[Chilli] CoovaChiili Permit Server IP

[Russell Mike]

Hi Luis & David,

Thanks for your inputs, discussion became very interesting. Thanks for
sharing ideas. standing by to hear more from David. B about conup.

Thanks / Regards
--RM


On Tue, May 21, 2013 at 6:10 PM, Luis Ferreira <lferreira at cabocom.cv> wrote:

> **
>
> Hi David,
>
> Can you clarify on the conup?
>
> From what I understood, you are saying that is a script that is run every
> time a client connects to the network. (correct?)
>
> If true, will that work in my case, with another server running ISC-DHCP?
>
> Where can I configure it? Where is it located?
>
> Regards,
>
> Luis
>
> -----Mensagem original-----
> De: chilli-bounces at coova.org [mailto:chilli-bounces at coova.org<chilli-bounces at coova.org>]
> Em nome de David Bird
> Enviada: terça-feira, 21 de Maio de 2013 16:01
> Para: chilli at coova.org
> Assunto: Re: [Chilli] CoovaChiili Permit Server IP
>
> There could be an option similar to macallowed (plus macallowlocal) but
> for layer3 mode using ip addresses. Using a script like the one suggested
> would also work - though, I think you'd want 'authorize'
>
> instead of 'login' since you don't have RADIUS. You can also do something
> similar from the conup script so that as soon as the station connects, you
> authorize it.
>
> On Tue, 2013-05-21 at 09:23 -0100, Luis Ferreira wrote:
>
> > Hi Russell,
>
> >
>
> >
>
> >
>
> > Here we had the same problem, and were able to fix it with the
>
> > following script:
>
> >
>
> >
>
> >
>
> > #!/bin/bash
>
> >
>
> >
>
> >
>
> > usercheck=$(/usr/local/sbin/chilli_query
>
> > -s /usr/local/var/run/chilli.vlanxx.sock list |grep -c "1
>
> > accountusername ")
>
> >
>
> >
>
> >
>
> > if [ $usercheck = '0' ];
>
> >
>
> > then
>
> >
>
> >         echo "Logging in accountname"
>
> >
>
> >         /usr/local/sbin/chilli_query
>
> > -s /usr/local/var/run/chilli.vlanxx.sock login ip 192.168.10.251
>
> > username accountusername password accountpassword
>
> >
>
> > fi
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > Replace account name, account password and IP for the correct ones.
>
> > Also check the location of the sock files.
>
> >
>
> >
>
> >
>
> > This script is running every minute. If the IP is not present, Chilli
>
> > will not perform the login and ignore it. But if it is present (client
>
> > connected) it will trigger the account login.
>
> >
>
> >
>
> >
>
> > This is a very dirty hack, but we have been using it for more than 2
>
> > years and it never failed (except when the account would ran out of
>
> > credit J ).
>
> >
>
> >
>
> >
>
> > Btw, if someone as a different (and less hacked) way of doing this on
>
> > layer 3, please share it.
>
> >
>
> >
>
> >
>
> > Regards,
>
> >
>
> > Luis
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > Dear Coova Gurus,
>
> >
>
> >
>
> >
>
> >
>
> > CoovaChilli Layer3, Working great. But for some days now, i am working
>
> > CoovaChilli to allow some devices to allow access without
>
> > authentication AND have Static IP address. (Servers, IP phones, Apple
>
> > TV etc..).
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > MAC auth do not help because of L3 setup. Have anyone got the idea.
>
> > How can configure coovachilli to allow access 10 static ip address out
>
> > of a subnet by default.
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > Thanks in advance.
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > Thanks / Regards
>
> >
>
> >
>
> > _______________________________________________
>
> > Chilli mailing list
>
> > Chilli at coova.org
>
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
> --
>
> --
>
> David Bird
>
> http://www.linkedin.com/in/dwbird/
>
> _______________________________________________
>
> Chilli mailing list
>
> Chilli at coova.org
>
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130522/783e5bce/attachment-0001.html>