[Chilli] Captive portal "looping" problem - maybe radius / radius-proxy timeout problem ?

Maria Angélica Lizarazo maltara86 at gmail.com
Thu Jul 25 12:17:44 UTC 2013


Hi Derek. You should check the date format that you're using. I have the
same problem but it is because the date that radius use is like this:
YYYY:MM:DD-hh:mm:ss:ss. In numbers, the date is set like
2013:05:03-00:00:00. So radius gets caught in a loop because the date is
still valid but the hours are not.  Unfortunately , in my case I have to
use that format but maybe you can change the one that you use.
Could you tell me how are you using the chilli_proxy feature? Is it to
intercept the borwser request to a proxy server
2013/7/15 <chilli-request at coova.org>

> Send Chilli mailing list submissions to
>         chilli at coova.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
> or, via email, send a message with subject or body 'help' to
>         chilli-request at coova.org
>
> You can reach the person managing the list at
>         chilli-owner at coova.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Chilli digest..."
>
>
> Today's Topics:
>
>    1. Content-injection (Derek Conniffe)
>    2. Captive portal "looping" problem - maybe radius /
>       radius-proxy timeout problem ? (Derek Conniffe)
>    3. Re: Captive portal "looping" problem - maybe radius /
>       radius-proxy timeout problem ? (Derek Conniffe)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 14 Jul 2013 15:48:21 +0100
> From: Derek Conniffe <derek at hssl.ie>
> To: "chilli at coova.org" <chilli at coova.org>
> Subject: [Chilli] Content-injection
> Message-ID: <04D5D258-BEB3-4667-9178-F5E91C796DFB at hssl.ie>
> Content-Type: text/plain; charset=us-ascii
>
> Hi Jed,
>
> Did you get Content-Injection working with Coova Chilli?
>
> A long time ago I tried this with various proxies (Tinyproxy, Privoxy,
> Squid with content adaption) but I do remember reading David Bird's blog
> post about content injection natively in Coova Chilli which sounds much
> neater if its now part of Coova Chilli (I didn't think it was yet?)
>
> thanks,
>
> Derek
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Sun, 14 Jul 2013 15:33:19 +0100
> From: Derek Conniffe <derek at hssl.ie>
> To: chilli at coova.org
> Subject: [Chilli] Captive portal "looping" problem - maybe radius /
>         radius-proxy timeout problem ?
> Message-ID: <B85120C0-55ED-4E4F-824D-3CB07CE274DD at hssl.ie>
> Content-Type: text/plain; charset=us-ascii
>
> Hi everyone,
>
> I've been playing with coova chilli for years and its feature set is great
> and I really love new features (especially chilli_proxy that appeared in
> 1.2.9)!.
>
> I'm having a problem and I think I've also seen this problem over the
> years too.
>
> I'm using coova chilli 1.2.9 and right now I'm using chilli-proxy with
> HTTP authentication (so no radius server at all) and I'm using mac
> authentication.
>
> The problem is that for some reason coova chilli thinks the user isn't
> authorised so it sends the user to the login page (uamhomepage) *but* I
> have checking in my home page to see if the user is actually authenticated
> (in the DB) or not and, if they are, I try to redirect them to
> www.google.com - I'd hope this situation wouldn't happen but it does
> regularly.  Its worse actually because I can sometimes see devices looping
> through my uamhomepage page over and over again and then, maybe, eventually
> getting Google.  (coova chilli keeps thinking the client isn't
> authenticated - when this happens I can see that my web server handling the
> chilli proxy requests as per the uamaaaurl directive is *NOT* getting the
> coova chilli request at all!).
>
> I see this problem more if the internet connection to the coova chilli
> enabled AP is slow.  This makes me think its some kind of radius timeout
> issue.  I did add the line "radiustimeout=90" to my chilli conf file (I
> think that sets the radius timeout to 90 seconds) but this didn't appear to
> have any effect.
>
> I haven't seen anything in the chilli log output yet but mostly this is
