[ previous ] [ next ] [ threads ]
 From:  Jesse Guardiani <jesse at wingnet dot net>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] DHCP Server request
 Date:  Tue, 8 Mar 2005 09:01:09 -0500
On Tuesday 08 March 2005 6:41 am, Quark IT - Hilton Travis wrote:
> Hi Chris,
> I clearly explained earlier that I know the difference between the
> Internet and an internal machine.  Suggesting so is totally and utterly
> missing the whole point of my original question.
> As this is a firewall/gateway device, there's NO WAY that it can stop a
> machine talking to another machine on the same physical segment.  A
> firewall/gateway, in case there's anyone out there still unclear on this
> (and if there is, WHY are they on the dev list???) can only block
> traffic passing through it - not traffic on a local LAN, nor traffic on
> the local freeway or train line.
> What I was asking was if there was a way to utilize Captive Portal
> without a RADIUS Server, instead authenticating to a file of user/pass
> or a local database or some other means of auth.

To answer this question, in case someone comes across it in the archives:

No, it's not currently possible to do Captive Portal username & password
auth without a RADIUS server in 1.11 or 1.2b6. However, it is possible to
use MAC pass-through or "Allowed IP addresses" without a RADIUS server.
Or at least that is my understanding. This basically offers the same
functionality as username & password auth, but on a per-machine basis (i.e.
no roaming from computer to computer).

Personally, I use "Allowed IP addresses" on my local WLAN. I was using MAC
pass-through, but for some reason that was buggy and from time to time
it wouldn't allow my clients through, even after they opened a web browser
and started to surf. "Allowed IP Addresses", while slightly less secure,
works every time for me.

Having said that, a patch was submitted just yesterday by Pascal Suter
for 1.2b6 that looks capable of adding a local user authentication database.
Look for the subject "local usermanager" in the archives. I haven't tried
it yet. Maybe you can give it a try and let us know what you think?

For what it's worth, I think a local user auth database would be useful
for Captive Portal. It would allow user based roaming instead of machine
based roaming and without a RADIUS server, which could be nice in certain

Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)