2020-09-02 - Re: [GRASE-Hotspot] Mac authentication on V4

Header Data

From: Christopher Gregory <ch***y@mail.com>
Message Hash: 1223fcf6a06ba412c32cd354b4397b9a57e817e8ebc15b3db48b956f36c305a5
Message ID: <trinity-7d41fb05-1c47-4c98-8f8a-60a0f556e1e8-1599062385821@3c-app-mailcom-lxa14>
Reply To: <CAESLx0LJXMNabQ4_nar7PpgbxbH3DEOh=DJb_wNhoy0vGnfjVQ@mail.gmail.com>
UTC Datetime: 2020-09-02 08:59:45 UTC
Raw Date: Wed, 02 Sep 2020 17:59:45 +0200

Raw message

<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Hello Tim,</div>

<div>&nbsp;</div>

<div>I have edited the chilli config file and changed it to include the password, and neither a forced reload of chilli, nor a reboot of the server made any difference.&nbsp; I also see no entry in the radpostauth for that mac address.&nbsp; It does not show up in radacct table either, and the freeradius log shows no attempt either.</div>

<div>&nbsp;</div>

<div>I wonder if it could be an issue with freeradius itself?&nbsp; I know you said you have upgraded, so perhaps the fault is there.</div>

<div>&nbsp;</div>

<div>It is weird that it just totally ignores the fact that their should be macaddress authentication.</div>

<div>&nbsp;</div>

<div>Regards,</div>

<div>&nbsp;</div>

<div>Christopher.</div>

<div>&nbsp;
<div>&nbsp;
<div name="quote" style="margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin:0 0 10px 0;"><b>Sent:</b>&nbsp;Thursday, September 03, 2020 at 1:41 AM<br/>
<b>From:</b>&nbsp;&quot;Tim&quot; &lt;ti***8@gmail.com&gt;<br/>
<b>To:</b>&nbsp;gr***t@grasehotspot.org<br/>
<b>Subject:</b>&nbsp;Re: [GRASE-Hotspot] Mac authentication on V4</div>

<div name="quoted-content">
<div>
<div>Hi Chris</div>

<div>&nbsp;</div>

<div>Assuming the radreply lines are correct, you may need to force reload Coova Chilli. I currently have limited ability to test things like MAC auth as my testing machine is currently having a hard drive rebuilt (from backups).</div>

<div>&nbsp;</div>

<div>You can try setting the default config to match the database, edit /etc/chilli/config and find the commented out HS_MACPASSWD line, uncomment it and update it to the MAC auth password you&#39;ve set in the database.</div>

<div>&nbsp;</div>

<div>HS_MACAUTH=on &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;# To turn on MAC Authentication<br/>
#HS_MACPASSWD=&quot;password&quot;</div>

<div>&nbsp;</div>

<div>Again, force reload coova-chilli.</div>

<div>&nbsp;</div>

<div>I&#39;d also look in the radpostauth table to see if you can even see authentication attempts, that (and the freeradius logs) should at least show if a MAC auth is being attempted, and what the username format is. There really is no difference between a MAC account and a normal account, except that the macpasswd is fixed, and it&#39;s automatically logged in by CoovaChilli at DHCP time.</div>

<div>&nbsp;</div>

<div>Once my HDD rebuild is complete, I&#39;ll spin up my VMs and do some MAC testing (and fixup the interface too)</div>

<div>&nbsp;</div>

<div>Regards</div>

<div>&nbsp;</div>

<div>Tim</div>
</div>
&nbsp;

<div class="gmail_quote">
<div class="gmail_attr">On Wed, 2 Sep 2020 at 18:47, Christopher Gregory &lt;<a href="mailto:ch***y@mail.com" onclick="parent.window.location.href=&#39;mailto:ch***y@mail.com&#39;; return false;" target="_blank">ch***y@mail.com</a>&gt; wrote:</div>

