Captive Portal

I'm currently testing out some opensource firewalls. It has come down to m0n0wall and pfsense and one thing has been driving me crazy.

I am deploying a wireless gateway, but the problem is two sets of users will be using this network. Faculty and staff. Faculty will and can authenticate to my Windows NPS server (IAS), but I need the students to authenticate to the university's main radius server. Is it possible to have two different radius servers to use in the captive portal? If it authenticates to one and fails have it try the second?

The other option is set up two different captive portals as defined in this thread:
http://forum.pfsense.org/index.php/topic,5368.0.html

Is it possible to have the radius client send a certain radius attribute to the server based on the page its being sent from? Or even a form field (drop down box)?

Windows Radius server doesn't have the ability to authenticate against itself first and then proxy the request, its either one or the other.

Thanks

I'm afraid not, the fail over won't work that way from what I have been testing.

Basically, the first radius server will send a "denied" response, so it won't fail over to the second. Only if it sends a query and nothing happens does it try the second server.

The only workaround I can think of is for the first radius server to only send the "Accept-Accept" response and nothing else. That would simulate a failure, might be able to trick it into trying the second radius server, but it will cause a long delay for those that authenticate at the second radius server.

Use REALMS. And proxy the corresponding realm to the right RADIUS server. In this way your students and your staff will be able to use the same CP.