To enforce the internet access you could use an http proxy with authentication. This will challenge any user trying to connect through and they will have to authenticate to get access. There are several products and open source solutions that will do this. You should consider the way authentication might work too, simplest way is an internal user/password scheme on the proxy but then you have to maintain that. Or you could link to an external authentication source such as RADIUS or TACACS server or even Active Directory. One more thing to consider is that the above will only restrict http - you need to consider other types of traffic and either block them completely or have them authenticate too. Remember that by not restricting wireless access you could have people poking around from the inside and trying to break your network
This company doesn't use AD for authentication or use any sort of authentication for users for now. A plan is being layed out to go to that as part of the network upgrade but for now, I am concern about the open wap that they have here. RADIUS is where we might be considering for authentication.
Like TheBishop said, a proxy with authentication would be a simple but not best solution.
Sometime ago Tomshardware wrote an article abot setting up a kind of hotspot with M0N0WALL. This migth be the sort of thing you are looking for.
There is also opensource software such as zeroshell that will turn a pc into a captive portal.
Also, you can buy a router with built-in hot-spot functionality.
In my opinion, the best would be to use some type of captive portal plus the use of a content filtering system.
I looked at m0n0wall as you mentioned and also the article at tomshardware you mentioned and also about the zeroshell. It's interesting to know about different posibilities to achieve captive portal for wireless access with authentication. But I still need to get some hardwares and softwares to start with and try it.
Thanks for you Bishop and beexo. I have to get the FreeRADIUS running first.
