[ previous ] [ next ] [ threads ]
 
 From:  Dinesh Nair <dinesh at alphaque dot com>
 To:  Martin Holst <mail at martinh dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Captive Portal VS IAS radius
 Date:  Sun, 13 Jun 2004 13:45:41 +0800 (MYT)
On Sun, 13 Jun 2004, Martin Holst wrote:

> Unfortunately m0n0wall does not send NAS port type as an attribute along
> with the access request (Thanks Ethereal).
> That is:
>  - The PPPTP radius client sends port type with access requests.
>  - The Captive Portal client does not.
>
> Remove "NAS Port type" under the Policy conditions and everything works
> smoothly.

alternatively, i could add a NAS-Port-Type attribute when the Captive
Portal sends out the RADIUS access-request. i'd probably set it to
Ethernet, as that seems to be the closest match.

strictly from the RFCs though, since the NAS (in this case m0n0wall)
doesnt differentiate among it's incoming ports for the captive portal,
this attribute is not mandatory. adding it however does not break anything
me thinks.

i'll add it in, and send you the changes. it'd help a lot if you could
test it for me, as i dont have access to an IAS server.

> Fiddling with the problem brought up and idea:
>  - Why not have a single radius client setup page in m0n0wall?
> E.g.: Create a service called "Radius client" where you define
> parameters as: IP-address, shared secret, encryption etc.

the current method however allows for different RADIUS servers for
different services.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+