2016-02-17 - Re: [GRASE-Hotspot] Re: Limit voucher login to single device

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: cf8f72aa84c3ce4e4359e61922fc38065edf86935ea6e0c68a4d6061c262114b
Message ID: <CAESLx0+jpAEOTiGf2+-ra61pdQ56Yey+=xQ1H5BwSfZvPa-fgQ@mail.gmail.com>
Reply To: <CAASt=XRe7sXRv5fZiO4zEd_jqeVRs5_gAGKeM=vUzB6HD63R6Q@mail.gmail.com>
UTC Datetime: 2016-02-17 05:10:07 UTC
Raw Date: Wed, 17 Feb 2016 22:10:07 +1000

Raw message 

Just be aware that the link you posted is modifying the scripts
in /etc/chilli/www/ which aren't used by the Grase Hotspot at all.

Regards

Tim

On Tue, Feb 16, 2016 at 11:16 AM, Reflex INKY <re***y@gmail.com>
wrote:

> Thanks everyone for your responses. I found this link
> http://subgroup-ash.blogspot.com/2014/02/modifying-coova-chilli-to-allow.html
> that does something similar so ill modify this and I believe it should work.
>
> On Mon, Feb 15, 2016 at 7:10 AM, Timothy White <ti***8@gmail.com>
> wrote:
>
>> Hi Reflex
>>
>> In theory, this could be done with Calling-Station-Id as suggested
>> by Mohammed Farouk. Basically, it would need to be coded that on first
>> login, we'd insert a new radcheck item for the Calling-Station-Id for that
>> user, restricting future logins to that MAC address.
>>
>> Feel free to open a ticket (
>> https://github.com/GraseHotspot/grase-www-portal/issues) for this so it
>> can be worked on in the future. It's not Coova-Chilli that needs to be
>> modified, rather the FreeRadius modules that need to be modified.
>> Currently, the custom module is written in Perl, however I'm hoping to
>> write future modules in Python as I like it more.
>>
>> Regards
>>
>> Tim
>>
>> On Mon, Feb 15, 2016 at 8:41 PM, Reflex INKY <re***y@gmail.com>
>> wrote:
>>
>>> Thank you Tasyo. I figured that this is what I would have to do except I
>>> do not know how. I wanted to do this at the point of login as any other way
>>> would mean a cron job( I think). I am seeing the info in the radius
>>> database but don't know where in the code to modify. For example, I am
>>> seeing a dologin() function in config.local.sh that I want to change to
>>> check for the username-mac address combination. I would then do the steps
>>> in 2 outlined in your response but against the radius database. Now trying
>>> to go through the code to understand how chilli works.
>>>
>>> On Mon, Feb 15, 2016 at 4:45 AM, Pilosopong Tasyo <
>>> pi***7@gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> You can use *chilli_query* to extract the username-MAC address pair of
>>>> all logged-in users and make a comparison if each pair matches the one on
>>>> file.  A shell script should foot the bill nicely.  Basically, the script
>>>> does the following:
>>>>
>>>>
>>>>    1. Use *chilli_query list* to extract the username and MAC address
>>>>    of all logged-in users.  You'll need to filter the list using *grep*
>>>>     and *cut* (you only need *USERNAME* and *MAC_ADDRESS*) and save it
>>>>    *"ACTIVE_USERS_FILE"* for processing.
>>>>    2. For every USERNAME and MAC_ADDRESS in the *ACTIVE_USERS_FILE*,
>>>>    make a comparison:
>>>>       - *USERNAME* doesn't exist on file yet -> first time log-in,
>>>>       create *USERNAME* with *MAC_ADDRESS* as it's content
>>>>       - *USERNAME* already exist and *MAC_ADDRESS* matches the one on
>>>>       file -> no action, the credentials matches the one on file
>>>>       - *USERNAME* already exist but *MAC_ADDRESS* doesn't match the
>>>>       one on file -> unauthorized device (i.e., *USERNAME* is being
>>>>       used with another device that has a different *MAC_ADDRESS*),
>>>>       use *chilli_query logout* to kick out the *USER_NAME*
>>>>    3. Repeat the entire procedure.
>>>>
>>>> So even if the there's a successful login, it won't take long for the
>>>> user to get logged out.  Very effective in deterring users from sharing
>>>> their credentials with someone else (or preventing users from using their
>>>> credentials on another device even if they own it).
>>>>
>>>> Hope this helps.  Cheers.
>>>>
>>>> --
>>>> This mailing list is for the Grase Hotspot Project
>>>> http://grasehotspot.org
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Grase Hotspot" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to gr***e@grasehotspot.org.
>>>> To post to this group, send email to gr***t@grasehotspot.org.
>>>> Visit this group at
>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org
>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>> --
>>> This mailing list is for the Grase Hotspot Project
>>> http://grasehotspot.org
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Grase Hotspot" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to gr***e@grasehotspot.org.
>>> To post to this group, send email to gr***t@grasehotspot.org.
>>> Visit this group at
>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXQAFw%3DtFGv65RkH_2n6%2B%2BpkkASrT98NGHnFVVHrJ9T9nQ%40mail.gmail.com
>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXQAFw%3DtFGv65RkH_2n6%2B%2BpkkASrT98NGHnFVVHrJ9T9nQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To post to this group, send email to gr***t@grasehotspot.org.
>> Visit this group at
>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Kygo0NktdXnbjm%2BQ0EKYWO%3Dn0yQhU7yu0c%2BCaT1yKpBA%40mail.gmail.com
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Kygo0NktdXnbjm%2BQ0EKYWO%3Dn0yQhU7yu0c%2BCaT1yKpBA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXRe7sXRv5fZiO4zEd_jqeVRs5_gAGKeM%3DvUzB6HD63R6Q%40mail.gmail.com
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXRe7sXRv5fZiO4zEd_jqeVRs5_gAGKeM%3DvUzB6HD63R6Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

Thread