[Chilli] CoovaChiili Permit Server IP

Xabier Oneca -- xOneca xoneca at gmail.com
Wed May 22 11:23:57 UTC 2013


Maybe he meant 'macup'. This *does* run after the initial DHCP request, but
I'm afraid won't work if you have an external DHCP server set-up... Neither
know when was implemented, as it doesn't still appear in the online manual
page...

--
Xabier Oneca_,,_
El 22/05/2013 12:59, "Francesc Romà i Frigolé" <francesc at socialandbeyond.com>
escribió:

> Hi,
>
> I think that what David is suggesting is to authorize the IPs
> syncronously, as soon as they show up in the network, rather than polling
> for them every minute. That would make the system more responsive.
>
> What I don't understand is how would it be possible to accomplish that
> with the conup script. As it is documented here
> http://coova.org/CoovaChilli/chilli.conf  the conup script is executed
> after a session is authorized. I wouldn't expect it to be executed when the
> device shows up in the network, before is authorized.
>
>
> Francesc Romà i Frigolé
> CTO
> Torre Telefónica Diagonal 00, planta 11, Wayra
> Plaça Ernest Lluch i Martín, 5
> 08019 Barcelona
> Tel. +34 93.1234.962
> Skype: cescpak
>
>
>
> On Wed, May 22, 2013 at 9:52 AM, Russell Mike <radius.sir at gmail.com>wrote:
>
>> Hi Luis & David,
>>
>> Thanks for your inputs, discussion became very interesting. Thanks for
>> sharing ideas. standing by to hear more from David. B about conup.
>>
>> Thanks / Regards
>> --RM
>>
>>
>>
>> On Tue, May 21, 2013 at 6:10 PM, Luis Ferreira <lferreira at cabocom.cv>wrote:
>>
>>> **
>>>
>>> Hi David,
>>>
>>> Can you clarify on the conup?
>>>
>>> From what I understood, you are saying that is a script that is run
>>> every time a client connects to the network. (correct?)
>>>
>>> If true, will that work in my case, with another server running ISC-DHCP
>>> ?
>>>
>>> Where can I configure it? Where is it located?
>>>
>>> Regards,
>>>
>>> Luis
>>>
>>> -----Mensagem original-----
>>> De: chilli-bounces at coova.org [mailto:chilli-bounces at coova.org<chilli-bounces at coova.org>]
>>> Em nome de David Bird
>>> Enviada: terça-feira, 21 de Maio de 2013 16:01
>>> Para: chilli at coova.org
>>> Assunto: Re: [Chilli] CoovaChiili Permit Server IP
>>>
>>> There could be an option similar to macallowed (plus macallowlocal) but
>>> for layer3 mode using ip addresses. Using a script like the one suggested
>>> would also work - though, I think you'd want 'authorize'
>>>
>>> instead of 'login' since you don't have RADIUS. You can also do
>>> something similar from the conup script so that as soon as the station
>>> connects, you authorize it.
>>>
>>> On Tue, 2013-05-21 at 09:23 -0100, Luis Ferreira wrote:
>>>
>>> > Hi Russell,
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > Here we had the same problem, and were able to fix it with the
>>>
>>> > following script:
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > #!/bin/bash
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > usercheck=$(/usr/local/sbin/chilli_query
>>>
>>> > -s /usr/local/var/run/chilli.vlanxx.sock list |grep -c "1
>>>
>>> > accountusername ")
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > if [ $usercheck = '0' ];
>>>
>>> >
>>>
>>> > then
>>>
>>> >
>>>
>>> >         echo "Logging in accountname"
>>>
>>> >
>>>
>>> >         /usr/local/sbin/chilli_query
>>>
>>> > -s /usr/local/var/run/chilli.vlanxx.sock login ip 192.168.10.251
>>>
>>> > username accountusername password accountpassword
>>>
>>> >
>>>
>>> > fi
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > Replace account name, account password and IP for the correct ones.
>>>
>>> > Also check the location of the sock files.
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > This script is running every minute. If the IP is not present, Chilli
>>>
>>> > will not perform the login and ignore it. But if it is present (client
>>>
>>> > connected) it will trigger the account login.
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > This is a very dirty hack, but we have been using it for more than 2
>>>
>>> > years and it never failed (except when the account would ran out of
>>>
>>> > credit J ).
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > Btw, if someone as a different (and less hacked) way of doing this on
>>>
>>> > layer 3, please share it.
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > Regards,
>>>
>>> >
>>>
>>> > Luis
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > Dear Coova Gurus,
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > CoovaChilli Layer3, Working great. But for some days now, i am working
>>>
>>> > CoovaChilli to allow some devices to allow access without
>>>
>>> > authentication AND have Static IP address. (Servers, IP phones, Apple
>>>
>>> > TV etc..).
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > MAC auth do not help because of L3 setup. Have anyone got the idea.
>>>
>>> > How can configure coovachilli to allow access 10 static ip address out
>>>
>>> > of a subnet by default.
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > Thanks in advance.
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> >
>>>
>>> > Thanks / Regards
>>>
>>> >
>>>
>>> >
>>>
>>> > _______________________________________________
>>>
>>> > Chilli mailing list
>>>
>>> > Chilli at coova.org
>>>
>>> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>>
>>> --
>>>
>>> --
>>>
>>> David Bird
>>>
>>> http://www.linkedin.com/in/dwbird/
>>>
>>> _______________________________________________
>>>
>>> Chilli mailing list
>>>
>>> Chilli at coova.org
>>>
>>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>>
>>> _______________________________________________
>>> Chilli mailing list
>>> Chilli at coova.org
>>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>>
>>>
>>
>> _______________________________________________
>> Chilli mailing list
>> Chilli at coova.org
>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>
>>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130522/85910bcd/attachment-0001.html>


More information about the Chilli mailing list