<blockquote class="gmail_quote" style="margin: 0.0px 0.0px 0.0px 0.8ex;border-left: 1.0px solid rgb(204,204,204);padding-left: 1.0ex;">Hello Tim,<br/>
<br/>
I am sorry to keep on with this, but I really do need this to work.<br/>
<br/>
I have located the line that you mentioned in radreply and changed macpasswd=password to my preferred password.&nbsp; This does not allow the two accounts to connect to the hotspot.&nbsp; I uncompressed the latest backup made of the old V3 and verified that it is indeed the correct place for the password to reside.<br/>
<br/>
The one thing that I am confused about, is that you say that the mac addresses need to be entered in all caps, and yet even in the V3 mysql database they are stored all in lowercase.&nbsp; I have tried adding the password to the mysql database, matching it like it is in the V3 database, but it never authenticates.&nbsp; It only shows up in the dhcpleases in a &quot;dnat&quot; state.<br/>
<br/>
I really do not want to wipe the database and re-import the V3 and have it upgraded, as I do not see how this is going to change anything.&nbsp; I have even gone so far as to create the macaddress account with lower case letters, and that did not work.<br/>
<br/>
Is there some other place within the database or config files that I need to change something?<br/>
<br/>
Regards,<br/>
<br/>
Christopher.<br/>
<br/>
--<br/>
This mailing list is for the Grase Hotspot Project <a href="http://grasehotspot.org" target="_blank">http://grasehotspot.org</a><br/>
---<br/>
You received this message because you are subscribed to the Google Groups &quot;Grase Hotspot&quot; group.<br/>
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:grase-hotspot%2B***e@grasehotspot.org" onclick="parent.window.location.href=&#39;mailto:grase-hotspot%2B***e@grasehotspot.org&#39;; return false;" target="_blank">gr***e@grasehotspot.org</a>.<br/>
To view this discussion on the web visit <a href="https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/trinity-67878e32-721a-4912-bb6d-eb455f3580a3-1599043678018%403c-app-mailcom-lxa07" target="_blank">https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/trinity-67878e32-721a-4912-bb6d-eb455f3580a3-1599043678018%403c-app-mailcom-lxa07</a>.</blockquote>
</div>

<p>&nbsp;</p>
--<br/>
This mailing list is for the Grase Hotspot Project <a href="http://grasehotspot.org" target="_blank">http://grasehotspot.org</a><br/>
---<br/>
You received this message because you are subscribed to the Google Groups &quot;Grase Hotspot&quot; group.<br/>
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:gr***e@grasehotspot.org" onclick="parent.window.location.href=&#39;mailto:gr***e@grasehotspot.org&#39;; return false;" target="_blank">gr***e@grasehotspot.org</a>.<br/>
To view this discussion on the web visit <a href="https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0LJXMNabQ4_nar7PpgbxbH3DEOh%3DDJb_wNhoy0vGnfjVQ%40mail.gmail.com?utm_medium=email&amp;utm_source=footer" target="_blank">https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0LJXMNabQ4_nar7PpgbxbH3DEOh%3DDJb_wNhoy0vGnfjVQ%40mail.gmail.com</a>.</div>
</div>
</div>
</div></div></body></html>

Thread

• Return to September 2020

• Return to “Christopher Gregory <ch***y@mail.com>”

• Return to “Tim <ti***8@gmail.com>”

• 2020-09-02 (Wed, 02 Sep 2020 12:47:58 +0200) - Mac authentication on V4 - Christopher Gregory <ch***y@mail.com>
  • 2020-09-02 (Wed, 02 Sep 2020 21:41:41 +0800) - Re: [GRASE-Hotspot] Mac authentication on V4 - Tim <ti***8@gmail.com>
    • 2020-09-02 (Wed, 02 Sep 2020 17:59:45 +0200) - Re: [GRASE-Hotspot] Mac authentication on V4 - Christopher Gregory <ch***y@mail.com>