[Chilli] Does option noradallow effect radconf only?

Xabier Oneca -- xOneca xoneca at gmail.com
Mon Dec 2 19:30:33 UTC 2013


Hello Steffen,

I did realize the same as you: chilli only checks noradallow when trying to
download config from RADIUS, but doesn't check it when
accounting/authorization.

What I don't know is if that option was only intended for the first case,
or it was "forgotten" to check that also on authorization (help text is
ambiguous. Doesn't clear it).
El 02/12/2013 12:16, "Steffen Dettmer" <steffen.dettmer at nomadrail.com>
escribió:

> Hi,
>
> in short: what is the effect of --noradallow? Also a short and
> rough answer would be appreciated!
>
> I tried the option noradallow but I noticed no effect (I'm not
> using radconfig). Looking to the source, adding a few log
> messages and debugging a bit around I think this option is for
> "configuring chilli parameter using radius" only. Is this
> correct?
>
> Help tells "Allow all sessions when RADIUS is not available" and
> in ChangeLog I read "Added runtime option --noradallow to
> authorize sessions when RADIUS is not available", but I'm not
> sure what kind of sessions are in scope.
>
> The option is checked only in cb_radius_auth_conf(), but not in
> redir_cb_radius_auth_conf(), but I think the latter handles the
> access request response after captive portal redirection and
> login, correct? (I verified by adding log statement in "if
> (_options.noradallow)" and its "else" - but neither one appears
> in debug output).
>
> I noticed that when RADIUS becomes unreachable, authorized
> clients continue to have access.
>
> NB: For me it is hard to see how client sessions could be
> authorized when RADIUS is not available, especially when
> considering what should happen if RADIUS comes back. Clients
> should be checked then, but the details would be complex. I think
> the used captive portal need to support that, too. If I
> understood well, this is exactly the topic of Davids explanation
> at
> http://www.linkedin.com/groups/Temporarily-allow-access-all-domains-158903.S.165235302
> .
>
> Regards,
> Steffen
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20131202/b38f451d/attachment-0001.html>


More information about the Chilli mailing list