Hi all.

I was wondering if there is any way to authenticate wireless users on a WRT54G with WPA and do radius accounting. Is there a package that provides this functionality? I've mannaged to get the WPA working with my radius server, but I don't see any accounting messages. I assume radius accounting is not implemented since where using the same nas binary from the linksys firmware.

I've seen chillispot, but it seems that it requires an additional webserver for authentication.

I really want those accounting messages. I there a way? Any advice would be appreciated.

Thanks.
Avatar

Recently someone succeeded in using this kind of authentication and potentially make accounting with chillispot.
Read this topic :

http://www.openwrt.org/forum/viewtopic.php?id=1690

Packages you need are : chillispot, freeradius, nas and maybe wl

Thanks for your reply.

I was acctually hoping not to use a web server at all, not even if its embedded in the wrt54g. I want to use 802.1x/Peap for authentication. So all I need is a nas that is capable of accounting.

Cheers
Avatar

Ah yes ok. I think that nas is not accounting capable, but maybe writing a C program handling accounting information can do it ? In fact I don't think it is easy or efficient; but why not try.

I wouldn't mind trying, but would I have to rewrite an implementation of the nas binary or is there a way that I could plugin to the nas binary to find out when new users authenticated,etc.

If I'm going to write my own "nas", what exactly does the "nas" tool do. Which standard would I follow (WPA2,802.1x) ? I'm guessing that I'd be able to handle coding the different encryption types (Tkip,Aes) in such a program, but not sure how to communicate with the Linksys wrt54g hardware. Any suggested reading?

Regards
Avatar

can't we use hostap for the accounting...
or can we send other input to the accounting server (username or ip or mac)
are there other accounting clients we can use to replace the closed source nas pakage from linksys ?

dunno, send the syslog to a radius server ?
or let the accountinf part be done by another service..

i know this is an old thread, but there's still no way to figure out
who is using the AP's from server side, without logging in the AP.

there must be a way..... there alway's is (:

By using chillispot as a proxy for your nas RADIUS authentication, it will provide you with accounting for the wpa session. You do not have to run a captive portal at all, in fact chillispot proper does not currently allow for a captive portal under WPA - it assumes all users are subscribers - but it does do the DHCP and provide RADIUS accounting..

It is also possible to provide guest access using WPA and captive portal, but this requires the coova patched chillispot. You can find the 'nas' program and coova chilli working together in the CoovaAP firmware..

(Last edited by david on 4 Oct 2006, 09:12)

Anyone have any luck trying to find a solution for this problem ?

Hi,

I also managed to get WPA2 enterprise to work with my radius server to do Authentication, but I searched everwhere to see if there is any firmware/plugin or something to get my NAS (WRT54GL) to send accounting messages to my radius server, but couldn´t find a solution.
Anyone could solve this??
Any help would be greatly aprecciated.

TITO