Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: BertMul on March 08, 2006, 03:35:31 PM
-
I would like to use SME server as a hospitality system for a WIRED network, but I have no idea how to get this done (I'm a Linux newby).
What do I mean with hospitality system?
The SME server connects to the internet (ADSL) and serves as gateway for the internal network.
The web server is used to provide local information to users (guests) on the internal network.
When people come in to the guest room, they can connect their laptop in the wired network.
The guest machine will then get an IP address from DHCP in the SME server.
Initially, all internet access is blocked, and when the web browser is started, it should allways be redirected to a welcome page on the SME server.
On this welcome page, there should be links to (internal) web pages, and a login form.
The guest can login (with a user account that is supplied by the reception), and once validated he should have full access to the internet, not just browsing the web, but also things like VPN to his employers network, etc.
Can this be done with SME server? And if so, how should I proceed?
I hope this can be done.
I just installed SME 7.0 pre 4 on a DELL GX150, and this works like a charm.
But how to proceed to get it to work like described above? :pint:
-
I don't know if anybody have done it on SME, m0n0wall does it "out of the box"
http://m0n0.ch/wall
-
Well, I will have a look at that then.
-
Hotspot is the name, we use http://www.mikrotik.com for that!
-
Boris,
I just had a look at m0n0wall, and it does exactly what I want.
I have just one problem with it.
It only allows me to upload one page for loggin-on, together with some images etc., all to a total of 256k (has to fit in the XML file)
It also does not allow me to upload any other files that can be displayed when a user is not validated.
It would be nice if this captive portal functionality could be built into SME server, because that would at allow me to host a couple of MB's of other web pages, that a user would be able to visit without validation.
I guess I still have to figure-out a way to get this in SME.
-
I think that "internet cafe" software will do what you are looking for. I have found several to choose from on sourceforge. Take a look and let me know how they work out for you:
http://sourceforge.net/search/?type_of_search=soft&exact=1&forum_id=0&group_id=0&atid=0&words=internet+cafe&Search=Search
-
maybe useful this distro for making captive portal with wireless and wired clients:
http://pfsense.org/index.php?id=26
-
Censornet (http://www.censornet.com/)
-
I think that you may need some additional hardware or routeing, because you don't necessarily want users from each of the rooms being able to see each other's machines. One could be hacking into another, and guess who would get the blame...
-- JJ
-
I have a friend who is currently using SME for his guests, works well apart from customers who have fixed IP addreses on their machines. Now I know their are commercial products (Hardware) that allow any fixed ip connection and passes it through. Problem is that most are sales people and getting them to reconfigure their IP to DHCP is out of the question.
Is there a software solution like that? ie as cheap as possible?
Regards Drift.
-
Boris,
I just had a look at m0n0wall, and it does exactly what I want.
I have just one problem with it.
It only allows me to upload one page for loggin-on, together with some images etc., all to a total of 256k (has to fit in the XML file)
It also does not allow me to upload any other files that can be displayed when a user is not validated.
It would be nice if this captive portal functionality could be built into SME server, because that would at allow me to host a couple of MB's of other web pages, that a user would be able to visit without validation.
I guess I still have to figure-out a way to get this in SME.
Monowall and SME in server only mode work very well together. I just looked at the captive portal page. It has an option to redirect users to another url after authentication. You could place links on the authentication page to internal pages. There is a radius option which offers accounting. I understand SME now includes a radius server.
-
I realise this comes a bit late to this thread, but for those interested I am in the process of developing a contrib for SME that allows hotpot management using SME's built-in version of FreeRADIUS.
So far it looks to be sucessful but a working copy is still a few weeks away.
-
Nocatauth was ported to sme although this was a pain to get working correctly, Not sure if this is still current or if its been left but just thought It may help someone doing new project.
-
I realise this comes a bit late to this thread, but for those interested I am in the process of developing a contrib for SME that allows hotpot management using SME's built-in version of FreeRADIUS.
So far it looks to be sucessful but a working copy is still a few weeks away.
Count me in with any tests/help needed!
-
NZLamb,
I'm interested.
Actually I was looking into integrating the phpMyPrepaid.
FreeRadius needs to use the database for it's aurhorization.
(http://topup.ie/phpBB2/viewforum.php?f=5&)
But since the builtin FreeRadius is being used by pptp server
a separate instance must be started to use this.
Ed
-
@NZLamb
I sure many are eagerly awaiting your efforts.
How would something like this work? (Please explain in simple terms.)
How does sme/FreeRADIUS differ from IPCop, Mikrotik, Nocatauth implementations?
What do you see as the best way to implement wireless security?
Is there anything that resembles Cisco's Clean Access?
-
Actually what I'm making is specifically designed to work in conjunction with a Mikrotik hotspot as a friendly front-end. Those all-in-one hotspot boxes from D-Link and the like are incredibly expensive and riddled with stupid security vulnerabilites.
Mikrotik produce a 'user manager' package which works well and is quite cool, but only allows a very limited number of users unless you upgrade to a higher level (and more expensive) RouterOS licence. It's also terribly documented and would be a pain to set up for anyone not familiar with the technology.
Heaps of other hotspots I have seen also rely on a RADIUS-powered authentication and accounting system in order to work so I see no reason why this idea won't work with other hotspots.
Sadly there seems to be no decent, free, easy-to-use web-based manager for such hotspots so thought it was about time to have a crack at making one. :) I guess there's no reason why this couldn't be adapted into a nice web-based IEEE 802.1x manager for SME as well, but it all depends on how interested others are and how much free time I get. :(