chilli-radius - Information about RADIUS in chilli
chilli uses RADIUS for access provisioning and statistics. Standards and best practices defined in RFCs are followed as best possible. However, chilli does take some liberties and bends the rules in places to better adapt to the more dynamic application of captive portals.
See http://www.coova.org/CoovaChilli/RADIUS for details.
The RADIUS Attributes used by chilli and a short description:
Full username as entered by the user.
Used for UAM as alternative to CHAP-Password and CHAP-Challenge.
Used for UAM CHAP Authentication
Used for UAM CHAP Authentication
Used for WPA Authentication
IP address of Chilli (set by the ‘‘nasip’’ or ‘‘radiuslisten’’ option, and otherwise “0.0.0.0”)
Set to Login (1) for normal authentication requests. The Access-Accept message from the radius server for configuration management messages must also be set to Administrative-User.
IP address of the user, which is configurable during MAC authentication in the Access-Accept.
IP netmask of the user, which is configurable during MAC authentication in the Access-Accept.
Filter ID pass on to scripts possibly.
Reason of reject if present.
Sent to chilli in Access-Accept or Access-Challenge. Used transparently in subsequent Access-Request.
Copied transparently by chilli from Access-Accept to Accounting-Request.
Logout once session timeout is reached (seconds)
Logout once idle timeout is reached (seconds)
Set to the ‘‘nasmac’’ option or the MAC address of chilli.
MAC address of client
Set to radiusnasid option if present.
1=Start, 2=Stop, 3=Interim-Update
Number of octets received from client.
Number of octets transmitted to client.
Unique ID to link Access-Request and Accounting-Request messages.
Session duration in seconds.
Number of packets received from client.
Number of packets transmitted to client.
1=User-Request, 2=Lost-Carrier, 4=Idle-Timeout, 5=Session-Timeout, 11=NAS-Reboot
Number of times the Acct-Input-Octets counter has wrapped around.
Number of times the Acct-Output-Octets counter has wrapped around.
Is always included in Access-Request. If present in Access-Accept, Access-Challenge or Access-reject chilli will validate that the Message-Authenticator is correct.
If present in Access-Accept chilli will generate interim accounting records with the specified interval (seconds).
WISPr-Location-ID (14122, 1)
Location ID is set to the radiuslocationid option if present. Should be in the format: isocc=
WISPr-Location-Name (14122, 2)
Location Name is set to the radiuslocationname option if present. Should be in the format:
WISPr-Logoff-URL (14122, 3)
Included in Access-Request to notify the operator of the log off URL. Defaults to “http://uamlisten:uamport/logoff”.
WISPr-Redirection-URL (14122, 4)
If present the client will be redirected to this URL once authenticated. This URL should include a link to WISPr-Logoff-URL in order to enable the client to log off.
WISPr-Bandwidth-Max-Up (14122, 7)
Maximum transmit rate (b/s). Limits the bandwidth of the connection. Note that this attribute is specified in bits per second.
WISPr-Bandwidth-Max-Down (14122, 8)
Maximum receive rate (b/s). Limits the bandwidth of the connection. Note that this attribute is specified in bits per second.
WISPr-Session-Terminate-Time (14122, 9)
The time when the user should be disconnected in ISO 8601 format (YYYY-MM-DDThh:mm:ssTZD). If TZD is not specified local time is assumed. For example a disconnect on 18 December 2001 at 7:00 PM UTC would be specified as 2001-12-18T19:00:00+00:00.
ChilliSpot-Max-Input-Octets (14559, 1)
Maximum number of octets the user is allowed to transmit. After this limit has been reached the user will be disconnected.
ChilliSpot-Max-Output-Octets (14559, 2)
Maximum number of octets the user is allowed to receive. After this limit has been reached the user will be disconnected.
ChilliSpot-Max-Total-Octets (14559, 3)
Maximum total octets the user is allowed to send or receive. After this limit has been reached the user will be disconnected.
ChilliSpot-Bandwidth-Max-Up (14559, 4)
Maximum bandwidth up
ChilliSpot-Bandwidth-Max-Down (14559, 5)
Maximum bandwidth down
ChilliSpot-Config (14559, 6)
Configurations passed between chilli and back-end as name value pairs
ChilliSpot-Lang (14559, 7)
Language selected in user interface
ChilliSpot-Version (14559, 8)
Contains the version of the running CoovaChilli
ChilliSpot-DHCP-Netmask (14559, 61)
DHCP IP netmask of the user, which is configurable during MAC authentication in the Access-Accept.
ChilliSpot-DHCP-DNS1 (14559, 62)
DHCP DNS1 of the user, which is configurable during MAC authentication in the Access-Accept.
ChilliSpot-DHCP-DNS2 (14559, 63)
DHCP DNS2 of the user, which is configurable during MAC authentication in the Access-Accept.
ChilliSpot-DHCP-Gateway (14559, 64)
DHCP Gateway of the user, which is configurable during MAC authentication in the Access-Accept.
ChilliSpot-DHCP-Domain (14559, 65)
DHCP Domain of the user, which is configurable during MAC authentication in the Access-Accept.
Used for WPA
Used for WPA
See http://www.coova.org/ for further documentation and community support.
Copyright (C) 2006-2011 Coova Techcnologies, LLC,
CoovaChilli is licensed under the GNU General Public License.