[Chilli] Whitelist MAC to bypass authentication?

Jason Allen jason at theallens.id.au
Mon Mar 29 06:55:01 UTC 2010


Thank-you.
It was the format. I was using AA:BB:CC, once I changed it to AA-BB-CC it
worked fine.

Much appreciated.

On Mon, Mar 29, 2010 at 17:34, Liran Tal <liran.tal at gmail.com> wrote:

>
> Possibly the format of the MAC address on the username is incorrect,
> maybe try 00-aa-bb. Or maybe you didn't add the NAS to the clients/nas
> table list?
>
>
> And also, divide and conquer is the best approach to any problem solving -
> at this point we're not sure
> if chilli isn't authentication the clients based on mac or freeradius is
> rejecting them - let's start there.
> Easy to check, monitor freeradius's log to see if requests for auth are
> coming in once you get a user
> associated with chilli.
>
>
> Regards,
> Liran.
>
>
>
> On Mon, Mar 29, 2010 at 9:27 AM, Jason Allen <jason at theallens.id.au>wrote:
>
>> Hi,
>>
>> Thanks for the response. This is what I've tried, but it's still not
>> working. ...
>>
>> I have "HS_MACAUTH=on" in my /etc/chilli/config
>> In my radius radcheck table, I've added the following ..
>> username="<mac address>";attribute="Auth-Type";op=":=";value="Accept"
>>
>> Have I missed a step, or have something wrong?
>>
>>
>> Thanks.
>>
>>
>> On Mon, Mar 29, 2010 at 17:13, Liran Tal <liran.tal at gmail.com> wrote:
>>
>>> Hey Jason,
>>>
>>> Yes, by enabling the macauth option in chilli and creating the users
>>> where their username is the mac address
>>> then you actually tell chilli that whenever a new client is handed over
>>> an IP address it is also sent immediately
>>> a RADIUS auth request.
>>>
>>>
>>> Regards,
>>> Liran.
>>>
>>>
>>> On Mon, Mar 29, 2010 at 7:08 AM, Jason Allen <jason at theallens.id.au>wrote:
>>>
>>>> Hi,
>>>>
>>>> I have Coova setup and working as a captive portal, automatically
>>>> redirecting user to a signup/logon page.
>>>>
>>>> Is it possible within Coova to have a bypass for this authentication
>>>> redirection and give instant internet access? Ideally, I would like to
>>>> define a few MAC addresses that don't get redirected and don't require logon
>>>> etc.
>>>>
>>>>
>>>> Thanks.
>>>>
>>>> --
>>>> Cheers,
>>>> Jason
>>>>
>>>> _______________________________________________
>>>> Chilli mailing list
>>>> Chilli at coova.org
>>>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>>>
>>>>
>>>
>>>
>>> --
>>> --
>>> Sincerely, Liran Tal
>>>
>>> Founder and CTO
>>> Linux and Open Source
>>> Enginx - http://enginx.com
>>>
>>
>>
>>
>> --
>> Cheers,
>> Jason
>>
>
>
>
> --
> --
> Sincerely, Liran Tal
>
> Founder and CTO
> Linux and Open Source
> Enginx - http://enginx.com
>



-- 
Cheers,
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20100329/d40449a7/attachment-0001.htm>


More information about the Chilli mailing list