OpengateMreg - MAC address registration system

Summary

• This is a system to check and register the MAC address of a terminal connected to the gateway.
• The administrator operates it mainly in front of an user and his/her terminal.
• It the device has Web browser, you can select another registration system 'opengatemown' where the user can register terminals by oneself without the administrator. It is more comfortable.
• The device without Web browser is registered by using this system. If you restrict the service to Web devices, it is needless to install this.
• It is a web system running on a gateway.
  
• It consists of two CGI programs.
  • opengatemchk.cgi: CGI program to check the MAC address of the user terminal. Run under admininistrator's privilege.
    
  • opengatemreg.cgi: CGI program to register the MAC address sent from above CGI. Run under general user's privilege.
    

Installation

1. Install openateMd.  This system and opengateMd settle in the same gateway.
   
   
2. Install Apache, MySQL, and SqLite3.  Install the system to use for authentication, if necessary.
   
   
3. Unpack the archive linked to the top page and install it from the directory [mngsrc] as follows.
   
   tar xzvf opengatem0.0.0.tar.gz
   cd opengatem0.0.0/mngsrc
   make installmreg
   
   
4. Modify the configuration file to adjust to the environment.  It is necessary to change MySql setting, network interface name, a authentication method at least.  Set the authentication methods for the administrators and for the general users independently. This system supports POP3, FTP, LADIUS, LDAP, PAM, Shibboleth, and HttpBasic. You may set the same authentication server/method for both setting.
   But each of HttpBasic and Shibboleth can be used only once (Pair of one Shibboleth and one HttpBasic is permitted.).
   
   cp opengatemmng.conf.sample opengatemmng.conf
   vi opengatemmng.conf
   
   Following setting means as [MySql settles in local without password], [the network interface is fxp0],[Administrator authentication is POP3S], and [General user authentication is Shibboleth].  If this system is not needed, set [Administrator authentiation is deny]
   If set <AcceptUsers>,  allowable user ID is limitted to the member of the list.  The <UidAttribute> and <MailAttribute> mean the name of environment variables for user ID and mail address set by Shibboleth (need to configure in Shibboleth).  In other authentication method, if set <MailDomain>,  the mail address is made by concatenation of user ID and this string.. E.g.,  set [<MailDomain>og.saga-u.ac.jp</MailDomain>)] and get user ID [user1], then the mail address is [user1@og.saga-u.ac.jp].
   
   ----------------------------
   <Device>fxp0</Device>
   
    <MySqlDb>
     <Server>localhost</Server>
     <User>root</User>
     <Password></Password>
     <Database>opengatem</Database>
    </MySqlDb>
   
    <AuthServer>
     <UserType>admin</UserType>
     <Protocol>pop3s</Protocol>
     <Address>192.168.0.2</Address>
     <AcceptUsers>admin1 admin2 admin3</AcceptUsers>
    </AuthServer>
   
    <AuthServer>
     <Protocol>shibboleth</Protocol>
   　<UidAttribute>uid</UidAttribute>
     <MailAttribute>mail</MailAttribute>
    </AuthServer>
   -----------------------------
   
   
5. When you use HttpBasic or Shibboleth, Add the following descriptions into [.htaccess]. The CGI [opengatemchk.cgi] is protected by [administrator authentication]. And [opengatemreg.cgi] by [general user authentication]. In the case of other methods, remove these setting.
   
   <FILES opengatemchk.cgi>
   AuthType Basic
   AuthUserFile /tmp/passwd.dat
   AuthName "Admin"
   Require valid-user
   </FILES>
   
   <FILES opengatemreg.cgi>
   AuthType shibboleth
   ShibRequestSetting requireSession 1
   ShibRequireSession On
   ShibUseHeaders On
   Require valid-user
   </FILES>
   

Usage

1. Connect the user terminal and the management PC to the same network.
   
2. By using user terminal, access the network. and confirm that the gateway is closed.
3. By using the management PC, access opengatemchk.cgi to display the MAC address check page. Reload it, when it is  dislayed before confirmation.
4. The page shows the list of MAC addresses used recently. The top of the list is the address used most recently.
   
5. By the using management PC, choose an suspected address and push the [open] button.
6. A timer starts when the gateway is opened. During the timer counting down, try to use the network by using user terminal.
7. If the network use is impossible, close  with the [close]  button, and try another address.
   
8. If the network use is possible,  closed with the [close] button, and confirm that the gateway is returned to close mode. Then go to the registration page with [registration] button..
   
9. In the registration page,  enter the device name and register with the [registration] button.

Database

• MySQL: opengatem R/W (management DB)
  
• SqLite3: opengetemmng.db R/W (local work DB for openagteMreg/Mup)
  
• SqLite3: opengatemd.db R (local work DB for opengateMd)