2016-02-15 - Re: [GRASE-Hotspot] Re: Limit voucher login to single device

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: 6a7acfb1150b8c7f82119c803e64b4f173d1353a1bc293bf8ea50ed253672927
Message ID: <CAESLx0Kygo0NktdXnbjm+Q0EKYWO=n0yQhU7yu0c+CaT1yKpBA@mail.gmail.com>
Reply To: <CAASt=XQAFw=tFGv65RkH_2n6++pkkASrT98NGHnFVVHrJ9T9nQ@mail.gmail.com>
UTC Datetime: 2016-02-15 04:10:54 UTC
Raw Date: Mon, 15 Feb 2016 21:10:54 +1000

Raw message 

Hi Reflex

In theory, this could be done with Calling-Station-Id as suggested
by Mohammed Farouk. Basically, it would need to be coded that on first
login, we'd insert a new radcheck item for the Calling-Station-Id for that
user, restricting future logins to that MAC address.

Feel free to open a ticket (
https://github.com/GraseHotspot/grase-www-portal/issues) for this so it can
be worked on in the future. It's not Coova-Chilli that needs to be
modified, rather the FreeRadius modules that need to be modified.
Currently, the custom module is written in Perl, however I'm hoping to
write future modules in Python as I like it more.

Regards

Tim

On Mon, Feb 15, 2016 at 8:41 PM, Reflex INKY <re***y@gmail.com>
wrote:

> Thank you Tasyo. I figured that this is what I would have to do except I
> do not know how. I wanted to do this at the point of login as any other way
> would mean a cron job( I think). I am seeing the info in the radius
> database but don't know where in the code to modify. For example, I am
> seeing a dologin() function in config.local.sh that I want to change to
> check for the username-mac address combination. I would then do the steps
> in 2 outlined in your response but against the radius database. Now trying
> to go through the code to understand how chilli works.
>
> On Mon, Feb 15, 2016 at 4:45 AM, Pilosopong Tasyo <
> pi***7@gmail.com> wrote:
>
>> Hi,
>>
>> You can use *chilli_query* to extract the username-MAC address pair of
>> all logged-in users and make a comparison if each pair matches the one on
>> file.  A shell script should foot the bill nicely.  Basically, the script
>> does the following:
>>
>>
>>    1. Use *chilli_query list* to extract the username and MAC address of
>>    all logged-in users.  You'll need to filter the list using *grep* and
>>    *cut* (you only need *USERNAME* and *MAC_ADDRESS*) and save it
>>    *"ACTIVE_USERS_FILE"* for processing.
>>    2. For every USERNAME and MAC_ADDRESS in the *ACTIVE_USERS_FILE*,
>>    make a comparison:
>>       - *USERNAME* doesn't exist on file yet -> first time log-in,
>>       create *USERNAME* with *MAC_ADDRESS* as it's content
>>       - *USERNAME* already exist and *MAC_ADDRESS* matches the one on
>>       file -> no action, the credentials matches the one on file
>>       - *USERNAME* already exist but *MAC_ADDRESS* doesn't match the one
>>       on file -> unauthorized device (i.e., *USERNAME* is being used
>>       with another device that has a different *MAC_ADDRESS*), use *chilli_query
>>       logout* to kick out the *USER_NAME*
>>    3. Repeat the entire procedure.
>>
>> So even if the there's a successful login, it won't take long for the
>> user to get logged out.  Very effective in deterring users from sharing
>> their credentials with someone else (or preventing users from using their
>> credentials on another device even if they own it).
>>
>> Hope this helps.  Cheers.
>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To post to this group, send email to gr***t@grasehotspot.org.
>> Visit this group at
>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org?utm_medium=email&utm_source=footer>
>> .
>>
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXQAFw%3DtFGv65RkH_2n6%2B%2BpkkASrT98NGHnFVVHrJ9T9nQ%40mail.gmail.com
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXQAFw%3DtFGv65RkH_2n6%2B%2BpkkASrT98NGHnFVVHrJ9T9nQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

Thread