2016-02-17 - Re: [GRASE-Hotspot] Re: Limit voucher login to single device
Header Data
From: Timothy White <ti***8@gmail.com>
Message Hash: cf8f72aa84c3ce4e4359e61922fc38065edf86935ea6e0c68a4d6061c262114b
Message ID: <CAESLx0+jpAEOTiGf2+-ra61pdQ56Yey+=xQ1H5BwSfZvPa-fgQ@mail.gmail.com>
Reply To: <CAASt=XRe7sXRv5fZiO4zEd_jqeVRs5_gAGKeM=vUzB6HD63R6Q@mail.gmail.com>
UTC Datetime: 2016-02-17 05:10:07 UTC
Raw Date: Wed, 17 Feb 2016 22:10:07 +1000
Raw message
Just be aware that the link you posted is modifying the scripts
in /etc/chilli/www/ which aren't used by the Grase Hotspot at all.
Regards
Tim
On Tue, Feb 16, 2016 at 11:16 AM, Reflex INKY <re***y@gmail.com>
wrote:
> Thanks everyone for your responses. I found this link
> http://subgroup-ash.blogspot.com/2014/02/modifying-coova-chilli-to-allow.html
> that does something similar so ill modify this and I believe it should work.
>
> On Mon, Feb 15, 2016 at 7:10 AM, Timothy White <ti***8@gmail.com>
> wrote:
>
>> Hi Reflex
>>
>> In theory, this could be done with Calling-Station-Id as suggested
>> by Mohammed Farouk. Basically, it would need to be coded that on first
>> login, we'd insert a new radcheck item for the Calling-Station-Id for that
>> user, restricting future logins to that MAC address.
>>
>> Feel free to open a ticket (
>> https://github.com/GraseHotspot/grase-www-portal/issues) for this so it
>> can be worked on in the future. It's not Coova-Chilli that needs to be
>> modified, rather the FreeRadius modules that need to be modified.
>> Currently, the custom module is written in Perl, however I'm hoping to
>> write future modules in Python as I like it more.
>>
>> Regards
>>
>> Tim
>>
>> On Mon, Feb 15, 2016 at 8:41 PM, Reflex INKY <re***y@gmail.com>
>> wrote:
>>
>>> Thank you Tasyo. I figured that this is what I would have to do except I
>>> do not know how. I wanted to do this at the point of login as any other way
>>> would mean a cron job( I think). I am seeing the info in the radius
>>> database but don't know where in the code to modify. For example, I am
>>> seeing a dologin() function in config.local.sh that I want to change to
>>> check for the username-mac address combination. I would then do the steps
>>> in 2 outlined in your response but against the radius database. Now trying
>>> to go through the code to understand how chilli works.
>>>
>>> On Mon, Feb 15, 2016 at 4:45 AM, Pilosopong Tasyo <
>>> pi***7@gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> You can use *chilli_query* to extract the username-MAC address pair of
>>>> all logged-in users and make a comparison if each pair matches the one on
>>>> file. A shell script should foot the bill nicely. Basically, the script
>>>> does the following:
>>>>
>>>>
>>>> 1. Use *chilli_query list* to extract the username and MAC address
>>>> of all logged-in users. You'll need to filter the list using *grep*
>>>> and *cut* (you only need *USERNAME* and *MAC_ADDRESS*) and save it
>>>> *"ACTIVE_USERS_FILE"* for processing.
>>>> 2. For every USERNAME and MAC_ADDRESS in the *ACTIVE_USERS_FILE*,
>>>> make a comparison:
>>>> - *USERNAME* doesn't exist on file yet -> first time log-in,
>>>> create *USERNAME* with *MAC_ADDRESS* as it's content
>>>> - *USERNAME* already exist and *MAC_ADDRESS* matches the one on
>>>> file -> no action, the credentials matches the one on file
>>>> - *USERNAME* already exist but *MAC_ADDRESS* doesn't match the
>>>> one on file -> unauthorized device (i.e., *USERNAME* is being
>>>> used with another device that has a different *MAC_ADDRESS*),
>>>> use *chilli_query logout* to kick out the *USER_NAME*
>>>> 3. Repeat the entire procedure.
