Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Roman Kuznetsov2015-09-14 12:00:01
Computer networks
Roman Kuznetsov, 2015-09-14 12:00:01

How to properly organize public WiFi?

Good afternoon adherents of Habr-Toaster, network samurai and monks of the order of system administration!
There is a task! On the territory of honey. institutions need to organize public WiFi for patients.
To solve the problem, we have in stock:
Unifi AP with power converters - 6 pcs.
Windows 2k8 server - 1 pc.
HP 2530 POE switch - 1 pc.
guest Vlan organized on Cisco (management of which, however, is extremely limited) - 1 pc.
From all this, as follows from the topic of the question, it is necessary to organize a working and at the same time "kosher" from the point of view of the RKN (Roskomnadzor) access to the Internet.
Actually, the question is how to do it? When you try to "Yandexify" or "Google" this issue, links to all sorts of legal documents come up, of which, however, nothing is useful. How, after all, should a user log in to the system? Passport details? Or maybe a phone number? Duck, after all, nothing will prevent the user from entering the left number and entering the passport data of "Vasily Pupkin"! Moreover, which of these data should be kept and for how long?
And a slightly more technical question.
I see the situation like this:
On Vin2k8 we add one more setevka, we connect it to our guest Vlan'u, on the same server we raise RADIUS+IIS and what further? How to fasten the interface in the form in which we need it? With all the fields for passport data and other "credentials"? And what's more, how super-task! How to make it so that after entering all the data of interest to the RKN, our guest gets to the advertising page of the organization?
I would be extremely grateful both for links to readable manuals and examples of ready-made solutions, and for advice on how it should all look in the legal plane (just not links to laws and articles from them! This UG makes me sick and I want to sleep .. I'm afraid to repeat the feat of Jimi Hendrix).

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
A
athacker, 2015-09-14
@GoodPascher

On Windows, without harsh self-written crutches, you are unlikely to organize this. So some kind of Unix server is needed, or, at least, a virtual machine with Unix on Windows, where the guest VLAN and VLAN will be forwarded to access the Internet.
But in general, the scheme is quite simple - when a new user connects, he is given a page with an authorization requirement. The easiest way is to do authorization by phone number (since HZ how to check passport data :-)). The client enters his mobile phone number, and an SMS with a confirmation code is sent to the client. The client enters the code on the page and gets Internet access for N minutes.

Report
A
AntonMZ, 2015-09-14
@AntonMZ

Good afternoon.
There was an article on Habré that highlighted the problem with public access points, that they should all be with personal identification. Everywhere there is authorization by phone number, Mc or metro, as well as a large number of cafes. Any mobile phone number can be entered, but initially it is believed that each citizen has his own number, so this issue is not covered in the legislation. It is better to start with the question "What information will you collect?"
We chose the equipment ourselves. If by yourself, then why did you choose these particular models?

Report
V
Valentine, 2015-09-24
@ProFfeSsoRr

The controller at UniFi allows you to create a guest portal, that's actually through it and do SMS authorization, for example. The only drawbacks are that for this the controller itself must be connected to the Internet, and it will not work on the guest portal by IP, by domain name. Actually, the portal itself is already written as you wish, the documentation for UniFi says that the portal should inform the controller in case of successful authorization.

Report
A
Alejandro Esquire, 2015-09-14
@A1ejandro

Not on the case, but I want to speak. Personally, I organized public Wi-Fi for my neighbors at home, without these stupid rules.
I don't understand why people are so isolated from each other. After all, it’s enough for one to buy a router and make a shared Internet on the floor, chipping in at 100 rubles each ... People, let's be friends ;-)
This comrade Medvedev is the most important militant teapot, who is also trying to steer something. Domain names in Russian? Idiots! Translation of winter time - senile! WiFi restrictions - cattle!
And now on the case ... Recently I configured a router from Beeline, it has a public network - it itself requests the provider's authorization data. An interesting decision. Haven't come across before.

Similar questions
0
0xC0CAC01A2017-12-28 02:35:35
The most lightweight browser with HTML5 and JS support? 14Reply
D
distmemory2020-02-14 14:13:22
How to send part of requests through VPN? 2Reply
I
Ilya Rodionov2017-09-23 17:30:25
How can I access the local server from outside? 1Reply
E
Evgeny Petryaev2020-02-16 00:29:32
Why such a path of network devices? 1Reply
F
foundationick2017-09-25 11:07:30
The server is on localhost:port, the client is also on localhost:another port, send requests to the ip of the computer with the server and the client, from another computer on the local network? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question