Ask Slashdot: Setting Up a Wireless Catch-and-Release

First time accepted submitter SSG Booraem writes "I'm on the IT committee at my church. We've recently added wireless access points to our Family Life Center, but the committee chair isn't comfortable with allowing unrestricted access to our network. We host a lot of guests during the week for Upwards basketball practices and on Saturdays for games, so we want to restrict internet access to the Sunday school classes held in that building. Unfortunately, neither he, nor I, know anything about setting up a wireless catch-and-release like in hotels. If anyone could point me at good documentation, I would be very grateful."

Not sure I understand the point here

[Shadow of Eternity]

You're trying to set up one of those hotel style "Welcome to our network give us all your money to see the internet" pages to let only your sunday school students reach the internet? Or are you trying to block the guests off your network complete? Since this is tagged as wireless why not just use WPA2 and set up your students, classes, or whatever with access?

Not sure what the point of one of those hotel pages is here.

a simple policy for a simple situation...

[demerson3]

At my church we have a pretty simple policy: the network is protected with WPA2 encryption, it has an easy-to-remember password, and we give it to everyone who needs it. Make sure staff knows not to tell the password to your basketball guests, etc. We change the password about once a year, and let the new password spread organically. It works pretty well. People in the congregation ask each other for the password (or more likely, ask someone whom they know is on the tech-savvy side) and so those who need it are able to get back on. Another thing that you can do is give the network an essid name like "Sunday School Only" -- that will make your guests less likely to try to gain access, and also the Sunday School patrons will know that they should feel free to ask for the password.

Home Brew Captive Portal With OpenBSD

[petval]

Hi, latest BSD mag 1/12 has this article Home Brew Captive Portal With OpenBSD [bsdmag.org]:
Have you ever used a public wireless network that has a splash screen such that you have to agree to certain terms before going to the Internet? The author of this article will show you step by step how to build one of those using OpenBSD’s Packet Filter (pf).

Christianity

[Anonymous Coward]

Wasn't this all about sharing?

Biblical pass code

[petes_PoV]

Just make the pass phrase a biblical quote. Change it each week and you kill 2 birds. How likely is it that the basketball players will have a bible handy AND your religious classes will have an incentive to read it to find the reference.

Re:Just turn it off

[Anonymous Coward]

Seems like I'm going to have to remove /. from my daily reading list if this "logic" is considered Informative.

You won't be missed.

GP is exactly right. Turning off "SSID broadcasts" is counterproductive. It sort of does hide your network from someone who doesn't know it's there and doesn't use any wireless LAN sniffing software, but it does not hide it from someone who knows the SSID. Consequently SSID hiding is particularly braindead in a situation where the AP will broadcast the SSID at least part time. But that's not all: SSID hiding will also require clients to actively look for the network, all the time. This means they will continuously waste energy broadcasting probe requests with the hidden SSID even if they're nowhere near that network, and by doing that they'll also disclose the SSID everywhere and identify the client as one with access to that network. Taking great care of your sheep there, shepherd.