>>>>
>>>> So even if the there's a successful login, it won't take long for the
>>>> user to get logged out. Very effective in deterring users from sharing
>>>> their credentials with someone else (or preventing users from using their
>>>> credentials on another device even if they own it).
>>>>
>>>> Hope this helps. Cheers.
>>>>
>>>> --
>>>> This mailing list is for the Grase Hotspot Project
>>>> http://grasehotspot.org
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Grase Hotspot" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to gr***e@grasehotspot.org.
>>>> To post to this group, send email to gr***t@grasehotspot.org.
>>>> Visit this group at
>>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org
>>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>> --
>>> This mailing list is for the Grase Hotspot Project
>>> http://grasehotspot.org
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Grase Hotspot" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to gr***e@grasehotspot.org.
>>> To post to this group, send email to gr***t@grasehotspot.org.
>>> Visit this group at
>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXQAFw%3DtFGv65RkH_2n6%2B%2BpkkASrT98NGHnFVVHrJ9T9nQ%40mail.gmail.com
>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXQAFw%3DtFGv65RkH_2n6%2B%2BpkkASrT98NGHnFVVHrJ9T9nQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To post to this group, send email to gr***t@grasehotspot.org.
>> Visit this group at
>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Kygo0NktdXnbjm%2BQ0EKYWO%3Dn0yQhU7yu0c%2BCaT1yKpBA%40mail.gmail.com
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Kygo0NktdXnbjm%2BQ0EKYWO%3Dn0yQhU7yu0c%2BCaT1yKpBA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXRe7sXRv5fZiO4zEd_jqeVRs5_gAGKeM%3DvUzB6HD63R6Q%40mail.gmail.com
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXRe7sXRv5fZiO4zEd_jqeVRs5_gAGKeM%3DvUzB6HD63R6Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
Thread
-
Return to February 2016
- Return to “wegejo <jo***r@jwer.de>”
- Return to “mohammed farouk <mf***g@gmail.com>”
- Return to “Pilosopong Tasyo <pi***7@gmail.com>”
- Return to “Reflex INKY <re***y@gmail.com>”
-
Return to “Timothy White <ti***8@gmail.com>”
- 2016-02-14 (Sun, 14 Feb 2016 12:46:38 -0800) - Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-14 (Sun, 14 Feb 2016 14:00:23 -0800) - Re: Limit voucher login to single device - wegejo <jo***r@jwer.de>
- 2016-02-14 (Sun, 14 Feb 2016 20:49:51 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-14 (Mon, 15 Feb 2016 08:34:22 +0200) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - mohammed farouk <mf***g@gmail.com>
- 2016-02-14 (Sun, 14 Feb 2016 20:49:51 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 00:45:34 -0800) - Re: Limit voucher login to single device - Pilosopong Tasyo <pi***7@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 06:41:36 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 21:10:54 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 21:16:09 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-17 (Wed, 17 Feb 2016 22:10:07 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-17 (Wed, 17 Feb 2016 05:06:35 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-17 (Wed, 17 Feb 2016 07:24:36 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-21 (Sun, 21 Feb 2016 07:50:30 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-21 (Sun, 21 Feb 2016 22:03:45 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-21 (Sun, 21 Feb 2016 08:09:08 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-21 (Sun, 21 Feb 2016 22:03:45 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 21:16:09 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 21:10:54 +1000) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Timothy White <ti***8@gmail.com>
- 2016-02-15 (Mon, 15 Feb 2016 06:41:36 -0400) - Re: [GRASE-Hotspot] Re: Limit voucher login to single device - Reflex INKY <re***y@gmail.com>
- 2016-02-14 (Sun, 14 Feb 2016 14:00:23 -0800) - Re: Limit voucher login to single device - wegejo <jo***r@jwer.de>