> [...]The generated number will be send with the
> >access-request package to the radius, and then matched against the
> >user and password.
> This makes no sense...
Ok, maybe I explained this a little awkwardly. ;)
User X wants access and gets to the captive portal. There he sees
He knows, that his Username is "X" but the password he has to enter
depends on the number he sees. So "number 5" corresponds to "password
foo" whereas "number 6" would be "bar". He enters the password and in
the Access-Request there is "user-name, user-password and the
additional number-attribute". Radius-Server gets it, looks up the user
X and the checks if the password and number matches. If not -> no
Radius-Config User (based on freeradius):
X Auth-Type:=Local, User-Password==foo,
additional-attribute(specified at m0n0wall captive-portal)=="number 5"
So, not only his password and user-name is checked, but also a third value!
Still not making sense??