[Chilli] Administrative-User session & config update

Adam Hammond adam.hammond at wicoms.com
Thu Aug 9 15:29:40 UTC 2012


Thanks David,

My mistake was to use both the administrative-update session AND the radius config functionality at the same time (for reasons not worth going into). Confusion reigned. 

What wasn't clear to me was that you could forgo any RADCONF-esque functionality, not need to call radiusconfig in init, and just use the Administrative-User functionality when starting up with half the configuration on the device and the rest supplied centrally. All cleared up now.

@David - Can I control the amount of time between re authentication of the administrative user session or is it hard coded to an hour?

@Bojan - the administrative-user functionality allows you to host a subset of your configuration centrally (accessible via radius), to change that configuration at will and have it updated on all relevant chilli instances in a timely and automatic fashion.

Cheers,
Adam

On 8 Aug 2012, at 15:29, David Bird wrote:

> Be sure the adminupdatefile is also included into your chilli
> configuration (using 'include <filename>'). 
> 
> David
> 
> 
> On Tue, 2012-08-07 at 13:48 +0100, Adam Hammond wrote:
>> Hi list,
>> 
>> Has anyone succeeded in getting the Administrative-User session functionality fully working?
>> 
>> I have a test AP running an Adminstrative-User session fine (config is returned in Access-Accept and stored in a file). The config is written to non-default file (/tmp/foo) in line with my adminupdatefile setting. The session re-auths every hour and the config is re-written to my adminupdatefile at that time.
>> 
>> If I change the settings returned in radius what DOESN'T happen is these changes being recognised, copied to the chilli config file (hs.conf) and chilli HUP'd. 
>> 
>> This would be trivial to do manually via a script in cron, but it's my understanding that chilli should do this. Am I wrong or is this a bug do you think/know?
>> 
>> I have also not had any luck controlling the interval in which chilli re-auths the administrative-user session. I have tried setting HS_ADMININTERVAL and also returning a Session-Timeout value in the Access-Accept to no avail. Has anyone had any success controlling the session time?
>> 
>> I've included some debug output below for anyone that knows if this looks right or not. It appears that the config is saved in my adminupdatefile location and copied to /tmp/hs.conf rather than /etc/chilli/hs.conf (?)
>> 
>> Possibly relevant: I'm not using a call to writeconfg in my start script. I want to fully control the dns servers over radius. If I use writeconfig the dns1 attribute is set to the devices primary dns server (or one that I hardcode) and this is not overruled if I return a different server ip by radius config. Rather than find a way to patch the functions file I took the easy route of using a static main.conf and fetching the rest of the configuration over radius.
>> 
>> Many thanks in advance,
>> Adam
>> 
>> coova-chilli 1.2.9 on Openwrt
>> 
>> 
>> radius.c: 224: 0 (Debug) qnext=6
>> radius.c: 294: 0 (Debug) RADIUS queue-in id=6 idx=6
>> radius.c: 1505: 0 (Debug) RADIUS id=6 sent to x.x.x.x:11812
>> main-opt.c: 601: 0 (Debug) DHCP Listen: 172.17.2.1
>> main-opt.c: 602: 0 (Debug) UAM Listen: 172.17.2.1
>> radius.c: 1740: 0 (Debug) Received RADIUS packet id=6
>> radius.c: 264: 0 (Debug) idx 6 pid 6 id 6
>> radius.c: 406: 0 (Debug) RADIUS queue-out id=6 idx=6
>> chilli.c: 4379: 0 (Debug) Received RADIUS response id=6
>> chilli.c: 4568: 0 (Debug) Received RADIUS Access-Accept
>> chilli.c: 4197: 0 (Debug) looking to replace: /tmp/coova-update
>> chilli.c: 4213: 0 (Debug) using temp: /tmp/hs.conf
>> ...
>> options.c: 442: 0 (Debug) PID 7050 saving options to /var/run/chilli.6503.cfg.bin
>> chilli.c: 6800: 0 (Debug) Processing cmdsock request...
>> chilli.c: 347: 0 (Debug) SIGUSR1: reloading configuration
>> options.c: 189: 0 (Debug) PID 6503 rereading binary file /var/run/chilli.6503.cfg.bin
>> options.c: 651: 0 (Debug) PID 6503 reloaded binary options file
>> chilli.c: 378: 0 (Debug) caught 18 via selfpipe
>> chilli.c: 309: 0 (Debug) child 7050 terminated
>> options.c: 442: 0 (Debug) PID 7049 saving options to /var/run/chilli.6503.cfg.bin
>> chilli.c: 6800: 0 (Debug) Processing cmdsock request...
>> chilli.c: 347: 0 (Debug) SIGUSR1: reloading configuration
>> options.c: 189: 0 (Debug) PID 6503 rereading binary file /var/run/chilli.6503.cfg.bin
>> options.c: 651: 0 (Debug) PID 6503 reloaded binary options file
>> chilli.c: 378: 0 (Debug) caught 18 via selfpipe
>> chilli.c: 309: 0 (Debug) child 7049 terminated
>> _______________________________________________
>> Chilli mailing list
>> Chilli at coova.org
>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> 
> 



More information about the Chilli mailing list