Wireless hotspot

UniqueID · 26 Apr 2010 at 18:59

Hi,
Im running out of ideas and i know you guys are a smart bunch so looking for some help.
i need to create a wireless hotspot for about 100-150 clients and i am having trouble on thinking up of a solution.
there are wireless WLAN controllers you can get for this type of thing but the thing is, my client wants it so there is only one user/password per day that they need to write on a whiteboard, so everyone can connect.
I've tried out a zyxel Wlan controller and they only allow 8 concurrent connections for one single username/password connection on the device itself, and zyxel told me for anything else i should go for a RADIUS server.
now the problem is why buy a zyxel device if i can just have a radius server instead?
well the problem with radius is that i cant change the password everyday. it would need to be scripted and that takes time, an engineer and money.
do any of you have experiance of RADIUS and know of a solution that can change user/password everyday automagically?

iaind · 26 Apr 2010 at 19:05

www.meraki.com

Controller based wifi, but the controller is cloud hosted, they do a lot of good stuff around hotspots.

Do you need a password? You can configure a spash page to display T&Cs, ask for a name or username and password. Supports RADIUS for AD integration too - either for WPA Enterprise authentication or splash page authentication.

Assuming if someone is writing the password on a whiteboard, it's going to be a manual process anyway - so just get that person to sign into the controller web page and change it.

Alternatively, write a vbscript to change an AD account password to a random combination and email it to the person who will be writing it on the board

UniqueID · 26 Apr 2010 at 19:25

meraki looks good but they are based in the US and it requires a subscription which would probably be an instant no from my client.
the internet access and the wireless points are already in place but it just lacks a authentication page. i'm thinking about just setting up an IIS server asking for an auth, but again.. requires scripting on users which i have not the foggest idea how to do, and would not attempt with the security of 150 users at stake.
On the one hand i understand why my client wants to do this, just so if theres a conference theres no interruptions, but on the other its inherently insecure.
they'll be no charging for the wireless internet service so buying a zyxel controller is going to be a bad investment, and a bad sale for me as they cost a lot.
im thinking of a hosted radius server but i'd rather just have a piece of software do it on their hosted enviroment then pay someone else to host a server and manage it.

iaind · 26 Apr 2010 at 19:40

vbscript will do what you want in AD - google is your friend

Set objUser = GetObject _
("LDAP://cn=GuidoT,ou=Worcester,dc=cp,dc=com")
objUser.ChangePassword "gU1d0*!", "ant0n10#!"

When I want a vbscript, I just copy and paste from other scripts to make what I want.

Script could do something like....

-Declare variables
-Read old password from a text file (Google "vbscript parse text file") and set as oldpassword variable
-Generate new password (Google "vbscript random password generator") and set newpassword variable
-Use above function to set the new password
-Save new password to text file for next run
-Email password to specified address (Google "vbscript send email")

Voila! Run it as a scheduled task on a server and you're sorted.

You'll never learn if you dont jump in at the deep end

dave-lew99 · 26 Apr 2010 at 19:59

iaind said:
You'll never learn if you dont jump in at the deep end

Providing you don't drown...but then...that's half the fun!

UniqueID · 26 Apr 2010 at 20:23

I do admire your confidence in my scripting skills, but i unfortunatly do not. once i jump in the deep end, i probably wont be able to swim out of it as the client will sue me if anything goes wrong.
i've found this http://www.mikrotik.com/software.html which might be a good option.
any more ideas greatly apprieciated.

UniqueID · 26 Apr 2010 at 20:31

i'm also trying the vb scribt, keeping my options open..

iaind · 26 Apr 2010 at 20:37

I'm still not sure why you need any authentication when you're providing public access...

UniqueID · 26 Apr 2010 at 20:44

its the new regulations that state that every wifi hotspot should have a disclaimer on p2p use and to stop the client getting cut off or sued, and they also want to provide 'security' by having the password changed everyday.

dave-lew99 · 26 Apr 2010 at 21:34

UniqueID said:
its the new regulations that state that every wifi hotspot should have a disclaimer on p2p use and to stop the client getting cut off or sued, and they also want to provide 'security' by having the password changed everyday.

If that's the reason then i'd put some pretty severe filtering and firewalling on it, disclaimers or not, P2P shouldn't even be possible.

#Chri5# · 26 Apr 2010 at 21:42

My thoughts...

A SonicWall TZ or NSA appliance can manage a number of APs (depends on model). You can run Wireless Guest Services on the guest WiFi (Virtual APs are supported so you can have multiple SSIDs from one AP). The guest services can re-direct all new users on the WiFi to a web page (ie the disclaimer) - I've got this working and it works well.

The appliance can also run IPS, which can be set to block P2P traffic eg BitTorrent. You can also content filter to block pr0n etc.

Rather than username/password, the central AP management would allow somebody to change the WPA key as required. No RADIUS type worries then.