Open white-rabbit07 opened 8 years ago
Cool34000
commented
8 years ago The better way to handle MACALLOW is to let Freeradius' MySQL DB handle it. Just put this in Coova Chilli's config: HS_MACAUTH=on
Then add a bypass rule for each MAC address in your database: username: MAC Address (format=01-23-45-67-89-AB) attribute: Auth-Type op: := value: Accept (or Reject!)
The big advantage of this is that you don't need to restart Coova Chilli every time you add a MAC address into the DB!
white-rabbit07
commented
8 years ago Ok, but in that case I have to change the settings from Freeradius with .conf-Files to mySQL. Is there a good manual / howto for this plan?
Cool34000
commented
8 years ago Just ask Google "freeradius coova chilli howto" This one for instance is in the top results: https://help.ubuntu.com/community/WifiDocs/CoovaChilli
stjerno
commented
8 years ago If your amount of mac addresses are within reasonable amounts you can specify the HS_MACALLOW tag multiple time. so add more lines for better readability.
nans64
commented
8 years ago Cool34000, I tried to configure the database as you suggested but I cannot find out how to interrogate the Radcheck table with Freeradius.
Cool34000
commented
8 years ago I don't understant why you need to interrogate the database: Chilli will do it for you.
Simply insert this in your database:
INSERT INTO radcheck (username, attribute, op, value) VALUES ('01-23-45-67-89-AB', 'Auth-Type', ':=', 'Accept')
And Chilli will do MAC authentication on the MAC you've specified (this MAC will not see the auth page: it will have access to Internet directly.
nans64
commented
8 years ago Thank you for your answer. I'll try this out and let you know.
The problem is that I have different router in different location and I would like to allow the user to get connected related to a specific NAS.
Is that possible ?
Cool34000
commented
8 years ago I don't use this configuration so I can't assure you that it will work (I use a single PC to do the job)
I've find this on Google:
INSERT INTO radcheck (username, attribute, op, value) VALUES ('01-23-45-67-89-AB', 'NAS-Identifier', '!=', 'your_nas_name')
With this configuration, you need to insert every NAS were you don't want this specific MAC to authenticate automatically. So this could be very painful if you have a lot of NAS!
dusterio
commented
8 years ago Why not set HS_USELOCALUSERS to 'on' and then store MAC addresses in a text file? This way, your APs won't be tied to Radius (which sounds like an overkill to me) but yet will have better access management
Hi. I use a lot of MAC-adresses in /etc/chilli/config HS_MACALLOW=" .... " This line gets longer and longer -- but as I cannot use < ENTER > in the middle of the line, everything has to be in one line; one MAC after the next one. This is quite confusing. Is there a better way to put all the MAC adresses in there? Thanks for a hint!