|
||||||||
This version adds support for cisco radius authentication requests. http://inf.imelda.be/downloads/m0n0wall/generic-pc-radius2_20051011_22-5 5.img You have to put <radiusvendor>cisco</radiusvendor> under the captiveportal element in the XML config to enable this feature Attribute 30 (called-station-id => mac) and 31 (calling-station-id => clientipadres) are sent to the radiusserver when you enable the config option If not, the standard behaviour is to send calling-station-id => mac to the radius This code ISN'T!!!! tested yet so please give feedback if it works or not... J. -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 Jonathan dot de dot graeve at imelda dot be -----Oorspronkelijk bericht----- Van: Bernie O'Connor [mailto:Bernie dot OConnor at sas dot com] Verzonden: vrijdag 7 oktober 2005 15:54 Aan: Lee Sharp; m0n0wall Onderwerp: RE: [m0n0wall] Captive Portal RADIUS authentication missing fields Sounds like you might be dealing with a Cisco Radius server. I created a patch to allow 1.2b10 to work with Cisco Radius (calling-station-id, and client ip-address), Jonathan is considering adding the attributes for 1.3. If you're comfortable with building a custom image of m0n0wall I can send you the patch; otherwise you'll have to wait for 1.3. bernie -----Original Message----- From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be] Sent: Thursday, October 06, 2005 4:54 PM To: Lee Sharp; m0n0wall Subject: RE: [m0n0wall] Captive Portal RADIUS authentication missing fields The attributes you are saying you require aren't in 1.11 and never will be. They where added later in 1.2b7 indeed.... As the Radius RFC's states only Nas-Ip || Nas-Identifier are required fields. (you can use both of them in a request or only one of them) If you want to use Captive Portal with Radius authentication working you CAN use 1.2b10. It seems to be 'very stable'. At least if you only use Captive Portal and radius... There are some caveats with Openvpn and Ipsec with it but as long you aren't using that you can use this one. Or you can wait until 1.2 comes out (it shouldn't be a long time anymore, I think) 1.3b will have a complete rewritten radius authentication code to support things users have been asking for (multiple radius server support with failover, round-robin etc..., Radius url-redirection etc.) Software has always been distributed 'AS IS' without any warranties. J. -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 Jonathan dot de dot graeve at imelda dot be -----Oorspronkelijk bericht----- Van: Lee Sharp [mailto:leesharp at hal dash pc dot org] Verzonden: donderdag 6 oktober 2005 22:44 Aan: m0n0wall Onderwerp: [m0n0wall] Captive Portal RADIUS authentication missing fields I am trying to use m0n0 1.11 (this client does not like "beta" software) with captive portal to authenticate against a RADIUS server owned by a third party. I have no control over, or access to, the RADIUS server. I am failing in authentication. The "tech" at the third party stated, "In the auth request you are missing the following attributes; NAS IP, Framed IP, Calling-Station-ID, Called-Station-ID, and Acct-Session-ID" I have seen people getting these attributes, but only in 1.2b7+ Will 1.11 provide this, or do I need to convince the client that 1.2b10 is very stable "beta" software? :-) Lee --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |