[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Dave McCammon" <davemac11 at yahoo dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] MAC authentication only to radius server
 Date:  Thu, 17 Nov 2005 23:19:12 +0100
Not yet but it it possible to implement it.

I was planning to implement this in a later stadium but at the moment
there's a feature freeze to test the stability of the current radius
code release.

Expect it within 1 month after I got enough response from people running
my code.

I don't know how many people uses it at this moment. I only got feedback
from about 4 people. With 3 the images work without any problems, with 1
the image works but only a later radius log analyser (hp procurve
manager) doesn't follow the rfc and has problems with it (but it didn't
also didn't work with the normal 1.2 branch)

You're stating this:
> What I am looking for is that when the user gets to
> the portal page they click a button and, if their MAC
> address is in the radius server they are allowed
> through.

If RADIUS mac authentication is programmed, the user isn't going to see
anything and will be automatically logged on to the system. Only if
there is url-redirection specified (static or radius based) the user
will see a page AFTER he is successfully authenticated or get a login
page after an unsuccesfull mac authentication (username/password
fallback)

Since there needs to be done more processing, expect a faster cpu
need... (the option will be a feature so you could enable/disable it)

J.


--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
Jonathan dot de dot graeve at imelda dot be

> -----Oorspronkelijk bericht-----
> Van: Dave McCammon [mailto:davemac11 at yahoo dot com]
> Verzonden: donderdag 17 november 2005 23:01
> Aan: m0n0wall at lists dot m0n0 dot ch
> Onderwerp: [m0n0wall] MAC authentication only to radius server
> 
> Is there currently a way in m0n0wall's captive portal
> to authenticate to a radius server with MAC address
> only?
> What I am looking for is that when the user gets to
> the portal page they click a button and, if their MAC
> address is in the radius server they are allowed
> through. If not they get the radius authentication
> error page to tell them they need to register their
> machine.
> 
> The MAC addresses are in the radius server as username
> and password.
> The radius server is cisco's Secure ACS 3.3.
> The access points will authenticate fine to the ACS
> server as MAC only but we want to have a portal page
> for everyone so we need m0n0wall to mac authenticate
> them.
> 
> I'm currently using the
> generic-cdrom-radius2_element_20051111_23-24.iso
> downloaded from
> http://inf.imelda.be/downloads/m0n0wall/.
> 
> 
> thanks,
> dave
> 
> 
> 
> 
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>