Built in Radius Server?

Built in Radius Server?

Radius server on a CPE or Server?

We were thinking of including radius Client support in our APs, however demand will play a role in how quick it is implemented.

Server would probably be the better choice. I haven't read up on hardware / performance of the different Radius packages out there. I don't know if a TT or Soekris would be able to handle it?

Server would probably be the better choice. I haven't read up on hardware / performance of the different Radius packages out there. I don't know if a TT or Soekris would be able to handle it?

The Server would require a good backend database (SQL for instance), so it would more suite a Server enviroment.

We havn't done much research into the various options yet.

Thanks

In after thought, it would probably be better to leave Radius out. To many things to go wrong. To many things to debug / trouble shoot.

Count one vote for Radius client support on AP.

Grant
EA Media

Demand for this feature will play a large role in it's development. It is on our list, but no ETAs yet.

Thanks

Count in another vote for Radius client support on AP.

I know that TT's software now has a Radius client in its firmware. If you were to package a generic radius server I don't so how incompatability would be an issue. I think it would help some WISPs keep out people who don't pay for the connection ;)

I'm struggling to fulfill the requirements of a foreign Telco that wants to do a major wireless deployment, one that will require hundreds of cells
to be set-up in the next three months.

The sticking point is provisioning. They will be delivering small slices of bandwidth to a large number of clients, so some sort of authitication mechanism needs to be implemented that can handle the task without creating an impossible workload.

We will need some sort of mac layer security, that can handle around 50,000 accounts eventually. If we do this per-radio, an impossibly huge amount of management would be needed... a centralized radius server would be better.... that or the filter table in each radio needs to support 50,000 entries.

It's a tall order, and it needs to be done last week. All of the negotiations are done, they want a final proposal for the hardware so they can start testing.

I know that a radius client is low on the feature list... is there some amount of money that could change the priority of this feature? I'm not rich, but it would be nice not to no-bid this one after having done so much work securing their interest.

Thanks!
George

If radius is not possible, how large of a mac layer filter list is possible?

If radius is not possible, how large of a mac layer filter list is possible?

Radius authentication support is planned for a future release.

Our ACL table holds 256 MAC addresses per card.

StarOS looks like a solid product for our needs, however the lack of a raduis (or radius like) authentication has us waiting to see where things go.

This is a priority for us.

We are in the business of providing connectivity. Our wireless expansion is limited only by the tools we are using. A release date for Raduis authentication would be quite a nice thing for us to know.

So -- chalk another one up for Radius support!

Without saying too much - we are just finishing a really neat authentication add-on. We do not have the rights to distribute the finished work, but we do have some expertise. If you wish to discuss "some amount of money" then that discussion should be private.

Give me a call.

Chalk another one up for Radius Client support! Just like some people, I'm still waiting for that add-on.

I have not loaded the latest version yet, but will Star-os now authenticate against any radius server?

Thx.
gt

Currently StarOS can only contact the HotSpotzz server. We are talking with the guys about a general purpose addon that will allow StarOS customers to enable HotSpotzz but not use the billing and thus not get charged for the use of their system.

If they provide our users with free hotspot service are you guys willing to let roaming HotSpotzz customers use your system for free? They might be willing to provide free to you if that is reciprocated. It helps them build a base and you get a system going easily and quickly.

Actually, lets separate out the business models from the tech discussion for a moment. (Because my use for this at the moment does not include hotspots). Would it be possible to have a "nocat" like radius based authentication for every client attached to an access point? It would also be nice to exclude some clients from authentication.

Thanks
GT

Nocat is a good system and we will look at it.

More RADIUS ...

http://www.itconsult2000.com/

These guys seem to have a neat little product they developed themselves. Its DOS based but they have an API and, I would guess if you ask, the source that can be recompiled onto Linux.

Am I right in thinking that with a STAROS only network, ie. with AP's and Soekris clients only, with all versions having client functionality and AP's having server functionality we could lock the whole thing down without having to worry about any config on the client side of the Soekris?

Locked down?, from the authentication pov, yes. The login would occur via an https connection so it would not be sniffable, even if the mac address is.

The next step is to have everyone pptp or ipsec into a box sitting right behind the base station and before the wired internet. (I have that part done).

The http://www.itconsult2000.com/ stuff is expensive, which brings them in line with the Funk Software and other commercial radius servers. I've been using freeRadius and MySQL as an authentication device for my vpn (www.hotSpotVpn.com). While there is no support and there is a nasty steep poorly documented learning curve populated by short tempered arogant non comunicative developers, the price is right....

From the user's pov, their box authenticates them as a user on the system, and then they double click on an icon to get their pptp going. You can then forget about WEP.

gt

Ignorance being bliss, my assumption is this:

If the network ONLY contains staros routers or AP's (ie. a 'client' can only connect through a staros device, normally a soekris or such like) there is no way for a hacker to get on to the wireless network as his device won't be authenticated. Only authenticated devices could participate on the network.

Well, it is hard to say never for a hacker, but they would have to sniff out a valid mac address, a valid IP, and a valid login and match the three. It would not be a trivial undertaking, but not impossible.

gt

Another vote for Radius! It would be nice to have an authentication (Radius like) method on Star OS for authenticating users locally and keeping the database locally. If that is not possible, Radius client would be really nice. Thanks for the hard work.

Radius is definitely coming.

Any support for 802.1x auth via RADIUS in those plans?

I may not have this right. I believe that 802.1x clients send their auth requests via an AP that then does the RADIUS client connection to a real RADIUS server for auth. If that's the case I guess that would mean Star-OS would need a Radius client and an 802.1x add-on as separate components.

Regards,
-felipe

I am building a list of people that know radius and PPPoE for some beta testing. We will not be providing any education, so this is ONLY for guys who know the stuff, and preferably are already using it.

Hit me privately please.