[Chilli] Administrative-User session & config update

David Bird david at coova.com
Thu Aug 9 16:58:44 UTC 2012


You can have it re-auth based on the --interval option value. 

Cheers,
David

On Thu, 2012-08-09 at 16:29 +0100, Adam Hammond wrote:
> Thanks David,
> 
> My mistake was to use both the administrative-update session AND the radius config functionality at the same time (for reasons not worth going into). Confusion reigned. 
> 
> What wasn't clear to me was that you could forgo any RADCONF-esque functionality, not need to call radiusconfig in init, and just use the Administrative-User functionality when starting up with half the configuration on the device and the rest supplied centrally. All cleared up now.
> 
> @David - Can I control the amount of time between re authentication of the administrative user session or is it hard coded to an hour?
> 
> @Bojan - the administrative-user functionality allows you to host a subset of your configuration centrally (accessible via radius), to change that configuration at will and have it updated on all relevant chilli instances in a timely and automatic fashion.
> 
> Cheers,
> Adam
> 
> On 8 Aug 2012, at 15:29, David Bird wrote:
> 
> > Be sure the adminupdatefile is also included into your chilli
> > configuration (using 'include <filename>'). 
> > 
> > David
> > 
> > 
> > On Tue, 2012-08-07 at 13:48 +0100, Adam Hammond wrote:
> >> Hi list,
> >> 
> >> Has anyone succeeded in getting the Administrative-User session functionality fully working?
> >> 
> >> I have a test AP running an Adminstrative-User session fine (config is returned in Access-Accept and stored in a file). The config is written to non-default file (/tmp/foo) in line with my adminupdatefile setting. The session re-auths every hour and the config is re-written to my adminupdatefile at that time.
> >> 
> >> If I change the settings returned in radius what DOESN'T happen is these changes being recognised, copied to the chilli config file (hs.conf) and chilli HUP'd. 
> >> 
> >> This would be trivial to do manually via a script in cron, but it's my understanding that chilli should do this. Am I wrong or is this a bug do you think/know?
> >> 
> >> I have also not had any luck controlling the interval in which chilli re-auths the administrative-user session. I have tried setting HS_ADMININTERVAL and also returning a Session-Timeout value in the Access-Accept to no avail. Has anyone had any success controlling the session time?
> >> 
> >> I've included some debug output below for anyone that knows if this looks right or not. It appears that the config is saved in my adminupdatefile location and copied to /tmp/hs.conf rather than /etc/chilli/hs.conf (?)
> >> 
> >> Possibly relevant: I'm not using a call to writeconfg in my start script. I want to fully control the dns servers over radius. If I use writeconfig the dns1 attribute is set to the devices primary dns server (or one that I hardcode) and this is not overruled if I return a different server ip by radius config. Rather than find a way to patch the functions file I took the easy route of using a static main.conf and fetching the rest of the configuration over radius.
> >> 
> >> Many thanks in advance,
> >> Adam
> >> 
> >> coova-chilli 1.2.9 on Openwrt
> >> 
> >> 
> >> radius.c: 224: 0 (Debug) qnext=6
> >> radius.c: 294: 0 (Debug) RADIUS queue-in id=6 idx=6
> >> radius.c: 1505: 0 (Debug) RADIUS id=6 sent to x.x.x.x:11812
> >> main-opt.c: 601: 0 (Debug) DHCP Listen: 172.17.2.1
> >> main-opt.c: 602: 0 (Debug) UAM Listen: 172.17.2.1
> >> radius.c: 1740: 0 (Debug) Received RADIUS packet id=6
> >> radius.c: 264: 0 (Debug) idx 6 pid 6 id 6
> >> radius.c: 406: 0 (Debug) RADIUS queue-out id=6 idx=6
> >> chilli.c: 4379: 0 (Debug) Received RADIUS response id=6
> >> chilli.c: 4568: 0 (Debug) Received RADIUS Access-Accept
> >> chilli.c: 4197: 0 (Debug) looking to replace: /tmp/coova-update
> >> chilli.c: 4213: 0 (Debug) using temp: /tmp/hs.conf
> >> ...
> >> options.c: 442: 0 (Debug) PID 7050 saving options to /var/run/chilli.6503.cfg.bin
> >> chilli.c: 6800: 0 (Debug) Processing cmdsock request...
> >> chilli.c: 347: 0 (Debug) SIGUSR1: reloading configuration
> >> options.c: 189: 0 (Debug) PID 6503 rereading binary file /var/run/chilli.6503.cfg.bin
> >> options.c: 651: 0 (Debug) PID 6503 reloaded binary options file
> >> chilli.c: 378: 0 (Debug) caught 18 via selfpipe
> >> chilli.c: 309: 0 (Debug) child 7050 terminated
> >> options.c: 442: 0 (Debug) PID 7049 saving options to /var/run/chilli.6503.cfg.bin
> >> chilli.c: 6800: 0 (Debug) Processing cmdsock request...
> >> chilli.c: 347: 0 (Debug) SIGUSR1: reloading configuration
> >> options.c: 189: 0 (Debug) PID 6503 rereading binary file /var/run/chilli.6503.cfg.bin
> >> options.c: 651: 0 (Debug) PID 6503 reloaded binary options file
> >> chilli.c: 378: 0 (Debug) caught 18 via selfpipe
> >> chilli.c: 309: 0 (Debug) child 7049 terminated
> >> _______________________________________________
> >> Chilli mailing list
> >> Chilli at coova.org
> >> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> > 
> > 
> 




More information about the Chilli mailing list