Topic: Authentication Problem - No login anymore

Since yesterday, clients don't have to give in their login credentials anymore!!
They are redirected to the uamhomepage, click login (normally they would get a login form cgi from chilli) but they get the message already logged in.
So for the moment anybody can just click login and start surfing without being accounted.
Anybody has some tips, ideas,... what could be the problem?

Thanks in advance, 

Greets Me

btw my setup: Gentoo, Freeradius, Chillispot, LAMP

Re: Authentication Problem - No login anymore

check your firewall and your chilli.conf

it 's ok or not.

3 (edited by randomdude123 2008-10-29 17:26:26)

Re: Authentication Problem - No login anymore

Hi,

I found a line in my chilli.conf: uamnocount
What's that for? Maybe that could be the problem..

Greetz Me

UPDATE:
I searched in the database (mysql) in RADACCT, and there I saw that since the problem occured, not a single record with AcctTerminateCause: Lost-carrier was present...
Before the problem, most of the time the acctterminatecause was a lost carrier..

So this means that most people log on the network, but not really log off using the log off facilities from chillispot. They just turn off their pc.
Somehow, chillispot cant seem to detect anymore that a user times out and so thinks that the user is still logged on while he isn't anymore.
Next time the user logs in he's still logged on.

Greetz Daan

btw maybe worth mentioning: apparently the router was resetted, so the problem could be the routers configuration also.

Re: Authentication Problem - No login anymore

randomdude123 wrote:

Hi,

I found a line in my chilli.conf: uamnocount
What's that for? Maybe that could be the problem..

Greetz Me

UPDATE:
I searched in the database (mysql) in RADACCT, and there I saw that since the problem occured, not a single record with AcctTerminateCause: Lost-carrier was present...
Before the problem, most of the time the acctterminatecause was a lost carrier..

So this means that most people log on the network, but not really log off using the log off facilities from chillispot. They just turn off their pc.
Somehow, chillispot cant seem to detect anymore that a user times out and so thinks that the user is still logged on while he isn't anymore.
Next time the user logs in he's still logged on.

Greetz Daan

btw maybe worth mentioning: apparently the router was resetted, so the problem could be the routers configuration also.

Please show me your chilli.conf

For the user still alive on radius server.
You should add idle-timeout on radreply table to tell NAS when user turnoff thier computer . NAS will send logoff to server.

Re: Authentication Problem - No login anymore

Hi,

I added the idle-timeout but that didn't work also..

Here's my chilli.conf:

##############################################################################
#
# Sample ChilliSpot configuration file
#
##############################################################################

# TAG: fg
# Include this flag if process is to run in the foreground
#fg

# TAG: debug
# Include this flag to include debug information.
#debug

# TAG: interval
# Re-read configuration file at this interval. Will also cause new domain
# name lookups to be performed. Value is given in seconds.
#interval 3600

# TAG: pidfile
# File to store information about the process id of the program.
# The program must have write access to this file/directory.
#pidfile /var/run/chilli.pid

# TAG: statedir
# Directory to use for nonvolatile storage.
# The program must have write access to this directory.
# This tag is currently ignored
#statedir ./


# TUN parameters

# TAG: net
# IP network address of external packet data network
# Used to allocate dynamic IP addresses and set up routing.
# Normally you do not need to uncomment this tag.
#net 192.168.182.0/24

# TAG: dynip
# Dynamic IP address pool
# Used to allocate dynamic IP addresses to clients.
# If not set it defaults to the net tag.
# Do not uncomment this tag unless you are an experienced user!
dynip 192.168.182.128/25

# TAG: statip
# Static IP address pool
# Used to allocate static IP addresses to clients.
# Do not uncomment this tag unless you are an experienced user!
#statip 192.168.182.0/25


# TAG: dns1
# Primary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
dns1 195.130.129.162

# TAG: dns2
# Secondary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
dns2 195.130.130.162

# TAG: domain
# Domain name
# Will be suggested to the client.
# Normally you do not need to uncomment this tag.
#domain key.chillispot.org

# TAG: ipup
# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
#ipup /etc/chilli.ipup

# TAG: ipdown
# Script executed after network interface has been taken down.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
#ipdown /etc/chilli.ipdown


# Radius parameters

# TAG: radiuslisten
# IP address to listen to
# Normally you do not need to uncomment this tag.
#radiuslisten 127.0.0.1

# TAG: radiusserver1
# IP address of radius server 1
# For most installations you need to modify this tag.
radiusserver1 127.0.0.1

