News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Services  >  Captive Portal
linktree Topic: "Roaming" between two monowall's with RADIUS
Pages: [1]
Topic: "Roaming" between two monowall's with RADIUS  (Read 1107 times)
« on: July 21, 2014, 19:48:01 »
jstrebel *
Posts: 31
Hello,
I need your help to understand the function RADIUS MAC authentication.
My setup is as follow:
Two monowall's talking to the Freeradius Server. WLAN AP's connected to the OPT interface of the monowalls.
CP enabled on the OPT interface.

When I enable the checkbox "RADIUS MAC authentication"
I see in the incoming Radius request (in the Free Radius, in my case ZEROSHELL) the MAC Adress of the client which "asks" for authentication. The client gets authenticated by:(user name and password) and the access to the Internet is granted.

If I move with the authenticated client to the area which ich covered by the second monowall,
I get the Captive Portal page where I need to login again with username and password.
I would expect my client is already known by the Radius Server and the access should be granted without entering my credentials.

Q: Is my assumption wrong? If yes, how can I achieve this?

Thank you for your answers.
Jakob
« Reply #1 on: July 22, 2014, 06:02:42 »
Lee Sharp *****
Posts: 517
It should work as you describe.  Look at your config files to make sure the config of the captive portal section is the same.  And make sure your RADIUS allows concurrent logins.
« Reply #2 on: July 22, 2014, 17:59:38 »
jstrebel *
Posts: 31
Lee, thank you for your advice. One thing I know for sure is, that the two CP configurations in the monowalls are the same. I will investigate further when I am back from vacation. (mid of next week) jakob
« Reply #3 on: July 31, 2014, 13:30:07 »
jstrebel *
Posts: 31
Lee,
I would greatly appreciate if you could have a look at the attached Zeroshell (FreeRadius) debug file.
In the radius.conf I can't find a parameter with the name "concurrent login". What is the exact parameter name?
Sorry I do have experience in setting up and debugging radius.

The device i am using has the MAC Address ac:cf:5c:be:45:98
First I authenticate on the monowall_1 Captive Portal 192.168.10.236 using the name "js" and the pw "kobi"
Then I move with device "MAC Address ac:cf:5c:be:45:98" to monowall_2 Captive Portal 192.168.10.239
I assume the monowall_2 should allow me access without reauthentication.

Thank you Jakob
* Raduis_roaming-10.236_to_10.239.txt (44.53 KB - downloaded 40 times.)
« Reply #4 on: July 31, 2014, 17:29:14 »
Lee Sharp *****
Posts: 517
I am not that good with Radius servers...  And I can not remember the actually WISPr parameter name, but it prevents you from logging on from multiple locations at once.  You need to allow that.  You might get better support on this from the FreeRADIUS folks.
« Reply #5 on: July 31, 2014, 19:16:24 »
jstrebel *
Posts: 31
Thank you Lee,
may be somebody else could help Wink

In the mean time I added in the "users" file a parameter which should do the job.

DEFAULT Simultaneous-Use = 4
   Fall-Through = 1

No success.
Jakob
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines