[ previous ] [ next ] [ threads ]
 
 From:  "Pascal Suter" <mail at psuter dot ch>
 To:  "Rob Parker" <rob dot parker at keycom dot co dot uk>, <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  AW: [m0n0wall-dev] 1.2b6 bug with radius auth
 Date:  Mon, 7 Mar 2005 20:26:08 +0100
hi rob
 
it wouldn't surprise me if it was my bad, since this is my very first installation of a radius
server. anyway, i've tested it with NTRadPing and here are my results: 
reply packet code=2 id=1 length=20
response: Access-Acceppted
 
(i must note, that i did of course have to add another ip-secret-combination to the config files,
since i did this test on the computer running the server and not from the monowall itself. anyway, i
checked the secred on both monowall and radius server and they are both "mono"
here are all the entries in config.xml concerning radius auth: 
        <radiusip>192.168.1.155</radiusip>
        <radiusport/>
        <radiuskey>mono</radiuskey>
        <auth_method>local</auth_method>
        <bwauthmacup></bwauthmacup>
        <bwauthmacdn></bwauthmacdn>
        <bwauthipup></bwauthipup>
        <bwauthipdn></bwauthipdn>
        <bwdefaultup></bwdefaultup>
        <bwdefaultdn></bwdefaultdn>
        <redirurl/>
        <radiusacctport/>

i do not use any bandwith things and no "Accounting" i just use what could be used with version 1.11
of monowall. actually, the only reason why i installed a radius server and tried all this out is,
that i hacked versino 1.11 to use https for the captive portal over the week-end and then i found
out, that you where doing this in the current beta, so i wanted to see if we both implemented the
same solution.. and yes, it's pretty similar i guess ;)
 
one thing i would like to encurage you: when such an error happenes (which obviousley is possible
even with other radius servers with wrong configurations) the endless-loop thing should be
prohibited so taht monowall won't hang just because some user doesn't abort the process ;) ... maybe
changing line 129 in the radius_authentication.inc file and add an "or die('an error happened');" to
it would not be a bad idea. 
 
that line would look like this: 
$payload_upack = unpack("Cnum/Clen/C*value",$pack_upack[payload]) or die("an error happened");
this would prevent the enldless loop (maybe adding a similar thing to the shift operations inside
the while loop would be good too... 
 
hope to have provided useful informations. 
cheers
pascal


	Von: Rob Parker [mailto:rob dot parker at keycom dot co dot uk] 
	Gesendet: Mo 07.03.2005 17:57 
	An: Pascal Suter; m0n0wall dash dev at lists dot m0n0 dot ch 
	Cc: 
	Betreff: RE: [m0n0wall-dev] 1.2b6 bug with radius auth
	
	

	Hi Pascal,
	
	I might be able to help here - this is probably caused by an old version of
	the patches to captive portal I wrote being integrated (my fault - I didn't
	send the latest ones to Manuel in time!). Are you using the per-user captive
	portal bandwidth limits with your captive portal? Also, do you know exactly
	what your radius server is returning to m0n0wall when a user tries to
	authenticate (you can use NTRadPing to find this out quite easily) - if you
	forward me on the information I'll take a look at it for you and see if I
	can work out why! I did all my testing against FreeRadius, and only ever
	came across this problem if the wrong secrets were used in RADIUS or the
	m0n0wall.
	
	Cheers!
	
	Rob.
	
	-----Original Message-----
	From: Pascal Suter [mailto:mail at psuter dot ch]
	Sent: 07 March 2005 17:03
	To: m0n0wall dash dev at lists dot m0n0 dot ch
	Subject: [m0n0wall-dev] 1.2b6 bug with radius auth
	
	hi. i just installed the current beta version of monowall and tried to setup
	a radius server for it.
	i've installed Multitech's Free Windows Radius server, as described in the
	documentation, only i did install version 2.1 of the multitech server. my
	setup worked with m0n0wall version 1.11 and now with version 1.2b6 the
	captive portal gets into an endless loop after i entered my username and
	password. it then displays the folowing:
	
	Warning: unpack(): Type C: not enough input, need 1, have 0 in
	/usr/local/captiveportal/radius_authentication.inc on line 130 Warning:
	array_shift(): The argument should be an array in
	/usr/local/captiveportal/radius_authentication.inc on line 136 Warning:
	array_shift(): The argument should be an array in
	/usr/local/captiveportal/radius_authentication.inc on line 138 Warning:
	array_shift(): The argument should be an array in
	/usr/local/captiveportal/radius_authentication.inc on line 136 Warning:
	array_shift(): The argument should be an array in
	/usr/local/captiveportal/radius_authentication.inc on line 138 Warning:
	array_shift(): The argument should be an array in
	/usr/local/captiveportal/radius_authentication.inc on line 136 Warning:
	array_shift(): The argument should be an array in
	/usr/local/captiveportal/radius_authentication.inc on line 138 Warning:
	array_shift(): The argument should be an array in.......... (continuing as i
	stated in an endless loop)
	
	my environment:
	2 virtual pc's (using ms virtual pc) one is running monowall generic pc
	image and the other one is running windows 98 SE with that radius server.
	
	hope this helps you out. i'm sorry i can't help on the solution since i have
	no clue about how radius works and i don't intend on changing this in the
	next days ;)
	
	cheers
	pascal