[Chilli] Whitelist MAC to bypass authentication?
Liran Tal
liran.tal at gmail.com
Mon Mar 29 11:33:11 UTC 2010
Sure thing.
Regards,
Liran.
On Mon, Mar 29, 2010 at 9:55 AM, Jason Allen <jason at theallens.id.au> wrote:
> Thank-you.
> It was the format. I was using AA:BB:CC, once I changed it to AA-BB-CC it
> worked fine.
>
> Much appreciated.
>
> On Mon, Mar 29, 2010 at 17:34, Liran Tal <liran.tal at gmail.com> wrote:
>
>>
>> Possibly the format of the MAC address on the username is incorrect,
>> maybe try 00-aa-bb. Or maybe you didn't add the NAS to the clients/nas
>> table list?
>>
>>
>> And also, divide and conquer is the best approach to any problem solving -
>> at this point we're not sure
>> if chilli isn't authentication the clients based on mac or freeradius is
>> rejecting them - let's start there.
>> Easy to check, monitor freeradius's log to see if requests for auth are
>> coming in once you get a user
>> associated with chilli.
>>
>>
>> Regards,
>> Liran.
>>
>>
>>
>> On Mon, Mar 29, 2010 at 9:27 AM, Jason Allen <jason at theallens.id.au>wrote:
>>
>>> Hi,
>>>
>>> Thanks for the response. This is what I've tried, but it's still not
>>> working. ...
>>>
>>> I have "HS_MACAUTH=on" in my /etc/chilli/config
>>> In my radius radcheck table, I've added the following ..
>>> username="<mac address>";attribute="Auth-Type";op=":=";value="Accept"
>>>
>>> Have I missed a step, or have something wrong?
>>>
>>>
>>> Thanks.
>>>
>>>
>>> On Mon, Mar 29, 2010 at 17:13, Liran Tal <liran.tal at gmail.com> wrote:
>>>
>>>> Hey Jason,
>>>>
>>>> Yes, by enabling the macauth option in chilli and creating the users
>>>> where their username is the mac address
>>>> then you actually tell chilli that whenever a new client is handed over
>>>> an IP address it is also sent immediately
>>>> a RADIUS auth request.
>>>>
>>>>
>>>> Regards,
>>>> Liran.
>>>>
>>>>
>>>> On Mon, Mar 29, 2010 at 7:08 AM, Jason Allen <jason at theallens.id.au>wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I have Coova setup and working as a captive portal, automatically
>>>>> redirecting user to a signup/logon page.
>>>>>
>>>>> Is it possible within Coova to have a bypass for this authentication
>>>>> redirection and give instant internet access? Ideally, I would like to
>>>>> define a few MAC addresses that don't get redirected and don't require logon
>>>>> etc.
>>>>>
>>>>>
>>>>> Thanks.
>>>>>
>>>>> --
>>>>> Cheers,
>>>>> Jason
>>>>>
>>>>> _______________________________________________
>>>>> Chilli mailing list
>>>>> Chilli at coova.org
>>>>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> --
>>>> Sincerely, Liran Tal
>>>>
>>>> Founder and CTO
>>>> Linux and Open Source
>>>> Enginx - http://enginx.com
>>>>
>>>
>>>
>>>
>>> --
>>> Cheers,
>>> Jason
>>>
>>
>>
>>
>> --
>> --
>> Sincerely, Liran Tal
>>
>> Founder and CTO
>> Linux and Open Source
>> Enginx - http://enginx.com
>>
>
>
>
> --
> Cheers,
> Jason
>
--
--
Sincerely, Liran Tal
Founder and CTO
Linux and Open Source
Enginx - http://enginx.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20100329/eda9b602/attachment.htm>
More information about the Chilli
mailing list