Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Wireless Networking Security The Almighty Buck Hardware

IAS/RADIUS Implementation in a Coffee Shop? 63

noyler asks: "I've been asked to decide on the best way for metering a 'free' wireless network at a local coffee shop. Here's the scenario: currently, local college students come to the coffee shop, grab a cup of coffee, and then spread out like it's a study hall for 6 to 10 hours at a time and use the free internet. The coffee shop loves this, but it's getting really crowded for the other customers that just come in for some coffee and have nowhere to sit. The management wants to implement a system that, upon buying a drink, grants a time-limited connection for that customer of 3 or 4 hours. If the customer wants more access, another drink will need to be purchased. The store network is a simple cable modem with wireless access point attached right now. After implementation, customers should be prompted for a username/password (which can come from his or her receipt) and then have access to the 'net. One limitation is that the customers should not have to install any third-party software to use it--no window for software corruption liability that way. The customer base is mostly Windows with an ever-growing number of Mac users as well. What are some good ideas for doing this? I've considered RADIUS, or some kind of portal software, but don't see any clear answers. Any suggestions for software to use?? The coffee shop is very low budget, so cheap hardware and free software would be best!"
This discussion has been archived. No new comments can be posted.

IAS/RADIUS Implementation in a Coffee Shop?

Comments Filter:
  • Print out a randomized WEP key on the receipt, and somehow automate it to be good for only 3 hours.

    • The WEP key is the same for the whole wireless network, though, which means that if you change it 3 hours after one person's purchase, it might only be 5 minutes since someone else's purchase.
  • Hook up each computer to a bicycle-powered generator. After 3 or 4 hours, they'll need to buy another coffee just to keep them awake.

    Easy peasy.
  • Why not just hire the Annoying Coffee Shop Guy from MTV's Boiling Point.
  • by _LORAX_ ( 4790 ) on Wednesday March 16, 2005 @10:57AM (#11953622) Homepage
    Simply have the manager remind the students that the free networking is supported by thier continued purchasing. Simply changing the mindset is a whole lot better than trying to screw with a psudeo-login-tracking system. It also allows the managers to target just those that are a problem rather than inconviencing everyone.

    • You're talking about students here. They do not care about your little business problems.

      What you need to do is have 'connectivity problems' when the place gets very crowded. When a geek complains, say: 'dude, we would upgrade the system, but we have no money allocated because people just come here to sit all day and suck our bandwidth witout buying drinks'.

      That, or or put a little sign on a tabletent: two hours per drink maximum. Most of them will get the point and leave. Those that don't, you turn upp t
    • by fm6 ( 162816 ) on Wednesday March 16, 2005 @12:51PM (#11955156) Homepage Journal
      I'm sure they've thought of that. Students monopolizing table space was an issue for coffee shops long before there were wireless access points. Having store employees play table proctor is not a good way to build a reputation as a student-friendly zone.
  • by jsimon12 ( 207119 ) on Wednesday March 16, 2005 @10:59AM (#11953633) Homepage
    This would certainly be a cheap solution:
    http://www.hackinthebox.org/article.php?sid=15607 [hackinthebox.org]
  • I'm pretty sure (Score:5, Informative)

    by SLot ( 82781 ) on Wednesday March 16, 2005 @11:02AM (#11953669) Homepage Journal
    NoCatNet will do what you need it to.

    NoCat [nocat.net]
  • ZyXEL ZyAIR B-4000 (Score:5, Informative)

    by nuxx ( 10153 ) on Wednesday March 16, 2005 @11:12AM (#11953772) Homepage
    I suggest looking at the ZyXEL ZyAIR B-4000 [zyxel.com]. It's an access point / receipt printer that is commonly used for selling access. The user gets a receipt, logs into a website, and is granted access for X period of time. You could make it so that when someone buys coffee, they get a receipt good for four hours. Or for $X they can get all day access... It's all up to you. Either way, it's trivial to use. The clerk just presses one of three preconfigured buttons on the receipt printer, the receipt with the access code is created, and everything else happens automagically.
    • by EvilMagnus ( 32878 ) on Wednesday March 16, 2005 @11:42AM (#11954143)
      Wow. I was thinking about a system like this a few weeks ago, and it looks like the ZyAIR does exactly what I'd want it to do. And for around $500, which is a pretty good investment for a coffee shop.

      (no, I don't work for ZyAIR. :) I'm just interested in captive portals )
      • Yeah, I agree... And ZyXEL makes really good products. Sure, it's only .b, but who cares? They are likely sharing a DSL or cable connection anyway. And with the lack of need for training of clerks minimal infrastructure, it's a great idea.

