--- Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>
> > Is the MAC filtering supposed to work if one is
> > a RADIUS server?
> > To make sure I'm reading it correctly, if the
> > box isn't checked(on captive portal page) then
> > m0n0wall will be attempting to make sure that a
> > in user's mac address doesn't change while they
> > logged in. Does this work,relationship-wise, mac
> > address to username or mac address to ip address?
> Ip<->mac which are 'owned' by a user
> If this option is set, no attempts will be made to
> ensure that the MAC
> address of clients stays the same while they're
> logged in. This is
> required when the MAC address of the client cannot
> be determined
> (usually because there are routers between m0n0wall
> and the clients). If
> this is enabled, RADIUS MAC authentication cannot be
> If you read it well, this option needs to be turned
> on if the m0n0wall
> box will be unable to correctly pair the mac/ip.
> Then m0n0wall won't set
> a filter on mac/ip. In the same situation all mac
> authentication systems
> will be disabled since if its not possible to
> retrieve the correct
> mac/ip pairs it aint logical to do mac
> authentication (wether its local
> or radius)
I was making sure it was IP<->MAC, which you pointed
out, thank you.
The "MAC address of clients stays the same while
they're logged in." part is what I was questioning. It
wasn't clear to me if it meant that the IP<->MAC combo
can't change while the user is logged in or the
Userid<->MAC combo couldn't change while user is
logged in.I was associating "logged in" with userid.
> > Basically, I have a setup with a RADIUS server and
> > have given out a userid/password pair for a
> company to
> > use for two days only. I still want to use the
> > MAC authentication stuff for our other
> > users.
> No prob
> > I was able to login ok using two different pc's
> > the same userid/password pair.
> Sure, you haven't 'disable concurrent user logins'
This is what I wanted to happen but the way I was
interpreting the above explanation about MAC address
filtering, I feared that I may have missed something
when I copied the relevent code changes from the
enhanced RADIUS2 images to make a WRAP image.
> >It works the way I want
> > it but I made the image for a WRAP device
> > myself(needed the RADIUS MAC authentication stuff)
> Which images? Since you are saying RADIUS MAC
> authentication you're
> using one of the betas...
> > and
> > I want to make sure that I haven't screwed
> > up and will lose the functionality with future
> > upgrades.
> Shouldn't be an issue if you didn't change the
> source code, but what are
> your real questions???
You answered them. see above.
Yahoo! DSL – Something to write home about.
Just $16.99/mo. or less.