Q: I'm helping a local Catholic women's college set up a wireless network. We want the network to have authentication login, much like when traveling at airports. Anyone with a wireless device can get a connection, but all access to network would be closed until they were authenticated. Our thought is that certain NIC addresses would be stored in a database. According to this database, they could be allowed immediate access or no access. If not allowed, they would need to open a browser window and sign up for access. Once the form is filled, they would be given access.

It is important to be able to suspend certain machines from having access (it could be done manually, but it would be nice if there were rules that detected viruses and could block the laptops). What software is used in airports and other public places to do automated login/sign-up? - Steven S.

The Wizards gaze deeply into their crystal ball and respond:

Seth Goldhammer, Roving Planet

You could do this using the MAC address of the NIC, but that leaves you susceptible to MAC spoofing.   We've been working with airports for a number of years delivering software for security and management.  From my experience, a better alternative is to have a database of usernames and passwords.  There are a handful of products, both commercial and open source, that provide gateway functionality, blocking users with a captive portal where they can provide login credentials to get further access.  Open source projects worth looking at are Squid and NoCatAuth. 

User accounts can be stored in a local database, but for growth you should look at directory type products such as the different LDAP services or Microsoft's Active Directory.  If you ever believe you may move beyond Web authentication for stronger authentication types such as 802.1x, you could also store accounts in a RADIUS server.

It sounds like you also want to look for a captive portal that allows users to self-register. This simply lets new users create an account, and lets you collect pertinent information about that user. On the portal, look for products that let you automatically set a secure token that is transparent to the user, so users can skip this process the next time they return to the site.