[ previous ] [ next ] [ threads ]
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Authenticate incoming https connections on WAN interface against radius
 Date:  Tue, 11 Jul 2006 19:30:14 +0100

In message <44B3C777 dot 4040304 at ricerage dot org>, Brian <mono at ricerage dot org>
>dlavecky at it dot uts dot edu dot au wrote:
>> Hi- thought I'd turn to the board for some help... I'm hoping to
>> authenticate incoming connections on the WAN link before permitting access
>> to a web server in the DMZ. There is a radius server in the LAN segment to
>> check against but I don't know how to configure captive portal to achieve
>> all this- I'm not having much success...
>> Any guidance / assistance would be much appreciated
>Hi Dave,
>This isn't something you would use the captive portal for. CP is for
>authenticating outgoing users, not incoming from the WAN interface.
>Instead you should be looking at solutions on the web server itself. If
>you're using Apache, you may want to look into something along the
>lines of mod_auth_radius and htaccess. Good luck.

You may want to try mod_auth_xradius
(http://www.outoforder.cc/projects/apache/mod_auth_xradius/) instead of
mod_auth_radius.  mod_auth_radius has a number of issues and doesn't
work for everyone (well it didn't for me!).  mod_auth_xradius was
commissioned as a replacement and is modelled on the way the squid
radius helper functions.



Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk