the wifidog wiki:
http://dev.wifidog.org/wiki/doc/developer/FlowDiagram
http://dev.wifidog.org/wiki/doc/developer/WiFiDogProtocol_V1

And if you make this plugin feel free to commit it, it may be useful to someone else!

Revision history for this message
Alan Robertson (ninewellsdoctorsmess) said : 		#2

Hi

I was wondering if any progress had been made by OP with respect to this functionality?

We've got it set up to allow users to set up new accounts (limited to email addresses within one domain), but ideally would like them to just reconnect easily when they come back in range of the WiFi signal - from what I understand above this can't be wholly automatic, but could at least be just a simple 'click to connect' that passes the MAC address through. Perhaps have that as the default and if it is an unrecognised MAC then it prompts the user to either login or create a new account??

Cheers

Alan

Can you help with this problem?

Provide an answer of your own, or ask Aymen for more information if necessary.

To post a message you must log in.