Home / server / Questions / 165209
Accepted
adopilot
Asked: 2010-07-30 02:06:46 +0800 CST

How to pragmatically control acces to Wi-Fi network

  • 772

Considering this scenario,
At coffee bar you order the drink and get bill for that,
On bill there is key for Wi-Fi network which is going to be valid for next X hours.

I want to try realize something like that. Where to start looking,

Does PfSense have that in box ?
Should I left wireless network open and do authorization on internal site for allowing go users to go out ?
I am confused How I can pull or generate KEY pragmatically by C# (.NET) (that is language I know).

security wifi access-point

2 Answers

  1. Best Answer

    What you're interested in is WPA2-Enterprise:

    There are two versions of WPA2 - WPA2-Personal, and WPA2-Enterprise:
    - WPA2-Personal protects unauthorized network access by utilizing a set-up password.
    - WPA2-Enterprise verifies network users through a server.

    You need to have the WIFI router with appropriate WPA-Enterprise support, a server which will host the user database, and software that will iteract with that database.

    • 3

  2. I've built a hotspot for the site here which is used in a similar way, user gets ticket, ticket has username and password which is valid for a few hours.

    Here I've used RADIUS as the authentication backend, so usernames are programmatically added to and removed from the RADIUS user database (which can be LDAP, an RDB, flat file).

    As you suggest, I've used PfSense as it has a built in captive portal which can authenticate against RADIUS as a standard feature. Using the captive portal means the wireless can be open so it's easy to connect to, but you can still control access.

    Edit: Process here is:

    • Staff generate ticket via webpage (PHP)
    • Webserver inserts users into LDAP (PHP+OpenLDAP)
    • User logs into captive portal (PfSense+FreeRADIUS)
    • RADIUS authenticates the user against LDAP (OpenLDAP+FreeRADIUS)
    • 3