[Chilli] Does option noradallow effect radconf only?

Steffen Dettmer steffen.dettmer at nomadrail.com
Mon Dec 2 11:16:08 UTC 2013


Hi,

in short: what is the effect of --noradallow? Also a short and
rough answer would be appreciated!

I tried the option noradallow but I noticed no effect (I'm not
using radconfig). Looking to the source, adding a few log
messages and debugging a bit around I think this option is for
"configuring chilli parameter using radius" only. Is this
correct?

Help tells "Allow all sessions when RADIUS is not available" and
in ChangeLog I read "Added runtime option --noradallow to
authorize sessions when RADIUS is not available", but I'm not
sure what kind of sessions are in scope.

The option is checked only in cb_radius_auth_conf(), but not in
redir_cb_radius_auth_conf(), but I think the latter handles the
access request response after captive portal redirection and
login, correct? (I verified by adding log statement in "if
(_options.noradallow)" and its "else" - but neither one appears
in debug output).

I noticed that when RADIUS becomes unreachable, authorized
clients continue to have access.

NB: For me it is hard to see how client sessions could be
authorized when RADIUS is not available, especially when
considering what should happen if RADIUS comes back. Clients
should be checked then, but the details would be complex. I think
the used captive portal need to support that, too. If I
understood well, this is exactly the topic of Davids explanation
at http://www.linkedin.com/groups/Temporarily-allow-access-all-domains-158903.S.165235302.

Regards,
Steffen


More information about the Chilli mailing list