        Personally I'd just throw some signs up around the store saying "Ask For Four Hours Free Internet Access with Purchase" (since four hours is more than anyone can really argue with) and then have some print that says that 24 hours of access is available for... Say... $5.

        I
    • i think this is exactly what the poster needed. i was going to suggest some sort of homebrew system like this, but it would probably take way too much time/difficulty to set up. nice.
  • by mogrify ( 828588 ) on Wednesday March 16, 2005 @11:19AM (#11953869) Homepage
    Replace all your electrical outlets with blank faceplates. Once the battery's out, the user's got to go somewhere else. Should be about 3-4 hours or so....
    • by aquarian ( 134728 )
      I've been to a few places that do this already. One doesn't actually block the (plentiful) plugs, but their official policy is battery only. Signs are posted saying so. It's OK to plug in to save and shutdown if your battery runs out. The other places simply have no plugs available.
    • Score funny? What for? Looks pretty insightful to me.
  • Pretty simple really. The store management generates a set of userid / password cards good for the time period that they want (1 hour, 2 hours, etc).

    When you buy a cup of coffee, you can get a free card. If the worker sees your laptop, he or she can give it to you automatically, or you can ask.

    Then customers who connect wirelessly can use the the username / password combination to get online. When their time is up, they will be disconnected and will need to get a new username and password combination.
  • by Masa ( 74401 ) on Wednesday March 16, 2005 @11:25AM (#11953954) Journal
    Set up few bar tables for laptop users, so they have to stand up while using the wireless access. Just state clearly that chairs are reserved only for customers with beverages.
    • That says, "We don't want you using our shop as a study hall, period." If they were going to do that, they might as well not provide any network access. They're obviously trying to be more student-friendly than that.
  • by ZosX ( 517789 ) <zosxavius.gmail@com> on Wednesday March 16, 2005 @11:26AM (#11953960) Homepage
    This idea is so asinine and restrictive that I can almost guarantee that it will fail miserably as well as probably upset a great deal of the existing customer base. Case in point: I frequent a coffee shop here in Pittsburgh constantly. The Beehive offers free wireless access as well as has around 8-9 computers with all sorts of multiplayer games installed, as well as DVD drives (you can watch movies), and believe it or not, cable access. A number of the computers have tuner cards built in. The money they get from the PCs more than covers the costs of their relatively low upkeep, upgrades, and of course the DSL, which seems to be basic SDSL at maybe.....1.5mps? They are the only coffee shop in the area to offer free internet, and of course people come and congregate based on this fact. The most comparable coffee shop that offers internet would be the Quiet Storm, and it costs roughly $20/month to $10 for a few hours or something (maybe the day). Of course, Starbucks has T-Mobile hotspots that are completely locked down, but I won't get into THAT. Don't charge by the hour. By imposing a fixed cost for a fixed period of time (1 coffee = 3 hours or whatever) people will feel like they are being charged for internet usage. No coffee, no internet. If your crowd is a mostly college crowd, it is understandable that many of them are rather poor and cannot afford $10 in coffee a day. I'm sure that a sizable percentage of your customers comes by just to hang out and sees a coffee or two as the cost of admission. This is the appeal of coffee shops, right? The more friends people have with them, the more paying customers you have. If you have a problem with a large group that does not buy enough to use up your entire space, they need to be kindly, and politely I might add, informed about the simple economics of running a coffee shop. I'm sure the owner pays rent or a mortgage, taxes and obviously, employees. Also, you should look at supplementing the costs of the free net with some rental computers or something that people can use out of convenience, like a CD burner and a printer. Sometimes it is incredibly convenient to be working on a project and have such things available without having to go to kinkos, especially in a college environment. Just think about this differently at least. Anything so restrictive is sure to raise complaints and decrease the overall satisfaction of your customers. $100/month is totally worth it to spend, especially when your customers are buying freaking $2-3 coffees. If you implement a system like this, it is going to take time and money to deploy and test, depending on your setup, which I'm guessing isn't probably all that sophisticated. The problem is really the people that are just using the space. Those are customers you can certainly afford to lose and the best way is ultimately to politely ask them to leave if they are finished with their drinks so that paying customers can use their space. Every bar and coffee shop (the successful ones at least) I've been to will certainly follow some similar policy. I drive a taxi and I clearly wouldn't let someone ride around without giving me some cash. I expect any other sensible businessman to do the same.
    • Those would all be good and valid points if they actually related to the problem posted.
      From the article: it's getting really crowded for the other customers that just come in for some coffee and have nowhere to sit
      I'm sure the shop would love to do things exactly the way you describe if they only had room to!

      (Nice post though, even if was completely off-topic - you should be in sales! :)
    • This idea is so asinine and restrictive that I can almost guarantee that it will fail miserably as well as probably upset a great deal of the existing customer base.

