On 2/27/2010 7:02 AM, Lee Sharp wrote:
> Frederic J. Breitwieser wrote:
>>>> Note that this only works if they do http traffic first. Go to a
>>>> secure website (https) first, it they will not authenticate. You
>>>> might consider allowed IP addresses, and static DHCP assignments.
>> For lack of a better idea, my portal.html in my m0n0wall uses an HTTP
>> redirect to a server that's one IP address away, bringing the
>> not-authenticated user to a "pay now" screen, and various fields to
>> enter to
>> collect dollars. Upon paying, which I can handle through my bank's API
>> "kit", I need to somehow tell m0n0wall to let them through -
>> preferably MAC
>> address as that would always match the device if they get
>> disconnected and
>> immediately reconnect.
> Cutting the rest... Wow! Rube Goldburg comes to mine. :) Why not
> just put your payment system in "Allowed IP addresses, and a link to
> that payment system on your login page? The login in page would be,
> "Login Here, or pay for an account Here." At the end of buying an
> account, you go back to http://gateway-address:8000 and use that new
> login. It then authenticates against the radius database and works
> for however long you define.
> All the parts are there, and you don't need to reinvent this mac stuff.
I've run into problems with a hotel that provides both Ethernet and
Wireless connections.. If you pay on the Ethernet, it's based on your
MAC address. So when you go to use the wireless your asked to pay again.
I would only base it on MAC address's if you were 100% sure u would only
have one connection medium.
Login would be the best way IMO