Finally got it - as expected it was terribly simple :o(
Sniffing with Ethereal did me no good but telling me that the IAS radius
returned an "Access Reject"
...and reading the IAS log with a log viewer told me almost the same -
although in more details ;o)
Anyway, here it is:
"NAS Port type" is used as a standard Policy condition in IAS.
Windows own policy wizard comes up with suggestions like VPN, Ethernet,
Wireless and more.
Unfortunately m0n0wall does not send NAS port type as an attribute along
with the access request (Thanks Ethereal).
- The PPPTP radius client sends port type with access requests.
- The Captive Portal client does not.
Remove "NAS Port type" under the Policy conditions and everything works
Dinesh: I appreciate you taking the time to help.
Fiddling with the problem brought up and idea:
- Why not have a single radius client setup page in m0n0wall?
E.g.: Create a service called "Radius client" where you define
parameters as: IP-address, shared secret, encryption etc.
Then you would just need a checkbox like "Use Radius authentication"
under each Radius-supported service - instead of having to define all
the same parameters for each one.(More of these might come in the
From: Dinesh Nair [mailto:dinesh at alphaque dot com]
Sent: 11. juni 2004 21:17
To: Martin Holst
Subject: RE: [m0n0wall] Captive Portal VS IAS radius
On Fri, 11 Jun 2004, Martin Holst wrote:
> Here are two samples of a test user (Sorry about the word wrap):
erps, cant tell anything from them either. any chance of getting a
snoop of the RADIUS traffic on this instead ?
have you checked the shared secret on the IAS and the m0n0wall, they
to be the same.
Regards, /\_/\ "All dogs go to heaven."
dinesh at alphaque dot com (0 0) http://www.alphaque.com/
| for a in past present future; do
| for b in clients employers associates relatives neighbours pets; do
| echo "The opinions here in no way reflect the opinions of my $a $b."
| done; done