      Are you kidding me? Perhaps if we didn't have people that assumed they had some kind of right or privilege to take up a chair all day using someone else's bandwidth and are rude enough that they can't fork out $3 every FOUR HOURS then there wouldn't be a problem to begin with? That's cheap compared to normal hourly rates some places charge! No
  • Public IP / Zone CD (Score:5, Informative)

    by therubberduckie ( 628264 ) on Wednesday March 16, 2005 @11:32AM (#11954034) Journal
    By far the greatest setup for this is http://www.publicip.net/ [publicip.net]. It will actually allow users to login and you can set how long each user is allowed to use the wifi. The developer is very active in the forums and personally answers almost all questions. Here is a list of the features. Check it out, I have used it in the past and been nothing but impressed!
    • Customize ZoneCD login pages
    • Choose to use a branded template
    • Create multiple zones from same login
    • Zones can be Public, Shared or Private
    • Separate permissions for your Zone logins.
    • Configure web registration
    • User authentication and management
    • Homepage redirection
    • Daily time limits per user
    • Daily download limits
    • Zone open and close times
    • Block by mac address
    • Configure user permissions(Classes)
    • Customize firewall rules for each Class
    • Content Filtering (block porn, downloads, etc.)
    • Daily Log Mailer program
    • Block traffic to *wired* network
    • Branded "Terms of Use" template or use your own
    • Usage statistics
    • Multilingual login pages
    • End-User reporting
  • m0n0wall or NoCat (Score:4, Informative)

    by derinax ( 93566 ) on Wednesday March 16, 2005 @11:50AM (#11954257)
    I successfully implemented a RADIUS-based captive portal on m0n0wall recently. It's a very solid (and free) solution, made more robust by having a separate machine for RADIUS and isc-dhcpd. FreeRADIUS is quite easy to manage, we just used a flat-file for auth. You can also use an SQL server if you need it.

    http://www.m0n0.ch/wall

    I stuck it on a Dell SFF. Incredibly robust. No downtime in a week (the entire project duration) for over 500 users.

    M0n0wall is very easy to use and manage, NoCat had me wiped out trying to configure it. The main stumbler was that active development is only progressing on NoCatSplash, which AFAIK still doesn't do authentication, and NoCat doesn't intuitively run on BSD, tied as it is to Linux' firewall.

    And as a BSD user, I was more drawn to m0n0wall anyhow.
    • Briefly looking over the M0n0wall website, it appears to be just a firewall rather than a wireless hotspot solution. Did I miss a feature or did you fail to post all of the configuration modifications that you had to make in order to turn M0n0wall and FreeRADIUS into a captive portal?

      I'm not trying to be offensive but, how is M0n0wall better than the likes of ZoneCD [publicip.net] or NoCat Auth [nocat.net]? I understand that 'you' found NoCat complicated as compared to M0n0wall but, is that an accurate assessment or is it simply you
      • m0n0wall has a captive portal built in AND can interface with radius. but I dont believe it is the solution for the Ask Slashdot
      • m0n0wall has a built-in captive portal, which you can easily see by glancing at the feature list or perusing the screenshots on their website.

        1. ZoneCD requires an external management site-- you need to either require your users to register themselves, or you must submit usernames and passwords to a third party. You can run your own management site if you are willing to tolerate the requirements to do so. This was unacceptable to us, we wanted to manage the database ourselves using RADIUS.

        2. NoCat Aut
  • While it might be a bit expensive, BlueSocket is what is used at Virginia Tech for its wireless network. Students log in with their student ID and password and it records the MAC address. After 15 minutes of inactivity, the MAC address is dropped from the usage table and the use has to log back in again. I'm sure it could be modified to do other things, too.
    • You could go one further than BlueSocket (Which requires client-side software installs and the OP didn't want to do that). I think BlueSocket is poo. They use it at my uni as well. IT farked up my Windows install and didn't work real well (read: at all) with Linux.

      Just set up a PPTP server (VPN) and have username/passwords randomly added to the chap-secrets list with a timestamp in a comment for each one. Just configure a cron job every 10 minutes or so to remove old timestamped entries and kick off th
  • by JofCoRe ( 315438 ) on Wednesday March 16, 2005 @11:58AM (#11954384) Journal
    These "Vantage Service Gateway" appliances that Zyxel sells are pretty neat, but not exactly cheap: vsg-1200 @ buy.com [buy.com].

    They have some quirks, as we're still playing around w/the one we have.. Like they seem to break VPN for example. They do a weird rewrite of DNS that screws up people trying to check their email via outlook over a VPN... But if you don't need VPN from behind then, they seem to do the job.