# TAG: radiusserver2
# IP address of radius server 2
# If you have only one radius server you should set radiusserver2 to the
# same value as radiusserver1.
# For most installations you need to modify this tag.
radiusserver2 127.0.0.1

# TAG: radiusauthport
# Radius authentication port
# The UDP port number to use for radius authentication requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#radiusauthport 1812

# TAG: radiusacctport
# Radius accounting port
# The UDP port number to use for radius accounting requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#radiusacctport 1813

# TAG: radiussecret
# Radius shared secret for both servers
# For all installations you should modify this tag.
radiussecret theradiussecret

# TAG: radiusnasid
# Radius NAS-Identifier
# Normally you do not need to uncomment this tag.
#radiusnasid nas01

# TAG: radiuslocationid
# WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,
# cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE>
# Normally you do not need to uncomment this tag.
#radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport

# TAG: radiuslocationname
# WISPr Location Name. Should be in the format:
# <HOTSPOT_OPERATOR_NAME>,<LOCATION>
# Normally you do not need to uncomment this tag.
#radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport


# Radius proxy parameters

# TAG: proxylisten
# IP address to listen to
# Normally you do not need to uncomment this tag.
#proxylisten 10.0.0.1

# TAG: proxyport
# UDP port to listen to.
# If not specified a port will be selected by the system
# Normally you do not need to uncomment this tag.
#proxyport 1645

# TAG: proxyclient
# Client(s) from which we accept radius requests
# Normally you do not need to uncomment this tag.
#proxyclient 10.0.0.1/24

# TAG: proxysecret
# Radius proxy shared secret for all clients
# If not specified defaults to radiussecret
# Normally you do not need to uncomment this tag.
#proxysecret testing123


# DHCP Parameters

# TAG: dhcpif
# Ethernet interface to listen to.
# This is the network interface which is connected to the access points.
# In a typical configuration this tag should be set to eth1.
dhcpif eth1

# TAG: dhcpmac
# Use specified MAC address.
# An address in the range  00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls
# within the IANA range of addresses and is not allocated for other
# purposes.
# Normally you do not need to uncomment this tag.
#dhcpmac 00:00:5E:00:02:00

# TAG: lease
# Time before DHCP lease expires
# Normally you do not need to uncomment this tag.
#lease 600


# Universal access method (UAM) parameters

# TAG: uamserver
# URL of web server handling authentication.
uamserver https://192.168.182.1/cgi-bin/hotspotlogin.cgi

# TAG: uamhomepage
# URL of welcome homepage.
# Unauthenticated users will be redirected to this URL. If not specified
# users will be redirected to the uamserver instead.
# Normally you do not need to uncomment this tag.
uamhomepage http://192.168.182.1/

#uamnocount

# TAG: uamsecret
# Shared between chilli and authentication web server
uamsecret theuamsecret

# TAG: uamlisten
# IP address to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
#uamlisten 192.168.182.1

# TAG: uamport
# TCP port to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
#uamport 3990

# TAG: uamallowed
# Comma separated list of domain names, IP addresses or network segments
# the client can access without first authenticating.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
uamallowed 192.168.182.1

# TAG: uamanydns
# If this flag is given unauthenticated users are allowed to use
# any DNS server.
# Normally you do not need to uncomment this tag.
#uamanydns


# MAC authentication

# TAG: macauth
# If this flag is given users will be authenticated only on their MAC
# address.
# Normally you do not need to uncomment this tag.
#macauth

# TAG: macallowed
# List of MAC addresses.
# The MAC addresses specified in this list will be authenticated only on
# their MAC address.
# This tag is ignored if the macauth tag is given.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9

# TAG: macpasswd
# Password to use for MAC authentication.
# Normally you do not need to uncomment this tag.
#macpasswd password

# TAG: macsuffix
# Suffix to add to MAC address in order to form the username.
# Normally you do not need to uncomment this tag.
#macsuffix suffix

Re: Authentication Problem - No login anymore

I always comment the dns like below

# TAG: dns1
# Primary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
#dns1 195.130.129.162

# TAG: dns2
# Secondary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
#dns2 195.130.130.162

Please try this

Re: Authentication Problem - No login anymore

Hello,
I have same exact problem. Was this problem solved? If anyone got the solution please suggest me. I am dd-wrt with chillispot and freeradius server. Idle-Timeout does not work at all.

Thanks.