[Chilli] Fixed IP addresses for APs and DHCP for clients
Felipe Augusto van de Wiel
felipe.wiel at hpp.org.br
Tue Jan 12 23:49:39 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 11-01-2010 18:57, Felipe Augusto van de Wiel wrote:
[...]
> If I understood correctly, when I opt for
> macauth the MAC addresses are used as users for RADIUS
> and that is not what I want based on the previous
> scenario, considering that I didn't like to waste some
> address because of the range allocation (statip/dynip)
> I'm inclined to use macallowed, that will mix the fixed
> IP addresses with the single user web auth, and
> eventually, if the company decides to auth more users
> or limit some of them, the "mixed" solution still work.
> Does it sound like a good plan? (At least until the
> new options similar to ethers come to production).
I choose the Framed-IP-Address option, I'm not
using 1.2.0 right, but I'm willing to upgrade, specially
to the new version with the --ethers option.
But my configuration is not yet working. :-(
Here is the relevant part of my /etc/chilli/config:
HS_WANIF=eth1 # WAN Interface toward the Internet
HS_LANIF=eth0 # Subscriber Interface for client devices
HS_NETWORK=10.200.200.1 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=10.200.200.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot Port (on subscriber network)
HS_TCP_PORTS="22 80 443"
Since some options seems to not be handled by the
config file, I added them into local.conf and I know,
macallowed is handled by config, but for some reason the
version of MAC address without "-" was not working with
FreeRADIUS (I just changed the final two hexas of MACs).
dhcpstart 11
dhcpend 250
macallowed 00-0F-CB-FC-AA-AA
macallowed 00-0F-CB-FC-AA-AB
macallowed 00-18-6E-C3-AA-AC
macallowed 00-0F-CB-FD-AA-AD
macallowed 00-0F-CB-FF-AA-AE
macallowed 00-0F-CB-FC-AA-AF
macallowed 00-18-6E-C4-AA-BA
macallowed 00-23-6C-D6-AA-BB
macpasswd password
lease 3600
In /etc/freeradius/users I have entries like this:
"00-0F-CB-FC-AA-AA" Cleartext-Password := "password"
Service-Type = Framed-User,
Framed-IP-Address = 10.200.200.231,
Framed-IP-Netmask = 255.255.255.0
When I restart the AP with that MAC address I see
this in the logs:
/var/log/freeradius/radius.log:
Tue Jan 12 21:35:09 2010 : Auth: Login OK: [00-0F-CB-FC-AA-AA/password] (from client localhost port 7 cli 00-0F-CB-FC-AA-AA)
/var/log/messages:
Jan 12 21:35:09 host coova-chilli[20319]: chilli.c: 3007: New DHCP request from MAC=00-0F-CB-FC-AA-AA
Jan 12 21:35:21 host coova-chilli[20319]: chilli.c: 3138: DHCP addr released by MAC=00-0F-CB-FC-AA-AA IP=10.200.200.231
The released message seems wrong to me, and indeed,
I can't ping the access point after that, just for some
seconds. :-(
Is something I'm doing horribly wrong?
Kind regards,
- --
Felipe Augusto van de Wiel <felipe.wiel at hpp.org.br>
Tecnologia da Informação (TI) - Complexo Pequeno Príncipe
http://www.pequenoprincipe.org.br/ T: +55 41 3310 1747
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCgAGBQJLTQqPAAoJECCPPxLgxLxPZCoP/iYQeTC45yI94M3ZluKvyML/
GablCnXNOnUPkyNSII4rwNZaA62gL8JA5ilqlKKv7qrQ3C3zQUHr/vXNFtMPWBxm
P5rXrfYZuKRiyysv14IRNURyb8fn4iJUnkIEhQxIMFJDd7EiRN7mnhTQkG3m0hCq
0EordCQzRky4pl+mgcWQfFD1/Ren9PG03+/bE0+L0XSBITqiN431u1cgvduIZ3Wo
AAo6FjPyMQwFF0p0ABWBGxcTVAHsV8frA6x5u3qqCMW1eLnfPgGmDQuVKtUIKT9E
DflKnhNX+Ar1tkSgeLXRgbOrZgFBOSTGJR0oRqIP9Ihk3dlwt7GqXPP+aM2tIBII
26zZBuARaDjwK+cPWzy7++OqDbqiGldoId8ul60OAS8BFzI0hUjN7MbmnlIi2Hql
TaEpxU9sRL+or1w2l1VsrFdOHrYViBNNgJGUA0C5nomEMRbdJo7n7RcdR3V8o2Te
Lqq3ESosqB9yZekFjDuD0kccXPWTdyd4ugUq9pEXdItHA4ZAasFWXTGDAoPvCwI6
dJnsemzqvfLIVu4J7WW+4cbinFafvdrP/IqvL4nj42ZHMrdUc1RtrcZyPaSa7bQ0
Uh56jMZE+SZG8UoiqGGxzay2dCjNUMLLwi3aKxdUa7T97L+5v9IAEn4XQwhPEhY1
EA3WSLvUgMJ7pY7+FF85
=n4TX
-----END PGP SIGNATURE-----
More information about the Chilli
mailing list