    Transparently controls access to the internet, no configuration on the user's machine is needed. It intercepts any web traffic and makes the user login, as you were mentioning. You can set up user accounts locally on the VSG, or use a RADIUS server. You can control access time and bandwidth limits based on users and billing profiles that you set up on the box. The web interface seems a little "clunky" to me... think it was written in a different country and translated based on the wording of some of the error messages :)
  • I agree with others: A verbal reminder is the best. If it's a technological solution, us-types (Slashdotters, that is) will naturally try to get around it - we treat it as a challenge. The first thing that came to my mind was just picking up a discarded receipt from one of the 98% of customers who don't use wireless.
    • So, you only give out the passwords to those who request to use the service. Please show your receipt if you forgot to ask when you bought something.
      • Please. All it takes is one person who forwards everyone's traffic through their machine, through your network, to foil the techno-solution.
  • Nomadix is probably the leader in this space. Their products are good, fast, and relatively cheap considering the functionality and low maintenance requirements. For small sites there is the wireless gateway and for larger ones (up to 200 concurrent users) there is the HotSpot gateway. You can review the products and feature list here [nomadix.com]

    Someone else mentioned ZoneCd [publicip.net] from publicip, which we looked into, but my client decided that a support contract was more in-line with their operational model. However

  • Couldn't you set up the access point so that it only allows access from a certain area of the coffee shop? Not sure how big this place is but if it is big enough to delegate only half or a fourth of the tables/seating to people wanting to use the internet this might work. You know, use foil or something to block the WIFI from going into the area of the shop you want to allow for people just there to drink some coffee so that people sitting there won't get a wireless signal at all. Then mark one area as t
  • I live in Riga, Latvia. Paid public WiFi access is available in many places such as "Double Coffee", "Coffee Nation", "Statoil", "Lido" etc. etc. Wireless service is provided by Lattelekom. Coffee shop customers can buy prepaid cards with username and password for Lattelkom Radius server. Alternatively, login/pass can be obtained by SMS. Coffee and Internet access can be purchased together or separately. When there are no more free seats waitress will ask WiFi-only customers to leave.

    http://www.lattelekom.
  • Coffee shops (Score:3, Informative)

    by QuantumG ( 50515 ) <qg@biodome.org> on Wednesday March 16, 2005 @06:11PM (#11959287) Homepage Journal
    Friends of mine used to run a coffee shop. You were given 10 minutes to sit at a table without a drink. Then someone would come collect your cup and ask "would you like another?" You were, of course, permitted to say no. You were then given another 10 minutes, and someone would again come to the table and ask "can I get you anything?" Again, you're permitted to say no. 10 more minutes and the waiter would return to the table and state "I'm sorry, if I can't get you anything I'm going to have to ask you to leave." And that got rid of the lurkers.
    • Yeah, that'll go over really well next to a college campus. I don't know about where you live, but there's something insane like at least 4 cafes along the street across from the university here, plus 3 ON the campus, including one in the library, where you get free wireless anyways, so the competition for customers gets pretty heated here. Not to mention that the majority of the management are college students, so they're pretty cool about stuff.
  • I agree that verbal warnings would be a bad solution. I've had exepriences at coffeeshops where the manager came out every hour to check the timestamp on everyone's receipts. If it was more than an hour old, you had to buy something or leave. Lets just say that this practice didn't bolster a sense of respect for the establisment.

    I think some obvious, well placed signage reminding people that they should support the cafe appropriate to the time spent would be the best solution. That way, you don't have to b

  • **DISCLAIMER ON**
    I've seen this question in different forms before. I know there has to be something out there indexed on freshmeat that will handle it, but I have yet to see it done the way I would do it. And the idea is only in my head, I haven't yet the chance to play with an actual implementation so I may be mispeaking Linuxes capabilities or how specifically to go about this.
    **DISCLAIMER OFF**

    The way I would look at doing it would be a simple cheap linux box with a WiFi card and a LAN Card. You can tu
  • Do it for me.. I built a prepay wireless gateway that works on a simple system of assigning a unique number to authenticate a connection - extra work was required to properly meter only 'external' bandwidth, and some minor mods required to disconnect users when their paid-for time expired (though this feature is in chillispot now).

    I ran this on an X-Box with a USB wireless adapter, and it would work quite happily on any IP based network setup.

  • Just remove all of the publicly accessible power outlets. That'll limit them to the charge they have on their laptop batteries. Of course, it's still something only an asshole would do.
  • I read about ZyXEL devices some time ago. Go to www.zyxel.com and look for a ZyAIR G-4100.

    This device comes with a printer and all you have to do is push a button to print authentication info for the users.

    http://www.zyxel.com/product/model.php?indexcate=1 103876296&indexcate1=1085450343&indexFlagvalue=102 1876859

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...