I need a Wifi Authentication Setup

I want to setup a FreeRADIUS server with a customised captive portal. whenever the users are connected to any WiFi access points inside the network, it should ask them to login with a username and password and also device restriction needed (i.e. MAC Binding) only the legitimate devices should be allowed. And also need suggestion for best content filter, it should block unnecessary ads/websites/words and also it should restrict the downloads based on file types.

Thanks in advance.
Karthick

@Karthick_rishi

I am sorry I can’t help you out here, as I really don’t have much idea about FreeRadius, but you should try freeradius doc at:

http://freeradius.org/doc/

I hope this will help you out in setting FreeRADIUS…

This is quite an interesting question you are bringing. Even though I am not able to provide an extended guide for achieving such setup, I would recommend you to check the FreeRadius wiki howto’s at:

http://wiki.freeradius.org/guide/HOWTO

Instead of setting up all at once, break the entire task to a smaller task. For example - setup the server. Next enter the MAC addresses that should be allowed to access the server and authenticate:

http://wiki.freeradius.org/guide/Basic-configuration-HOWTO#Define-a-User-and-Password
http://wiki.freeradius.org/guide/Mac-Auth

Finally you can limit the downloads, ads website etc. This might be a bit harder as you will need to know the source of the ads and websites. I like null routing those or simply placing a rule like this in hosts file:

127.0.0.1 www.spamwebsite.com spamwebsite.com

That way spamwebsite.com will resolve to localhost and will fail to load. Not sure if this example would be relevant here though.

@Karthick_rishi

Do you have any hardware firewall ? if have

Kindly configure the free RADIUS users in it, and enable the DHCP server in the hardware firewall,

and configure the RADIUS credentials and load the users the firewall.

And enable the Captival portal in the same, the user will redirect to the capital portal when they hit the browser.

Be mindful of

  • DHCP Server
  • MAC BINDING (load from DHCP leases)
  • Radius users to the H/W firewall
  • First create test user in the RADIUS, after that try everything.