I'm working in a high school and I'd like to put in place a public Wi-Fi network with a captive portal that asks for authentication but also keeps track of user information, like the amount of data transferred (to spot those who do excessive downloading).
I already have a wireless network covering almost the entire school (6 WRT54G V5 and V8 running DD-WRT Micro). This is accessed by school owned laptops that are used by students. My Wi-Fi network is secured with WPA2 and the key is only used for school laptops. I have never given the wireless key to students for obvious reasons like bandwidth abuse, but teachers have it. No student ever succeeded to key the key, so this is perfect...
What I want to do is to put public AP's in specific zones of the school to allow students with their own laptops to have controlled Internet access with user and password.
I've investigated many software solutions. One has retained my attention for a while. It was ZoneCD, but then I saw that It wasn't free anymore since March 2009. That was exactly what I was searching for, they were using WiFiDog as Auth core. That was the perfect solution. This is not expensive to buy (175$ US for a year with complete features) but I guess my boss will be happier if it could be done for free.
Running a dedicated server only for that isn't an issue for me.
I also came across RADIUS, was good but doesn't have accounting features I want to have.
So to conclude, I'd like to build something where students will be able to register an account for themselves, and then be forced to use it to have Internet access. And as WRT54G V1 to V4 (able to run DDWRT Standard and allow WiFiDog gateway to be install) are very rare these days, the access point I might buy to build this public network with could be anything, but this is unfortunate. So I really need a server solution that will achieve what I want.
Well... I wrote a lot of the WifiDog gateway code so I might be able to help you ;-).
If you can't run WifiDog on the access point itself, you can run the gateway software on a (Linux) machine that acts as router for the network. In fact the same machine can also run the authentication server part.
Also, basically any Access Point supported by dd-wrt can support WifiDog although you might have to cross-compile your own binary.
I am assuming that you want the access point to be open to anyone, but it blocked all traffic until the user tries to open a web page and is redirected to a login page that authenticates against AD or LDAP before allowing access to the network.
If so you may want to look into an Astaro gateway. You can download an iso to install it on a test box and take a look at it. I have used it on my home network to manage access to local resources from the wifi. At home once you have connected to my open wifi you have no access to anything on the network, if you open a web page it redirects to the login page. If you enter guest credentials you have full internet access, but no access to my NAS or other shares. If you enter credentials that authenticate against a little LDAP instance I have running, you get access to local resources. Otherwise the only thing you can access with the network it the login page.
Try pfSense. It is open source, and can run well on standard low-power PC hardware. The Captive Portal functionality is pretty much what you need around authentication.
Check out Vyatta. It's an open source replacement for Cisco Level switching/networking which should have all the features you needs for a complete solution.
Here's a HowTo article on setting up a wifi hotspot.
Finally I've got a 30 days trial from PublicIP with ZoneCD and We'll definitly go for this solution. My boss is willing to pay the 175$ a year for the service after I showed and explain him what this solution can bring to us.
I want to thank you all for you answer, they'll surely be useful for someone else I hope!
WiFi Dog derivated win ;)
Have a look at this other question on ServerFault asking about simple wifi authentication