> because I haven't been getting detailed logs in my APs.  Now I'm trying to
> use remote syslog to a dedicated server so this might help.
>
> The issue could be in chilli_proxy.  If so I might have to go back to
> having a freeradius server but I'd hate to do that.
>
> Has anyone else seen this type of problem before?
>
> thanks for any info!
>
> Derek
>
> ------------------------------
>
> Message: 3
> Date: Sun, 14 Jul 2013 16:24:28 +0100
> From: Derek Conniffe <derek at hssl.ie>
> To: chilli at coova.org
> Subject: Re: [Chilli] Captive portal "looping" problem - maybe radius
>         /       radius-proxy timeout problem ?
> Message-ID: <38272CD1-794D-495B-9E23-16B417AEE822 at hssl.ie>
> Content-Type: text/plain; charset=us-ascii
>
> Ok - an update.
>
> Adding in syslog-ng and remote logging *was* a good idea for sure!
>
> This is the error that seems to be related to my problem: -
>
> Jul 14 15:16:17 5.54.29.155 syslog: main-proxy.c: 142: out of connections
>
> I wonder is there somehow a connect leak?
>
> This AP would not be that busy.  I see that in the source code there is a
> max number of requests set to 16 and I would think that this should be
> perfectly good so I wonder is there some kind of connection leak?
>
> Derek
>
> Log file output: -
>
> Jul 14 15:20:46 5.54.29.155 syslog: main-proxy.c: 142: out of connections
> Jul 14 15:20:46 5.54.29.155 syslog: main-proxy.c: 102: 000. inuse=1
> prev=-001 next=-001 url=
> http://MY-UAM-AAA-URL?stage=counters&status=update&user=AC-3C-0B-30-XX-XX&ap=02-DB-36-1D-XX-XX&mac=AC-3C-0B-30-XX-XX&ip=10.0.0.54&sessionid=51e075db00000009&nasid=dc9fdb3xxxx&duration=241&bytes_down=0&pkts_down=0&bytes_up=0&pkts_up=0fd=29
>
>
>
>
>
> On 14 Jul 2013, at 15:33, Derek Conniffe <derek at hssl.ie> wrote:
>
> > Hi everyone,
> >
> > I've been playing with coova chilli for years and its feature set is
> great and I really love new features (especially chilli_proxy that appeared
> in 1.2.9)!.
> >
> > I'm having a problem and I think I've also seen this problem over the
> years too.
> >
> > I'm using coova chilli 1.2.9 and right now I'm using chilli-proxy with
> HTTP authentication (so no radius server at all) and I'm using mac
> authentication.
> >
> > The problem is that for some reason coova chilli thinks the user isn't
> authorised so it sends the user to the login page (uamhomepage) *but* I
> have checking in my home page to see if the user is actually authenticated
> (in the DB) or not and, if they are, I try to redirect them to
> www.google.com - I'd hope this situation wouldn't happen but it does
> regularly.  Its worse actually because I can sometimes see devices looping
> through my uamhomepage page over and over again and then, maybe, eventually
> getting Google.  (coova chilli keeps thinking the client isn't
> authenticated - when this happens I can see that my web server handling the
> chilli proxy requests as per the uamaaaurl directive is *NOT* getting the
> coova chilli request at all!).
> >
> > I see this problem more if the internet connection to the coova chilli
> enabled AP is slow.  This makes me think its some kind of radius timeout
> issue.  I did add the line "radiustimeout=90" to my chilli conf file (I
> think that sets the radius timeout to 90 seconds) but this didn't appear to
> have any effect.
> >
> > I haven't seen anything in the chilli log output yet but mostly this is
> because I haven't been getting detailed logs in my APs.  Now I'm trying to
> use remote syslog to a dedicated server so this might help.
> >
> > The issue could be in chilli_proxy.  If so I might have to go back to
> having a freeradius server but I'd hate to do that.
> >
> > Has anyone else seen this type of problem before?
> >
> > thanks for any info!
> >
> > Derek
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
>
> ------------------------------
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
> End of Chilli Digest, Vol 44, Issue 3
> *************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130725/3de61266/attachment.html>


More information about the Chilli mailing list