> One problem we had was the authentication/authorization of
> the AP, not the final user. When one single user behind
> an AP got authenticated, all users on this AP got granted access.
This sounds like an issue with the *type* of Access Point or the way it
I can see this happening if the m0n0wall machine was on the WAN port of
a NAT access point. I could also see this happening on some bridged
style access points.
Another possibility is if the access point has some sort of http proxy
on it. The http requests would come from the access point instead of
M0n0wall's captive portal must see a unique IP address (and MAC) for
each client on the same subnet as the m0n0wall interface where the
captive portal is enabled.
I have used m0n0wall's captive portal with several different NAT type
access points and it works as intended.