June 14, 2007 at 2:47 pm #40649
Is it possible to also allow PAP w/ the FreeRADIUS in zeroshell?
I’m asking because we currently use Monowall for the Captive Portal and we are planning to implement WLAN via Zeroshell, but we’d like to point Monowall to authenticate its captive portal users via Zeroshell. As I understand it, it only supports PAP…
Any idea how PAP could be added (so that 802.1X would continue to work)?
Another alternative that I am considering would be to add a Windows 2003 domain controller for this.. I understand that Zeroshell will integrate w/ AD for user auth, and I’ve read that Monowall can be configured to work with IAS for its Captive Portal also…
PaulJune 16, 2007 at 10:38 am #45447
I have just tried with the FreeRadius server configured in ZeroShell with radtest utility.
The result is the following:
[fulvio@wks ~]$ radtest fulvio MyTestPassword 192.168.0.75 1 testsecret
Sending Access-Request of id 204 to 192.168.0.75:1812
User-Name = “fulvio”
User-Password = “MyTestPassword”
NAS-IP-Address = wks.example.com
NAS-Port = 1
rad_recv: Access-Accept packet from host 192.168.0.75:1812, id=204, length=20
and the Zeroshell log is:
12:27:04 Login OK: [fulvio] (from client server port 1)
This indicates that PAP is active because User-Password = “MyTestPassword” is a not encrypted text password.
Do you have already tried the captive portal of M0n0wall and it does not work with Zeroshell radius service?
Are you sure you configured the shared secret correctly? You have to add the IP address and the shared secret of your Monowall server in the list of the accesspoints of Zeroshell.
FulvioJune 29, 2007 at 1:54 pm #45448
I did set the shared secret on Monowall and configured it as an access point in ZeroShell with the appropriate shared secret, but it did not work.
I looked into Monowall a bit and it appeared to use PAP.
The only thing unusual about my test is that the Monowall that I was attempting to use was on the other side of a firewall, so there is the possibility that something is amiss there, though I thought I had the firewall rules in place appropriately.
I think that I’ll just move my test Monowall on to the same segment as Zeroshell to rule out any firewall issues and try again. Having both Monowall and Zeroshell going after the same user database would be a good thing.June 29, 2007 at 3:44 pm #45449
Are you sure that the Zeroshell box with the RADIUS configured is contacted by M0n0wall with its IP and not with the IP of the Firewall (NAT enabled). In this case you have to add the shared secret with the IP of the firewall.
Have you checked the log of the RADIUS server? If the problem is the shared secret then no messages are logged.
FulvioJuly 2, 2007 at 2:39 pm #45450
It was my captive portal – It wasn’t allowing a reply from Zeroshell.
It’s working properly now, though… Thanks!
You must be logged in to reply to this topic.