[ previous ] [ next ] [ threads ]
 
 From:  "=?ISO-8859-1?Q?Jan=E5ke_R=F6nnblom?=" <j dot ronnblom at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  captive portal and radius
 Date:  Tue, 16 May 2006 09:07:23 +0200
Hi!

Im currently testing m0n0wall as an captive portal for our wireless network.
However I need to allow traffic to a few
networks through the m0n0wall but I can't find any way to add it except to
add every IP address on the "Allow IP Addresses"
tab. Is there any way to add a whole network?

I have limited knowledge of m0n0wall and RADIUS so please forgive me if the
answer to the follwing questions are obvious.

On this network the students can be authenticated to two different Active
Directories, would it be possible to let the user choose which
domain (REALM in kerberos?) they should be authenticated against without the
user having to type userid@domain?  I was thinking of
presenting the different domains/realms in a drop-down box on the login page
of the m0n0wall, is this possible and how do I send the REALM
attribute to the RADIUS server?

I am using MS Windows 2003 IAS and RADIUS to test m0n0wall and have it
running in the lab. I have enabled both Radius Authentication and
Accounting. I probably will move this to freeradius to be able to support
Radius Accounting before deploying in our production environment.

If I use the Session-Timeout attribute to disconnect users who can connect
for only 1 hour per day would it be possible to show the user how much time
they have left when they login? I suppose I need to use the Redirection-Url
but how do I "forward" the Sessiom-Timeout that is sent to m0n0wall to the
Redirection-Url server?

When a user is logged out from the captive portal due to a DISCONNECT or a
TIMEOUT is there a LOGOUT or an Accounting STOP message
sent to the RADIUS? I can only find login messages from m0n0wall on my
Windows 2003 IAS and in its eventlog.

/J