RE: [m0n0wall] Anyone with experience of using Monowalls captive portal in a Hotspot solution?

From:	"Bryan Catlin" <bryancatlin at connectgroup dot net>
To:	"'Dirk Enrique Seiffert'" <ds at caribenet dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Anyone with experience of using Monowalls captive portal in a Hotspot solution?
Date:	Thu, 21 Jul 2005 21:43:48 -0400

We do not use wep or radius wep on the Aps. We leave them open and their lan
ports connect to a switch and that to  the lan port on the monowall.  They
can associate with the AP and get on the lan side of the monowall, that then
stops them and asks for the radius username and password.  If they pass that
then they get to goto the wan side of the monowall and the internet.

It sounds like you have radius wep on the Aps turned on and when on gets it
right they all come thru as that user using the aps mac address then and the
monowall does not get to do its job on each user.  The AP is just a layer 2
device and each users mac address is what is used to do everything on the
captive portal.

We have several setup this way and all monowalls authenticate against the
one radius server.

Bryan

-----Original Message-----
From: Dirk Enrique Seiffert [mailto:ds at caribenet dot com] 
Sent: Thursday, July 21, 2005 4:37 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Anyone with experience of using Monowalls captive
portal in a Hotspot solution?

El Mar 19 Jul 2005 14:17, Bryan Catlin escribió:
> We run Monowall as our captive portal to all of our pay for and free 
> hotspots.  We use freeradius w/mysql backend as the 
> authentication/time keeper and have a billing system that thru a web 
> page takes all info authenticates the credit cards and creates the 
> radius accounts.  Thru the new feature in the 1.2b9 monowall it can 
> read the freeradius db every minute and disconnect the clients when 
> they are no longer there or when they send a access-reject.

We did some testing with the captive portal beta9 with less positive
results: 
One problem we had was the authentication/authorization of the AP, not the
final user. When one single user behind an AP got authenticated, all users
on this AP got granted access. A second issue was that M0n0wall wouldn't
disconnect an active session (but deny a new session in case of a negative
account balance.)

We don't use freeradius but pyrad as this is part of a comercial application
we are evaluating. Maybe this is a pyrad issue? 
>
> So basically you need a freeradius setup and something that creates 
> the accounts and deletes them when the time is up.  B9 monowall will 
> do the rest.  One pc with the right setup could probably do this for you.
>
> Bryan


--
Dirk Enrique Seiffert
CaribeNet S.A. - Cartagena - Colombia
www.caribenet.com

--
Este mensaje ha sido analizado por MailScanner en busca de virus y otros
contenidos peligrosos, y se considera que está limpio.
MailScanner agradece a transtec Computers por su apoyo.


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch