[ previous ] [ next ] [ threads ]
 From:  Dave McCammon <davemac11 at yahoo dot com>
 To:  Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] MAC authentication only to radius server
 Date:  Thu, 17 Nov 2005 15:28:16 -0800 (PST)
--- Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>

> Not yet but it it possible to implement it.
> I was planning to implement this in a later stadium
> but at the moment
> there's a feature freeze to test the stability of
> the current radius
> code release.
> Expect it within 1 month after I got enough response
> from people running
> my code.
> I don't know how many people uses it at this moment.
> I only got feedback
> from about 4 people. With 3 the images work without
> any problems, with 1
> the image works but only a later radius log analyser
> (hp procurve
> manager) doesn't follow the rfc and has problems
> with it (but it didn't
> also didn't work with the normal 1.2 branch)
> You're stating this:
> > What I am looking for is that when the user gets
> to
> > the portal page they click a button and, if their
> > address is in the radius server they are allowed
> > through.
> If RADIUS mac authentication is programmed, the user
> isn't going to see
> anything and will be automatically logged on to the
> system. Only if
> there is url-redirection specified (static or radius
> based) the user
> will see a page AFTER he is successfully
> authenticated or get a login
> page after an unsuccesfull mac authentication
> (username/password
> fallback)
> Since there needs to be done more processing, expect
> a faster cpu
> need... (the option will be a feature so you could
> enable/disable it)

The current setup works if the mac address is inputted
in the html form as userid and password but that isn't
very user friendly. 

I was looking in the direction of some kind of html
form whose action would call the php code to
authenticate to the radius server using mac address as
userid and password.
<form method="post" action="$MAC_AUTH$">
    <input name="continue" type="submit"

Or perhaps if userid is $MACAUTH or something similar,
it would do the same thing like: 
<form method="post" action="">
   <input name="auth_user" type="hidden"

Anyway, I'll look for the updates in a month.


Yahoo! Mail - PC Magazine Editors' Choice 2005