I am working (volunteering) with a small non profit that currently has 7 desktop computers and 4 laptops. I am facing a new problem and not sure how to proceed.
This non profit has a number of guest users/visitors, which would like to connect to the wifi network to be able to get internet access, but they dont want an "open" wifi access point. They want user level authentication.
Here are the basic requirements:
- Each user would be given a user name (preferably there email) and password
- The secretary of the organization can easily add or remove users to the list; this is to facilitate guest users as they arrive and level.
- Employees dont have to login to the system, they are automatically logged in.
I know how to create a secure system that uses certificates to auto login the employees, but what system do people recommend to manage guest access to the wifi network? With the critical point being the user management has to be drop dead simple!
Pfsense will do that for you. The feature in pfsense is called Captive Portal for your guests. The user list is either managed via a Radius server or a local database (makes it really simple to setup). For employees, you just have to enter the MAC of their PC and they won't be prompted for username/password.
This indeed does require you to install a server but pfsense can really fit on any hardware.
try EasyHotspot , its support voucher system, user level, bandwidth limit, etc .. and its opensource
or if you want to try the hosted solution service, means that you dont have to install your own system, you can try easyhotspot-nano.com. its also free
I've recently started using wifidog.
I'm leaving the wifi open for ease of use, but then wifidog blocks them at the gateway and they have to supple credentials to proceed.
I'd recommend NoCat, which provides both authenticated and guest access (with splash screen / click through agreement). You do need a server (other than the AP) to host the web page and perform the authentication.
If you happen to have an AP that can run DD-WRT, there's a pre-configured set of rules and redirects that make it trivial to configure the wifi side, once you have the NoCat server set up.
~J
Update: Seems NoCatAuth was deprecated some time ago (though it's still downloadable), in favor of simply a splash / click through agreement, so it probably doesn't provide the authentication you're looking for.
Most controller-based enterprise WLAN products include some kind of guest user feature. You set up a special SSID for guests to use, and then there's a simple interface you can use to create new guest user accounts (or you can create one shared new one each week/month that you give to guests when they visit). No separate server is required, but a WLAN controller is. But that may be too much expense for a small nonprofit.
The crux of the problem is this: how are you actually going to separate guest traffic from employee traffic? Once you solve that, you can figure out how to configure your wireless network gear to put users in the right place.
The latest Apple Airport makes it easy to make a separate guest network that requires a different shared password for guests. Or you could try using DD-WRT and a cheap additional AP to provide dedicated guest access.
www.fon.com ... this inexpensive wireless router has two APs. A public and a private.