Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiGeek
New Contributor

Hotspot usage through FortiAPs

First apologies if I' m in the wrong place.. I looked at User/Authentication but hardly anyone goes there I have a well established customer with a 110C and 12 FortiAPs. They have a cafe that is using Antamedia software in a Hotspot environment on a separate PC, they wish to incorporate the FortiAPs.. Explained that Antamedia uses ambiguous access points and that the FortiAP require encryption. I did however try to forward to the Antimedia with no success. Does anyone know of a fairly inexpensive (as they are a charity) way to achieve this? Not worried about using WPA login first just needs to be simple ticketing and times out.. advice greatly appreciated, Thank you
4 REPLIES 4
Kess
New Contributor

I hope that i understood your problem. I achieved this in a school with freeradius and the Fortigate captive portal. You just need an admin web interface that permits you to configure your freeradius users with their expiration. In that way, the secretary gives access to the students or to the various external teachers to a part of the school network (in order to use printers or to access the internet). If this is not your problem, please disregard this post.
FortiGeek
New Contributor

Sorry Kess, thought I had replied to this the other day but must not of posted.. Thank you for your reply and yes this is the issue. I had thought of using Freeradius but thought this would be used with the SSID choice of WPA-Enterprise then choose the Radius.. Not sure how Freeraius ties in using the Captive Portal as it points back to User Group input.. regards, Bill
Kess
New Contributor

That' s my working config on my FG on the interested section.
 config user radius
     edit " Radius Server" 
         set all-usergroup enable
         set auth-type ms_chap_v2
         set nas-ip 192.168.0.254
         set secret ENC MyEncPass
         set server " 192.168.0.152" 
     next
 end
 
 config user group
     edit " Radius Server" 
             set member " Radius Server" 
     next
 end
 
 config wireless-controller vap
     edit " W-Guests" 
         set vdom " root" 
         set max-clients 5
         set ssid " Guests Access" 
         set security captive-portal
         set portal-message-override-group " captive_portal_W-Guests" 
         set selected-usergroups " Radius Server" 
         set intra-vap-privacy enable
     next
 end
 
Not sure how Freeraius ties in using the Captive Portal as it points back to User Group input..
You' re right... just create a usergroup containing your radius definition :-) For everything regarding freeradius it' s a little bit more complicated. You have to integrate it with MySQL and then install a php web management system for freeradius in order to generate your temporary users/passwords and time slots. I' ve developed myself my web application because the customer needed something really simple... print a ticket with user/pass with time slots for today, 2 days, 1 week, 2 weeks, 1 month with no billing cycles and just with First/Last Name, Address, e-mail and cell phone... If you also need the freeradius config, it would take me some time in order to extract it for you... Hope it helps. P.S: just for you to know, it took 4 hours of work in order to accomplish that (web application excluded)... so not too much :)
FortiGeek
New Contributor

Fantastic! Thank you for that Kess, helps me allot. appreciate the effort you put in.
Labels
Top Kudoed Authors