I have a working set up using a hotspot gateway, wpa2 , freeradius and ldap. I need to set up host authentication instead of user authentication. I am using LAM to manage ldap and have added a couple host accounts, but I keep getting a login page from the hotspot.
I know you can do mac authentication on the hotspot, but I need to do it via ldap. What changes do I need to make on the hotspot when using mac authentication via freeradius and ldap, so I can eliminate the user login page?
That will trigger a login with a username and password of the MAC address of the machine. The local database won’t contain that username and password, so RADIUS is asked. RADIUS can then tie into LDAP to verify the MAC address, that’s outside the scope of this post.
You should probably also prepare an flogin.html (will be shown if login fails) to deal with machine authentications failing so that users can authenticate or can at least see an error message.
Of course for all that to happen you’ll still need to open a browser on the machine to trigger authentication. Well, technically any process that follows the “302 FOUND” status codes all the way through would do.
That gets me close to what I need. So, my preferred setup does not allow for a user to be authenticated unless they open a browser? I am just thinking about the novice user trying to gain access to network resources via a server login, etc…
To clarify, I am using radius with a hotspot gateway. All Aps use the gateway (port 1 goes to LAN, port 2 goes to APs), so I don’t have to configure radius on each device. (I can change that if necessary). I’m not clear from the link provided if I can configure radius without using a hotspot.
Just need a link to a good howto, if radius can be configured without a hotspot.