[ previous ] [ next ] [ threads ]
 From:  florian broder <flobroed at googlemail dot com>
 To:  Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Radius Attributes / Captive Portal
 Date:  Wed, 7 Dec 2005 14:17:15 +0100

> [...]The generated number will be send with the
> >access-request package to the radius, and then matched against the
> given
> >user and password.
> This makes no sense...

Ok, maybe I explained this a little awkwardly. ;)

User X wants access and gets to the captive portal. There he sees
    number 5

He knows, that his Username is "X" but the password he has to enter
depends on the number he sees. So "number 5" corresponds to "password
foo" whereas "number 6" would be "bar". He enters the password and in
the Access-Request there is "user-name, user-password and the
additional number-attribute". Radius-Server gets it, looks up the user
X and the checks if the password and number matches. If not -> no

Radius-Config User (based on freeradius):

X    Auth-Type:=Local, User-Password==foo,
additional-attribute(specified at m0n0wall captive-portal)=="number 5"

So, not only his password and user-name is checked, but also a third value!

Still not making sense??