[Chilli] RADIUS based way to set the per session

Danny Magat danny at sb-ps.ae
Tue Jan 22 11:44:58 UTC 2013


Hi David,

In freeradius adding the attributes ChilliSpot-Inject-URL =* ANY on attrs.access_reject file response back during the reject authentication.

[root at dannyraddb]# radtest 84-4B-F5-78-87-F6 password localhost:1812 0 testing123
Sending Access-Request of id 75 to 127.0.0.1 port 1812
        User-Name = "84-4B-F5-78-87-F6"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=75, length=67
        ChilliSpot-Inject-URL = "http://URL/inject.js"
[root at dannyraddb]#

root at emaar:/etc/chilli# chilli_query inspect mac 84-4B-F5-78-87-F6
MAC:   84-4B-F5-78-87-F6   IP:  10.1.0.6
---------------------------------------------------
              status: not authenticated
           challenge: 2badfb4a129d6f1d9bbd6c185e8e34f1
          session id: 50fd2ca400000001
           user name: 84-4B-F5-78-87-F6
        session time: 0 sec
     session timeout: 0 sec
           idle time: 0 sec
        idle timeout: 3600 sec
       octets in/out: in=down, out=up
           octets in: 0
          octets out: 0
          max b/w up: 0
        max b/w down: 0
      last sent time: 469 sec ago
           last seen: 465 sec ago
            user url: http://www.google.com
           url param: http://URL/inject.js
               flags:   			<------------ do I need to put something here via radius. (ChilliSpot-Config) because during my test not from the radius reply, whenever I execute chilli_query update mac (mac) inject http://URL/inject.js it is having a value of "require-uam-auth inject"

Current I am still not able to browse internet  with this setup although it should give me internet with inject. But nothing... 


Thanks  


-----Original Message-----
From: David Bird [mailto:david at coova.com] 
Sent: Monday, January 21, 2013 10:41 PM
To: Danny Magat
Cc: 'Jed Gainer'; chilli at coova.org
Subject: RE: [Chilli] RADIUS based way to set the per session

Hi Danny,

I can't say I'm an expert on the functionality of FR and it's standard database structure. Are you certain (via wireshark, etc) that FR is putting the attribute out of the radreply table when the response is Reject? 


On Sat, 2013-01-19 at 18:27 +0400, Danny Magat wrote:
> Dear David,
> 
> Yes I am using ChilliSpot-Inject-URL attributes, Below is my 
> configuration:
> Chilli.conf
> --redir
> -- macauth
> 
> -Radcheck-
> Username = mac
> Attributes = Auth-Type
> Operator = :=
> Value=Reject
> 
> Radreply
> Username = 98-03-D8-F4-0D-90
> Attributes = ChilliSpot-Inject-URL
> Operator = :=
> Value =  http://URL/inject.js
> 
> I did compile with --enable-inspect
> And its showing below:
> 
> root at danny:/etc/chilli# chilli_query inspect mac 98-03-D8-F4-0D-90
> MAC:   98-03-D8-F4-0D-90   IP:  10.1.0.2
> ---------------------------------------------------
>               status: not authenticated
>            challenge: 935faea8add1ab843786da6a87eed4e2
>           session id: 50faa9e600000001
>            user name: 98-03-D8-F4-0D-90
>         session time: 0 sec
>      session timeout: 0 sec
>            idle time: 0 sec
>         idle timeout: 0 sec
>        octets in/out: in=down, out=up
>            octets in: 0
>           octets out: 0
>           max b/w up: 0
>         max b/w down: 0
>       last sent time: 520 sec ago
>            last seen: 513 sec ago
>             user url: http://www.apple.com/library/test/success.html
>            url param:
>                flags:
> 
> 
> am I missing something in the config? Because I am not able to redirect to injected page. Please advise...
> -----Original Message-----
> From: David Bird [mailto:david at coova.com]
> Sent: Thursday, January 17, 2013 10:35 PM
> To: Danny Magat
> Cc: 'Jed Gainer'; chilli at coova.org
> Subject: Re: [Chilli] RADIUS based way to set the per session
> 
> You have tried the ChilliSpot-Inject-URL attribute? 
> 
> Also, it is also helpful to --enable-inspect so that chilli_query inspect mac <mac> gives you more information on per session configurations. 
> 
> David
> 
> 
> On Wed, 2013-01-16 at 12:17 +0400, Danny Magat wrote:
> > Yes inject url per user wherein the URL is coming from the radius reply.
> > 
> > 
> > -----Original Message-----
> > From: Jed Gainer [mailto:jedgainer at gmail.com]
> > Sent: Wednesday, January 16, 2013 8:11 AM
> > To: Danny Magat
> > Subject: Re: [Chilli] RADIUS based way to set the per session
> > 
> > I am not sure what you mean. Inject per user you mean?
> > 
> >     $.getJSON("http://10.1.0.1:3990/json/status?callback=?",
> > function(chilli) {
> >         console.log(chilli);
> >         if ($.inArray(chilli.session.userName, ['Cyndy', 'Chris']) != -1)
> >         {
> >             var addHeight =
> > (/Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(navigator.userAge
> > nt
> > ))
> > ? 60 : 40;
> >             $('body').height($('body').height() + addHeight);
> >             $('body').append('<div style="position: fixed; bottom: 
> > 0;
> > left: 0; right: 0; height: ' + addHeight + 'px; border-top: 2px 
> > solid #000; background-color: #fff"><iframe style="border: 0; width: 99%"
> > src="http://10.1.0.1/toolbar.php"></iframe></div>');
> >         }
> >     });
> > 
> > On Tue, Jan 15, 2013 at 6:07 AM, Danny Magat <danny at sb-ps.ae> wrote:
> > > Dear All,
> > >
> > >
> > >
> > > http://coova.org/node/4788#comment-9802
> > >
> > >
> > >
> > > Based on the above links by David there is a way on how to 
> > > inject-URL per session.
> > >
> > > Can somebody guide me on how to achieve this.
> > >
> > >
> > >
> > > Thanks in Advance.
> > >
> > > Danny
> > >
> > >
> > > _______________________________________________
> > > Chilli mailing list
> > > Chilli at coova.org
> > > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> > >
> > 
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> 
> 
> 

--
--
David Bird
http://www.linkedin.com/in/dwbird
https://twitter.com/wlanmac




More information about the Chilli mailing list