[ previous ] [ next ] [ threads ]
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Dave McCammon" <davemac11 at yahoo dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] disable mac filtering and radius
 Date:  Fri, 30 Dec 2005 20:15:12 +0100
> Is the MAC filtering supposed to work if one is using
> a RADIUS server?
> To make sure I'm reading it correctly, if the check
> box isn't checked(on captive portal page) then
> m0n0wall will be attempting to make sure that a logged
> in user's mac address doesn't change while they are
> logged in. Does this work,relationship-wise, mac
> address to username or mac address to ip address?
Ip<->mac which are 'owned' by a user

If this option is set, no attempts will be made to ensure that the MAC
address of clients stays the same while they're logged in. This is
required when the MAC address of the client cannot be determined
(usually because there are routers between m0n0wall and the clients). If
this is enabled, RADIUS MAC authentication cannot be used.

If you read it well, this option needs to be turned on if the m0n0wall
box will be unable to correctly pair the mac/ip. Then m0n0wall won't set
a filter on mac/ip. In the same situation all mac authentication systems
will be disabled since if its not possible to retrieve the correct
mac/ip pairs it aint logical to do mac authentication (wether its local
or radius)

> Basically, I have a setup with a RADIUS server and I
> have given out a userid/password pair for a company to
> use for two days only. I still want to use the RADIUS
> MAC authentication stuff for our other "registered"
> users.
No prob
> I was able to login ok using two different pc's with
> the same userid/password pair. 
Sure, you haven't 'disable concurrent user logins' enabled

>It works the way I want
> it but I made the image for a WRAP device
> myself(needed the RADIUS MAC authentication stuff)
Which images? Since you are saying RADIUS MAC authentication you're
using one of the betas...

> and
> I want to make sure that I haven't screwed something
> up and will lose the functionality with future
> upgrades.

Shouldn't be an issue if you didn't change the source code, but what are
your real questions???