On Tuesday 08 March 2005 6:41 am, Quark IT - Hilton Travis wrote:
> Hi Chris,
> I clearly explained earlier that I know the difference between the
> Internet and an internal machine. Suggesting so is totally and utterly
> missing the whole point of my original question.
> As this is a firewall/gateway device, there's NO WAY that it can stop a
> machine talking to another machine on the same physical segment. A
> firewall/gateway, in case there's anyone out there still unclear on this
> (and if there is, WHY are they on the dev list???) can only block
> traffic passing through it - not traffic on a local LAN, nor traffic on
> the local freeway or train line.
> What I was asking was if there was a way to utilize Captive Portal
> without a RADIUS Server, instead authenticating to a file of user/pass
> or a local database or some other means of auth.
To answer this question, in case someone comes across it in the archives:
No, it's not currently possible to do Captive Portal username & password
auth without a RADIUS server in 1.11 or 1.2b6. However, it is possible to
use MAC pass-through or "Allowed IP addresses" without a RADIUS server.
Or at least that is my understanding. This basically offers the same
functionality as username & password auth, but on a per-machine basis (i.e.
no roaming from computer to computer).
Personally, I use "Allowed IP addresses" on my local WLAN. I was using MAC
pass-through, but for some reason that was buggy and from time to time
it wouldn't allow my clients through, even after they opened a web browser
and started to surf. "Allowed IP Addresses", while slightly less secure,
works every time for me.
Having said that, a patch was submitted just yesterday by Pascal Suter
for 1.2b6 that looks capable of adding a local user authentication database.
Look for the subject "local usermanager" in the archives. I haven't tried
it yet. Maybe you can give it a try and let us know what you think?
For what it's worth, I think a local user auth database would be useful
for Captive Portal. It would allow user based roaming instead of machine
based roaming and without a RADIUS server, which could be nice in certain
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)