From owner-freebsd-isp Mon Jun 9 15:12:39 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id PAA17594 for isp-outgoing; Mon, 9 Jun 1997 15:12:39 -0700 (PDT) Received: from super-g.inch.com (super-g.com [204.178.32.161]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA17589 for ; Mon, 9 Jun 1997 15:12:31 -0700 (PDT) Received: from localhost (spork@localhost) by super-g.inch.com (8.8.5/8.6.9) with SMTP id SAA19383; Mon, 9 Jun 1997 18:21:38 GMT Date: Mon, 9 Jun 1997 18:21:38 +0000 (GMT) From: spork X-Sender: spork@super-g.inch.com To: Hetzels@aol.com cc: isp@freebsd.org Subject: RE: Can FreeBSD and Radius be used for a CyberCafe? In-Reply-To: <970609120101_-1228661554@emout04.mail.aol.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I think the point of confusion here lies in what you are calling a workstation. I assume for simplicity's sake you are using win95 machines or Macs at the cafe itself, correct? If so, you cannot hack win95 to let people "login" to the workstation for general access to the machine itself. You would be best served in a situation like this by setting up a small NT box that would act as a server for your win95 machines. It could require a login to access the machine and also keep people from adding/deleting things on the win95 workstations (people will play). To check their email, they would run Eudora, Exchange or whatever and use their Unix password to get mail. When they login from home, they could use the same password for dial-in access. Radius could be set up to authenticate them off the Unix PW file... People who have mail accounts but no dial-up access, could just be given a shell of /bin/false and Radius would not let them dial in, as it checks if the user has a valid shell... The difficulty here is in giving people workstation access. 95 is not terribly easy to work with, and all the "cybercafes" I've seen in NYC rely on a simple screensaver password to keep people off the workstation until they pay. Pretty cheezy, but that's what they do... The NT solution is more elegant, but takes some decent NT knowledge to set up. Charles On Mon, 9 Jun 1997 Hetzels@aol.com wrote: > Ok, Maybe I didn't make my self clear. > > The Livingston PM3 is to be used by my dial-up Customers only! Thus PAP/CHAP > authentication of CyberCafe customers can't be done from the PM3. > > At the CyberCafe, my customers would have an account for E-mail, and Internet > access. In order for the customer to access their E-mail, or the Internet > they would need a password to login into one of 10 workstations that is > directly connected to a 100MB/s LAN. > > How would I authenticate the customers as all 10 workstations will require a > password to access the Internet? RADIUS? > > I would like to use RADIUS, as I plan to purchase the URIBS billing system to > bill my dial-up & and possibile the CyberCafe customers. > > Thanks, > > Scot W. Hetzel >