Expanding the wireless network

I finally got my Linksys WRE54G wireless 802.11g repeater working with my WRT54G. This is nice because now I can use the laptop in the kitchen and study. It also forced me to do a firmware upgrade to my router, which seems to have fixed a few problems with losing connections. Happy surfing now!

But as I was saying, I finally got it working. The setup program was failing with a message: WRE54G cannot associate with this AP in repeater mode, so I put it in my closet for 6 months. This weekend I googled a bit, and found that the roundabout method works:

  1. Reset the repeater
  2. Set your wireless IP to 192.168.1.239, select the repeater network, and surf to http://192.168.1.240, login as admin.
  3. In here you can set your SSID, frequency, security to match the current infrastructure. They should all be the same. (in the process of doing so, you may need to change your IP address back to whatever).
  4. The tricky part for me was the MAC address: my AP has three: one for the WAN, one for internal wired, and one for internal wireless. I mistakenly gave it the WAN MAC address the first time, and while I was able to connect to my repeater, it could not talk to the AP. After I corrected it to the one for the wireless MAC address, the red light on the repeater turned blue. Hallelujah!

NTLM

NTLM is the protocol that Internet Explorer uses to automatically log a user in to a site using the OS login credentials. There are lots of intranet applications that do this within an organization. What’s neat is that it’s not just limited to Internet Explorer and IIS.

First off, FireFox can do NTLM as well. In version 1.0, you need to navigate to about:config and find network.automatic-ntlm-auth.trusted-uris. Give it a value such as a domain (guyton.net) that you trust with your OS login credentials. Multiple hosts can be entered, sep. by commas. After that, automatic logins!

Note that to do this in IE, you need to go to Internet Options – Security – Local Intranet (or Trusted Sites) and add the host substring there (though it might need *.guyton.net or something similar).

OK, so enough about the browsers, what about the back-end servers? Since we like UNIX here, we aren’t gonna touch IIS. Apache 2 is our favorite way to go, and two methods exist:

So far I’ve experimented with the first one, and it seems to work OK. After half a day it seems that the website gets pretty slow in responding, so I suspect a memory leak.

I plan on trying the second one out tomorrow. It seems to support multiple domains and PDCs/BDCs for each, and returns the domain as well as the userid in the REMOTE_USER env var, which I need.

These should theoretically authenticate with samba as well, which can get data from an LDAP server. This is nice because the whole thing can be implemented with FireFox, Samba, Apache, and OpenLDAP, thus completely eliminating reliance on Microsoft products (other than OS login) while still providing single sign-on capabilities.