[ previous ] [ next ] [ threads ]
 From:  <spamwhore at cox dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IAS Radius server and Monowall authentication
 Date:  Sun, 10 Oct 2004 23:38:52 -0400
Alright guys, i got it working and now i shall tell you:

First the m0n0wall settings:
-choose the interface you want
-set desired timeouts (i left blank)
-leave logout window popup unchecked
-type in the IP if your radius
-type in port, i left blank for default
-type in shared secret, i will use "asdf" for testing
-leave radius accountng unchecked
-load a portal page that has the login fields

Now for Active Directory Settings:
-Create a new global security group, i will use "Radius Users"
-Create a new account "test" and add it to the "radius users" group
-on the properties for the account "Test" go to "Dial in" check "Allow Access" under the remote
acces permission
Save/close out

-Install the IAS service just like the instructions on the site Chris linked us to above.
-Now that the service is installed, just like the guide right click and add to active directory
-And once again just like the guide add a client using the shared secret that you used earlier in
m0n0wall (mine was "asdf")
-Create a remote access policy but instead of VPN choose Ethernet, Add the security group we created
in AD and finish the wizard
-now right click on that policy and go to properties, Click the "edit profile" button
-Click the Authentication tab, uncheck everything thats there by default and only check "Unencrypted
Authentication (PAP, SPAP)
-close out of those windows back to the IAS control window
-Now go down the tree to "Connection Request Policys" Right now there is a time restriction one, you
can edit this, i just deleted it and made my own.  Create a policy which will let your server
through, i chose to have it check my NAS ip, you can select many others and play around
-Close all of this nonesense

Finally test your captive portal it should now grant access to active directory accounts configured
exactly like the "Test" account we made.

Its working great for me right now, now its time to play with it, break it, and get more features

Thanks again to Chris for his help (checking event log + i got a IAS log viewer which helped a lot)