[Chilli] Repeated, rapid-fire mac-auth requests received by the RADIUS server

Adam Hammond adam at freerunr.com
Wed Mar 21 17:46:41 UTC 2012 

Hi Mike,

If my understanding is correct coova-chilli implements basic mac-auth functionality by sending an authentication packet every time is receives a DHCPREQUEST. If you look at your debug output you'll probably see that devices actually ask for all sorts of ip addresses when talking to dhcp servers and receiving an ip address (self signed, old addresses, the address that are given etc etc). Each request results in an auth attempt. 

I was looking into this the other day as I wanted a system where I only get one access request per device. There is an option that changes the way the macauth process works in chilli:

--strictmacauth	Be strict about MAC Auth (no DHCP reply until we get RADIUS reply)  (default=off)

... which implements macauth functionality how it should be (IMO).

Unfortunately I can't get it to work on 1.2.9 (I haven't tried older versions). When added as an additional option to --macauth I still see lots of auth packets flying around. When I replace --macauth with --strictmacauth then mac auth functionality is un-enabled. I don't see any reference to this 'strictmacauth' in the 'functions' file so I'm not even sure it's implemented any more.

Hopefully David can clear this up and it's a feature I'd really like to use.

cheers,
Adam




On 21 Mar 2012, at 12:51, Mike Puchol wrote:

> Hi all,
> 
> I'm having an odd problem with my setup, involving Ubiquiti routers and a Radiator server, with MAC authentication against RADIUS enabled. The server will receive a seemingly random number of access-request packets, in rapid succession (even less than 1 second between them), usually between one and six packets.
> 
> My first thought is that chilli is sending out requests without a reply wait timer, or a timer set too low, and so it fires away until it gets a reply from the server.
> 
> Has anyone else come across this?
> 
> Cheers,
> 
> Mike
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli

More information about the Chilli mailing list