I'm looking for a way to set an external authentication server that will work on many/most wireless routers. Or , alternatively several ways that will work on different wireless routers. It needs to be done programmatically, meaning, that a computer connected to the router needs to be able to use some api maybe to do this.
I don't know if this is possible, I tried to find answers on Google, but with limited knowledge, I'm not sure that I'm even looking in the right place.
What I'm trying to achieve:
I'm trying to create an application that will allow people to open there WIFI so other people can borrow it.
The ide is:
To borrowed wifis:
Create an account with the application.
Log into the application. This app will, when you are logged in, automatically connect you to a wifi nearby that is shared. The share wifi will only be accessible if you have a valid username-password combo with the application
To share your wifi:
From the same application, you go into some menu and press "share this wifi", and somehow, I need this to configure the currently connected router to use the an external authentication server as well as the current WIFI key. So that, people can essentially use their the application username-password combo to log into this router.
Any help is appreciated.
Try google-ing for Radius Server , WPA(2) Enterprise , or 802.1x.
These keywords are very related.
To setup a radius authentication you need to have a router which supports wpa(2) enterprise and a radius server (probably google-able how to setup on windows/linux).
Programmatically connecting is possible, only a bit more difficult because it uses wpa(2) enterprise authentication.
If you could supply some more details i should be able to help you further.
Related
I'm building out an IoT solution for a client and the network admins are insisting that the devices only connect through the guest network, which has a captive portal with terms of service that must be accepted with a UI button press before gaining external internet access. Most IoT Solutions I've looked at so far (electric imp, Spark core) explicitly state that they cannot connect to a captive portal. I've seen other higher-level code for automatically interacting with a captive portal but I have not found a solution that allows an embedded wifi device (like the CC3000) to automatically accept terms on a captive portal.
Has anyone seen or built a custom wifi stack for something like the CC3000 that can recognize and interact with a captive portal? is there another embedded wifi solution (xbee wifi maybe?) that has had success in this area?
I wouldn't solve this problem in the stack. I would go for a high-level code executed automatically after connecting to the network. Some simple script for example which automatically "presses the UI button" for you. Depending on the design of that page this may be as simple as a single http-request.
Another solution (maybe): Depending on the Wifi-Modules you've chosen the MAC-Addresses of your devices are predicable. Maybe the network admins can add a rule to their config to allow these devices on their guest network without the need of that captive portal.
After considering all options, I believe we are going to go embed the behavour into the SparkCore firmware and insert a captive portal check in the wifi connection code.
spark_utilities.cpp line 807 (Internet_Test function)
https://github.com/spark/firmware/blob/master/src/spark_utilities.cpp#L807
I wrote a small application which needs access to Google API with OAuth2 and which is typically run on maybe a Raspberry Pie to reduce power consumption since it needs to run pretty much 24/7. The device my application runs on is typically connected a LAN at home.
The user controls the application using a web interface from a PC/Tablet/... in the same network. However the web application is reachable from the LAN only, it cannot (and should not for security reasons) be accessed over the Internet, because it hides behind a NAT and/or a firewall.
The documentation states that I have the following options:
Web server applications
This forces me to use a redirect URL which must be known in advance. Since my app is most likely accessed by a dynamic private IP address, there is no way I know the URL in advance.
Installed applications
Yes, that would work. I just need people to copy and paste the returned code into a web form of mine. However that is somewhat uncool.
Client-side (JavaScript) applications
This does not give me a refresh token which I totally need.
Applications on limited-input devices
Polling? Well... If it works... However it requires the user to match a code shown on the device with a code displayed in the webbrowser. If I use that I can just as well ask the user to copy&paste the code returned by the installed app mode.
As far as I can see the copy&paste the code with installed app is my best chance. Is it really? Or is there is possibility to get along without that bit?
I'm currently developing a simple multiplayer game app for Android and I need to have a server to which the users connect to.I'd like to set up this server at home. I have a dynamic IP address,so someone told me I'd have to set up a local DNS server or something like that. I'm not even sure where to start with setting up a DNS server, everything I found was for windows 2003 and linux. Nothing for XP? If any one can shed some light on this matter, explain a bit how setting a DNS works or supply a link with "setting up local DNS for dummies" I'd be grateful.
Also, besides setting up a DNS so I can find the server every time, how about the communication with it? I'd like for it to be as secure as possible. Another friend told me something about communicating via SSH, which is again something I am not accustomed to.
So if someone could explain some of these concepts or offer some GOOD link for that that would be great. I'm very confused :)
Thanks
EDIT
Btw, the server is in Java and currently i'm communicating from Android emulator to the server (which is localhost) via sockets.
That's not a simple thing you're trying to achive. First you have to create your own server on your machine (maybe you're done with this step), then you have to make this server available for everyone. At this point, I suggest the DynDNS service:
http://lifehacker.com/124804/geek-to-live--how-to-assign-a-domain-name-to-your-home-web-server
A local DNS by default help you to find your own servers by name instead of IP address, but if you have a usual internet service with dynamic IP, you need an external DNS provider to route your clients to your server. (read the link above for the full explanation)
About the SSH security: Yes, you will need some security settings indeed, but that could be a very hard problem sometimes. You can set your server to work with SSL sockets, which is a part of the core J2SE release. It will work against some sort of attack, but none against others. Running your own server will raise unexpected numbers of problems, prepare for that.
