[ previous ] [ next ] [ threads ]
 From:  Dinesh Nair <dinesh at alphaque dot com>
 To:  Michael Monaghan <mmonaghan at gmail dot com>
 Cc:  sylikc <sylikc at gmail dot com>, "Mitch (WebCob)" <mitch at webcob dot com>, Chris Buechler <cbuechler at gmail dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] External Authentication
 Date:  Wed, 22 Sep 2004 14:42:33 +0800
On 22/09/2004 12:00 Michael Monaghan said the following:
> Based on Dinesh's statement about the MAC address I'm pretty sure this
> won't work with the captive portal on the Internet side.  To me more
> precise the first user will open the server to the world since m0n0
> would see the MAC of the first upstream router.  Since all traffic
> comes from that router everyone is authorized on the first user.  When
> the first user logs off everyone will be shut out until someone else

the first user will authenticate. the second user (different IP addy than 
the first) will also be forced to authenticate, but the moment his 
authentication passes, he'll be let in and the first user will be locked 
out. as the MAC address (which would be the router's) is now bound to a 
different IP address.

it'd leave you with the same pink slip though. :)

> If anyone cares to comment on these ideas I'd love to hear feedback
> and alternate suggestions.  I know several people here are seeking a
> solution like this so hopefully this will help someone.

let me investigate this a little more.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |