[ previous ] [ next ] [ threads ]
 
 From:  Shivkumar <shivkumar at outbackwifi dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Captive Portal + FreeRadius Issue
 Date:  Wed, 06 Apr 2005 13:23:23 +0530
hi,
first of all let me congratulate dinesh and manuel for an excellent 
program ( i discovered it only 5 days ago!)
i down loaded the generic image 1.1 and installed it without any probs 
on an old P1/64meg/1.6Gig machine that I had.
The system booted in under 50 secs which is the fastest I have seen in 
any OS!.
I have a FreeRADIUS 1.02 server setup which uses MySQL as the backend.
Now when I enable captive portal and specify the RADIUS authentication 
IP etc, everything works like a charm.
I am however facing the following quirk I saw some others also on the 
list facing:
See the m0n0wall sends Acct-Session-Id as username-hostnem.example.com.
Now freeradius uses the following to generate a unique session id:
User-Name,Acct-Session-Id,NAS-IP-Address, Client-IP-Address,NAS-Port
I have now come to realize that if say user "sanjay" logs in from any 
client, the unique id generated for him will always be the same. This is 
true if he logs in say at 1800, logs out at 1810. then again at 1815 and 
logs out at 1818.
The problem that occurs is that the query that Freeside uses to update 
the accounting table on mysql called radacct uses this Unique ID to 
update the user record for accounting stop;
i find that all records with this username end up with the last values 
of the accounting packet.
is there a way to work around this problem? i was thinking that if you 
could use some kind of hash added to the username to create a unique 
Account-Session-Id

Now for the second rant!
I upgraded the firmware to 1.2b7 after tweaking php.ini as indicated.
the newer features are great but the RADIUS authentication seems to be 
broken. I am seeing from the freeradius logs that the accounting start 
packet from the m0n0wall doesnt come leading to a timeout and nothing 
happening (no popup window, no redirection).
i had to revert back to the 1.1 stable image.

-- 
Regards,

Shivkumar