As already stated in the comment to your post, something like http://www.no-ip.com or http://www.dnsdynamic.org would solve the issue with your dynamic ip - You do not need a local DNS server.
With regards to communication, i believe that SSH is linux/unix only. Since you wish to use Windows for the server, FTP or Remote Desktop would be best. Choose FTP if all you want to do is manage your files, choose remote desktop if you wish to manage your entire computer. I've had good results with the FileZilla FTP server on windows (http://filezilla-project.org/)
With that said, i think you would be better off buying a simple and cheap hosted service instead of using your own computer - you can get something that can run your java app for $5/month some places, and compared with the annoyance of having a local server running in your house, it might be worth it.
I have a wireless access point where they have 50+ wireless client and the connection just blow up in sometime. I think it related to overload on hardware.
So is there anyway to simulate or something like that to test wireless access point in heavy connection from many client, So I can manage to see what configuration is best for it.
I don't know about any tool but you can restrict number of clients accessing your router from router web page. You can do some hit and trial and see how many clients can access without router getting blown up.
You can use TMnetSim to simulate delay and package loss.
I'm helping a typical small company that started with a couple of outsourced systems (google apps, svn/trac). added an internal jabber server (ejabber for mostly iChat clients). subscribes to a couple of webservices (e.g. highrisehq). and has a vpn service provided by a pfsense freebsd firewall.
And the net result of all this is that they're drowning in passwords and accounts.
It seems that if they had a single unified login / single signon service they could go a long way to combining these. E.g.: ldap as the master repository, radius linked to it for vpn, ejabber and even WPA2 wireless access, plugins for google app sign on, and perhaps an openid server for external websites like highrisehq.
It seems that all these tools exist separately, but does anyone know of a single box that combines them with a nice GUI and auto-updates? (e.g. like pfsense/m0n0wall for firewalls, freeNAS for storage). It doesn't have to be FOSS. A paid box would be fine too.
I figure this must exist. Microsoft's Active Directory is likely one solution but they'd rather avoid Windows if possible. There seem to be various "AAA" servers that ISPs use or for enterprise firewall/router management, but that doesn't seem quite right.
Any obvious solutions I'm missing? Thanks!
It's been over a year since you originaly asked the question, so I'm guessing you've solved your problem by now. But if someone else is interested in a possible solution I suggest the following:
First of all, I don't know of any "all in one" solution to your problem. However it's quite easy to combine three products that will solve all of your needs and provide a single source for User management and password storage.
The first thing to do is install an LDAP Directory to manage Users and Groups (and possibly other objects outside the scope of your question). This can be OpenLDAP, Apache DS, Microsoft Active Directory, etc. Basically any LDAP Server will do.
Second I recommend installing FreeRADIUS with the LDAP Directory configured as it's backend Service.
Third get a license of Atlassian Crowd. It provides OpenID and Google Apps authentication. Prices for up to 50 Users start at $10 and go all the way up to $8000 for an unlimited user license.
Installation and Configuration of the three is relatively easy. You'll probably put most work into creating your Users and Groups. You can install all three components on a single Server and end up with a box that allows you to authenticate pretty much everything from Desktop Login, over Google Apps and other Web Apps, down to VPN and even Switch, WiFi and Router Login.
Just make sure you configure your Roles and Groups wisely! Otherwise you might end up with some Sales Person being able to do administration on your Firewalls and Routers :-)
I would encourage anyone searching for this type of solution to check out the Gluu Server (http://gluu.org).
Each Gluu Server includes a SAML IDP for SAML SSO, an OpenID Connect Provider (OP) for OpenID Connect SSO, an UMA Policy Decision Point (PDP) for web access management, and a RADIUS and LDAP server.
All the components of the Gluu Server are open source (i.e. Shibboleth, OX, FreeRADIUS, OpenDJ, etc.), including the oxTrust web user interface for managing each component of the server.
For commercial implementations, Gluu will build, support, and monitor this stack of software on a clients VM.
You may not want to standardise passwords across so many apps (especially external ones), though for internal ones using an auth service like LDAP makes sense.
You could solve the issue of remembering passwords with an eSSO like Novell SecureLogin
Also you might be interested in Novell Access Manager and Novell Identity Manager
I too could use such a device, however the only one I could find was a (possibly outdated) data sheet from Infoblox. They seem to have since concentrated on automated network managment and I can't find the LDAP appliance on their current website. I guess building a linux box with the FOSS stuff mentioned above is what everyone does, but it would be great not to have power supplies, disks, fans etc. I suppose you could use something like an EEE PC and put the config on a flash card.
This is something I was looking for as well, and http://www.turnkeylinux.org/openldap looks like the solution: "appliance" installation, and it includes encrypted online backup which is easily restored to a new or replacement machine.