1

(2 replies, posted in UAM Configuration)

Since I was just using freeradius to authenticate against regular unix accounts,
I thought I would just try adding the mac address as a system user.
# useradd 00-00-00-00-00-00
... with the password supplied in chilli.conf.

This seems to work well so far.
I hope this is the correct way to do it.   smile

2

(2 replies, posted in UAM Configuration)

Hello,

I'm trying to enter a mac address into chilli.conf so that the login page is bypassed.
Below is from chilli.conf :

#macauth

# TAG: macallowed
# List of MAC addresses.
# The MAC addresses specified in this list will be authenticated only on
# their MAC address.
# This tag is ignored if the macauth tag is given.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9
macallowed 00-1B-24-9F-63-47

After restarting chillispot daemon, and restaring the client computer, I still get the login page.
Is there something else I have to edit in freeradius to make this work?

Chillispot version 1.0
Freeradious 2.0.4

3

(4 replies, posted in UAM Configuration)

Sorry,
I read the documentation and missed the spot where it says how to use the uamhomepage.

I need to link to

http://domain.com:3990/prelogin

All good now, thanks!

4

(4 replies, posted in UAM Configuration)

Hello,
I'm trying to create a custom login page for my chilli users.
Well actually, all I want is a welcome page.
I want the welcome page to have a link to the actual hotspotlogin.cgi page.

I edited chilli.conf and uncommented the uamhomepage section and put in a custom .html file.

Users browse, and get redirect to the custom .html file.

I would like my custom .html welcome page to contain a button link to the hotspotlogin.cgi file,
but I'm not sure what link to link to.
Is this even possible?

Linking directly to the cgi file creates a browser error,

"login must be performed through chillispot daemon."

I see that if I comment out the uamhomepage section of chilli.conf, then the browser
will get redirected properly to the login page, but with some huge long url. Which seems to change.

Would I have to hack the cgi script to include my welcome message, or is it possible to have
a custom welcome page first?

Thanks!

Thanks!

I added the PREROUTING rule and it works.
I also decided to just bind squid to the external nic, so it can't be used directly from the lan side.

Hello,

Got chillispot, freeradius working on Debian etch box.
All seems to be working well.

If a user connects to the wireless, and then tries to access the internet, with http, or ssh, or whatever,
they are blocked, all good. Once they authenticate, the ports open and they can do stuff.

Except, if they connect to the wireless, do not authenticate, they still get access to the linux box.
They can ssh to it, and most importantly, they can manually enter proxy settings and get internet.

Is there anyway to block access to the server, before they authenticate to chillispot?

Thanks!