[Chilli] Repeated, rapid-fire mac-auth requests received by the RADIUS server
Guy Kamanda
guy_kamanda at yahoo.com
Thu Mar 22 13:15:55 UTC 2012
Dear All,
I have a project for hotspot deployment. How can I get help for setting Access control, Raduis, and payment with credits cards, paypal and cash. And what is the price for this?
Forward me to someone who can work here.
BR
Guy
________________________________
From: Adam Hammond <adam at freerunr.com>
To: David Bird <david at coova.com>
Cc: chilli at coova.org
Sent: Thursday, March 22, 2012 12:00 PM
Subject: Re: [Chilli] Repeated, rapid-fire mac-auth requests received by the RADIUS server
Great, thanks David.
I'll be happy to help test any of this functionality if/when you implement it in the future.
Adam
On 22 Mar 2012, at 05:45, David Bird wrote:
> Using strictmacauth (with macauth) should limit some radius requests. Chilli used to always be 'strict' in that it would not respond to the first dhcp request (instead sends radius which may return setting the IP to use). This made dhcp 'slow' even though most people do not probably use the IP setting feature. I will look into why chilli is sending too many macauth quickly. Though, it may be good for it to not just do it once and never again for the session (may seem to use macauth as primary auth mechanism after adding visitor Macs to database. Maybe I offer a new option for 'dhcpmacauth' that will continue to send auth for dhcp requests, with the default being only one Mac auth at first dhcp association (after IP was assigned) , and strictmacauth will have the one (or two) auths - one before IP assignment and possibly one after chilli had assigned an IP (if not otherwise assigned by first radius response).
>
>
> -------- Original message --------
> Subject: Re: [Chilli] Repeated, rapid-fire mac-auth requests received by the RADIUS server
> From: Adam Hammond <adam at freerunr.com>
> To: Mike Puchol <puchol at me.com>
> CC: chilli at coova.org
>
>
> Hi Mike,
>
> If my understanding is correct coova-chilli implements basic mac-auth functionality by sending an authentication packet every time is receives a DHCPREQUEST. If you look at your debug output you'll probably see that devices actually ask for all sorts of ip addresses when talking to dhcp servers and receiving an ip address (self signed, old addresses, the address that are given etc etc). Each request results in an auth attempt.
>
> I was looking into this the other day as I wanted a system where I only get one access request per device. There is an option that changes the way the macauth process works in chilli:
>
> --strictmacauth Be strict about MAC Auth (no DHCP reply until we get RADIUS reply) (default=off)
>
> ... which implements macauth functionality how it should be (IMO).
>
> Unfortunately I can't get it to work on 1.2.9 (I haven't tried older versions). When added as an additional option to --macauth I still see lots of auth packets flying around. When I replace --macauth with --strictmacauth then mac auth functionality is un-enabled. I don't see any reference to this 'strictmacauth' in the 'functions' file so I'm not even sure it's implemented any more.
>
> Hopefully David can clear this up and it's a feature I'd really like to use.
>
> cheers,
> Adam
>
>
>
>
> On 21 Mar 2012, at 12:51, Mike Puchol wrote:
>
> > Hi all,
> >
> > I'm having an odd problem with my setup, involving Ubiquiti routers and a Radiator server, with MAC authentication against RADIUS enabled. The server will receive a seemingly random number of access-request packets, in rapid succession (even less than 1 second between them), usually between one and six packets.
> >
> > My first thought is that chilli is sending out requests without a reply wait timer, or a timer set too low, and so it fires away until it gets a reply from the server.
> >
> > Has anyone else come across this?
> >
> > Cheers,
> >
> > Mike
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
_______________________________________________
Chilli mailing list
Chilli at coova.org
http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20120322/efc81a8b/attachment.html>
More information about the Chilli
mailing list