www.chilliwave.com

Wifi Network Distribution and Billing Server
It is currently Sat Feb 29, 2020 6:17 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 34 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: MAC Authentication
PostPosted: Sat Apr 26, 2008 10:30 pm 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
If you want to do mac address authentication, here is how you do it...

1) Edit the file /etc/freeradius/users and add the following line under user steve...

00-15-DE-2F-17-39 Auth-Type := Local, Password == "password"

( Make that address be the address of the wifi device you want to approve on the chillispot wifi interface of your hotspot.. You can clone this line and add as many of these as you want, and then these mac addresses will be approved on any router that has "mac authentication = enable" in chillispot.. )

2) Edit /etc/freeradius/radiusd.conf and change the following two settings from "no" to "yes"

log_auth = yes
log_auth_badpass = yes

3) Reboot the server so that takes effect... or just restart freeradius from the command line, but the command escapes me at the moment.. google it..

4) Log in to your router's web interface and enable "mac authentication" in chillispot..

5) Reboot the router...

Now access the same chillispot wifi signal with your laptop as a test and you will see that now you are straight online... No login page...

This is a way to allow devices on your network without using virtual interfaces... It also allows devices to roam from node to node and of course they do not have to login each time they move from router to router...

I will post more tips and tricks like this.. I just needed a place to start putting stuff like this and now I have it..

So there you go... MAC Address Authentication...

Chuck


Last edited by Chuck D on Wed Feb 11, 2009 8:56 pm, edited 2 times in total.

Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 26, 2008 10:50 pm 
Offline
User avatar

Joined: Wed Apr 09, 2008 10:07 am
Posts: 149
Nice. Was trying to figure this out. Will give it a shot in the morning. Thanks for this one.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Apr 27, 2008 12:19 am 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
:wink:

That was courtesy of Chris here in the forum....

It works.... Check it out...


Top
 Profile  
 
 Post subject:
PostPosted: Sun Apr 27, 2008 10:20 pm 
Hmm... I followed these instructions exactly and still received the portal login. Not a huge concern as I'm fine creating a virtual interface that bypasses chilli traffic. I'll play around with it and get it working...

I'm more interested at pulling the log files from free radius that show how many users total and unique have logged in. It would be great to have a report showing on the WiFi Admin interface.

Everyone's Freeradius log file should be at /var/log/freeradius/radius.log


Top
  
 
 Post subject:
PostPosted: Mon Apr 28, 2008 7:19 am 
The MAC authentication seems to be working this morning..


Top
  
 
 Post subject:
PostPosted: Mon Apr 28, 2008 7:21 am 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
It must have been tired.... 8)

I tested it myself also, so I was scratching my head.. Thanks for letting me know it did work...

Cool.... :!:


Last edited by Chuck D on Mon Apr 28, 2008 11:07 pm, edited 2 times in total.

Top
 Profile  
 
 Post subject:
PostPosted: Mon Apr 28, 2008 8:10 am 
Yeah, I tested it all out right now and it's working great! The best part in terms of my needs is the radius accounting. It will be a little tedious having to count logins every month, but it's better than not having the data.

Does anyone know of a good freeradius log analyzer program. I'm looking into this one: http://www.sawmill.net/. But it's $99 for the lite version..


Top
  
 
 Post subject: just a quick question
PostPosted: Mon Apr 28, 2008 8:36 am 
Hi i have got all my repeaters running sucsessfully, now i would like to add mac authentication for all users wether a day or a month, when users sing up to the service will it automaticley add in mac authentication or dose this have to be done manualy for each user


Top
  
 
 Post subject:
PostPosted: Mon Apr 28, 2008 9:13 am 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
You'll have to write a script to handle that, but it can be done.. I thought of that along the way, also... That would be a good way to make it so people only have to login one time and after that their laptop is automatically approved for the entire duration of their purchase time...

The problem with that is that you will have to write that script such that it restarts freeradius after you make the change to the /etc/freeradius/usrs file for the change to take effect..

No problem though.. go for it.. and post the script back here for the rest of us...

Chuck


Top
 Profile  
 
 Post subject:
PostPosted: Mon Apr 28, 2008 10:27 am 
Ok let me get my head around this, a user sings up with mac auth on the mac address automaticley apears in the free radius server, all i need is a script that moniters and restarts it when the database changes

is that correct?


Top
  
 
 Post subject:
PostPosted: Mon Apr 28, 2008 10:39 am 
Offline
Site Admin
User avatar

Joined: Fri Mar 17, 2006 4:52 pm
Posts: 4413
Location: Bend, Oregon
Actually, you would have to write a script that would run right when the user succesfully logs in for the first time, which means that they successfully went through the payment process and purchased X amount of time...

Then the script has to extract the mac address for that user from the database and inject it into the /etc/freeradius/users file...

Then a new database table would need to be created to track the time remaining for that user so it would remove their mac address from freeradius when their time is up, thereby forcing them back to the login page at the end of their time period..

It's not as easy as it looks or seems.... huh.... It can all be done though, but that is why it is open source and you have the source code, so you can dive into things like this if you want to..

You could never do such a thing with Windows.. This conversation wouldn't eve be happening... lol...

Chuck


Top
 Profile  
 
 Post subject:
PostPosted: Mon Apr 28, 2008 11:51 am 
Offline
User avatar

Joined: Thu Feb 28, 2008 8:33 am
Posts: 858
Location: Odessa TX
I wonder if we can make the user name that the system puts into mysql, be the mac address. that way there is no user name to keep up with.

the only problem I see with that is someone cloning the mac but we have that problem now.

the cards would still work with user names, but everything else would autologin after the first login.

_________________
Steve

Yes, I'm a PC and I run great on LINUX.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Apr 28, 2008 8:03 pm 
Offline
User avatar

Joined: Wed Apr 09, 2008 10:07 am
Posts: 149
Working great here on 2 different laptops. Thanks for passing this on Chuck.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Apr 28, 2008 10:14 pm 
works great here too. even got my zune mac authenticated :)... although it still can't wirelessly sync because our network is so secure and one wireless client can't see another wireless client... that's a good thing though. i would rather have a secure network.


Top
  
 
 Post subject:
PostPosted: Tue Apr 29, 2008 4:50 am 
Thanks for correcting me Chuck, I am no computer programer or linux guru as you may have guessed, but i can write simple scripts usaly by finding some one elses and modifying it as long as its not to complex,

And i think this will be way over my head, i will have a chat with a couple of programmers I know, or would you be willing to do this for a donation to the cause in the near future, as i think this is a great project and well worth donating to, and it would be a nice feature to have in the software.


So if a user is set only to login from one machine at a time he can only do that, or if he is set to multiple logins he can have 3 or 4 macs acctive at a time,

also if he gose to another computer where he is not authenticated it will over write his mac with the mac address of the new computer, without using force log out because i have had some problems with this trying to log a user out from the system for some reason, and had to manualy deleate them, would this be possible to do,


Regards Martin


Top
  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 34 posts ]  Go to page 1, 2, 3  Next

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group