NoCatAuth Gateway Server Configuration
November 19, 2003
Servers with the RedHat 9 Linux-based operating systems can become wireless gateways suitable for offices or hotspots using this open-source authentication software. Here's how to get it up and running.
With the ever-increasing use of the Internet, everyone is scrambling to find a way to offer high quality Internet service that can cover more people with less expensive infrastructure. This is a problem shared by both commercial and grassroots Internet service providers (ISPs). Both are choosing wireless as the means to solve this problem.
After choosing the wireless route, one is left with a few options. One can either buy an expensive (often proprietary) vendor solution, or go with an open-source, standards-based solution that takes advantage of existing customer premise equipment (CPE). Unless you have large funds to pull from, the second option is the way to go.
Due to the large amount of 802.11b devices already in the customer's hands, the choice was obvious as to people's preferred access method. On the other hand, 802.11b does not offer much in terms of securely identifying users and allocating them the proper resources. Using the built-in security features of 802.11b, one encounters numerous access and authentication configuration issues that can confuse your less technical customers. After searching for a solution that could enable secure identification of users and easy resource allocation, we discovered NoCatAuth.
NoCatAuth is a centralized authentication system that makes shared wireless Internet services possible. It is Perl-based, open-source and fairly easy to implement. You can find the nightly code build and more information on the working group Web page. The contributors to NoCat.net are the folks who have collectively created NoCatAuth, so please give them the credit they deserve. The group also welcomes improvement on the source-code.NoCatAuth can be used on a variety of wireless Internet service deployments. The creators in Sonoma County, Calif., are using it for their free grassroots wireless Internet service project. You can get on their mailing list to learn more of the operational issues involved in running a community wireless network. The software can also be used for public venue Wi-Fi hotspots. Wherever there is wireless Internet service involved, one could probably make use of NoCatAuth as a simpler way to authenticate and allocate resources to users.
The NoCatAuth system is composed of a gateway server(s), authentication server, and an access point(s). A gateway server is a Linux router that is connected to an access point and issues IP addresses, throttles bandwidth, permits access to other networks, and times out old logins. An Authentication server is a Linux server that acts as a central authority by looking up a user's credentials in a MySQL database, notifying the gateway server of a user's status, and authorizing further access. It is the combination of the gateway and authentication servers that make NoCatAuth so user friendly yet secure and manageable.
When a user attempts access on a Web page, a captive portal redirects them to a page that instructs them to enter a login and password. After correctly identifying themselves, a user is allowed access for a leased amount of time.
Our NoCat Experience
We have been experimenting with NoCatAuth in our lab to determine its feasibility for our proposed grassroots wireless Internet access service in Raleigh, N.C. It will be a community based wireless Internet service using 802.11b. Given the location and layout of the neighborhood, various users will be chosen as gateways while the others are clients. After hashing through hours of debugging, we have a working gateway and authentication server. We have yet to deploy the network because we are still drumming up user support and working with the homeowners association for this pilot project.
For simplicity sake, we suggest that you run NoCatAuth on a system running RedHat 9.x. If you don't have RedHat 9.x you will have to go hunting for some files and programs that enable NoCatAuth to operate. If you are not using RedHat 9.x, a list of the extra files you need can be found at here inside the .tar file of the latest nightly build. After expanding the tarball you will find the setup documentation for the gateway server in a file called 'Install' and the setup documentation for the auth server under '/doc/AuthService.txt'. The extra files required are listed in these documents.
During our installation and testing we found some of the instructions accompanying the nightly build for NoCatAuth can be quite vague. It took many hours on the phone with knowledgeable NoCat folks to find out what was missing -- thus this tutorial. Please refer to the documentation under "/doc" inside the NoCatAuth nightly build tarball for more information, especially if you are running something other than RedHat 9.x.