OpengateMreg - MAC address registration system
Summary
- This is a system to check and register the MAC address of a
terminal connected to the gateway.
- The administrator operates it mainly in front of an user and
his/her terminal.
- It the device has Web browser, you can select another registration
system 'opengatemown' where the user can register terminals by oneself
without the administrator. It is more comfortable.
- The device without Web browser is registered by using this system.
If you restrict the service to Web devices, it is needless to install this.
- It is a web system running on a gateway.
- It consists of two CGI programs.
- opengatemchk.cgi: CGI program to check the MAC address of
the user terminal. Run under admininistrator's privilege.
- opengatemreg.cgi: CGI program to register the MAC address
sent from above CGI. Run under general user's privilege.
Installation
- Install openateMd. This system and opengateMd settle in
the same gateway.
- Install Apache, MySQL, and SqLite3. Install the system
to use for authentication, if necessary.
- Unpack the archive linked to the top page and install it from
the directory [mngsrc] as follows.
tar xzvf opengatem0.0.0.tar.gz
cd opengatem0.0.0/mngsrc
make installmreg
- Modify the configuration file to adjust to the
environment. It is necessary to change MySql setting,
network interface name, a authentication method at least.
Set the authentication methods for the administrators and for
the general users independently. This system supports POP3, FTP,
LADIUS, LDAP, PAM, Shibboleth, and HttpBasic. You may set the
same authentication server/method for both setting.
But each of HttpBasic and Shibboleth can be used only once (Pair
of one Shibboleth and one HttpBasic is permitted.).
cp opengatemmng.conf.sample opengatemmng.conf
vi opengatemmng.conf
Following setting means as [MySql settles in local without
password], [the network interface is fxp0],[Administrator
authentication is POP3S], and [General user authentication is
Shibboleth].
If this system is not needed, set [Administrator authentiation is deny]
If set <AcceptUsers>, allowable
user ID is limitted to the member of the list. The
<UidAttribute> and <MailAttribute> mean the name of
environment variables for user ID and mail address set by
Shibboleth (need to configure in Shibboleth). In other
authentication method, if set <MailDomain>, the mail
address is made by concatenation of user ID and this string..
E.g., set
[<MailDomain>og.saga-u.ac.jp</MailDomain>)] and get
user ID [user1], then the mail address is
[user1@og.saga-u.ac.jp].
----------------------------
<Device>fxp0</Device>
<MySqlDb>
<Server>localhost</Server>
<User>root</User>
<Password></Password>
<Database>opengatem</Database>
</MySqlDb>
<AuthServer>
<UserType>admin</UserType>
<Protocol>pop3s</Protocol>
<Address>192.168.0.2</Address>
<AcceptUsers>admin1 admin2
admin3</AcceptUsers>
</AuthServer>
<AuthServer>
<Protocol>shibboleth</Protocol>
<UidAttribute>uid</UidAttribute>
<MailAttribute>mail</MailAttribute>
</AuthServer>
-----------------------------
- When you use HttpBasic or Shibboleth, Add the following
descriptions into [.htaccess]. The CGI [opengatemchk.cgi] is
protected by [administrator authentication]. And
[opengatemreg.cgi] by [general user authentication]. In the case
of other methods, remove these setting.
<FILES opengatemchk.cgi>
AuthType Basic
AuthUserFile /tmp/passwd.dat
AuthName "Admin"
Require valid-user
</FILES>
<FILES opengatemreg.cgi>
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibRequireSession On
ShibUseHeaders On
Require valid-user
</FILES>
Usage
- Connect the user terminal and the management PC to the same
network.
- By using user terminal, access the network. and confirm that
the gateway is closed.
- By using the management PC, access opengatemchk.cgi to display
the MAC address check page. Reload it, when it is dislayed
before confirmation.
- The page shows the list of MAC addresses used recently. The
top of the list is the address used most recently.
- By the using management PC, choose an suspected address and
push the [open] button.
- A timer starts when the gateway is opened. During the timer
counting down, try to use the network by using user terminal.
- If the network use is impossible, close with the
[close] button, and try another address.
- If the network use is possible, closed with the [close]
button, and confirm that the gateway is returned to close mode.
Then go to the registration page with [registration] button..
- In the registration page, enter the device name and
register with the [registration] button.
Database
- MySQL: opengatem R/W (management DB)
- SqLite3: opengetemmng.db R/W (local work DB for
openagteMreg/Mup)
- SqLite3: opengatemd.db R (local work DB for opengateMd)