1

(1 replies, posted in Fedora Core)

do this:

lsmod | grep tun

Should return something like this:

tun                    14657  1

If not, tun is not loaded.

Your Chilli init script should do this, but try it from the command line

modprobe tun

then start chilli and see what happens.

You can authenticate against a single radius server easily over the internet.

Your problem is the fact that you have multiple locations - and multiple subnets, and your only solution is going to be a chillispot box at each location or if you have wireless ap's that can use DD-WRT with enough flash for chilli, use that instead). You can configure each box to authenticate against your central radius server. Or, if need be, in case of problems with duplicate username space, you can set up virtual servers in FreeRadius and still have a central RADIUS server.

You cannot shut off DHCP, otherwise chilli will not work. There is no way to tell chilli to use an external DHCP server.

OK So I figured this out.

I can use radius to do this with a cisco router in from of the WAN interface of chillispot machine.

I also wrote a php administration front end to work with this so my tech has a web interface to get stats, enter employee users, enter comp account or xbox users, or enter denied users, and get stats and client info etc. Also wrote a shell script so the on site tech would only have to ssh to restart the daemon - and wrote a script for that too so all he has to type in is restartchilli.

My apologies for the ignorance of my two posts.

So what if you need to shut someone down on the network? Or, you have a known abuser and would like to shut them down forever? Is there any way to deny a mac address?

Unfortunately, I am horrible at programming but would like to help/contribute in some sort of way - I am an excellent network/security/systems engineer and could at least give some input and test stuff.

Thanks

Linux/Apache/FreeRadius/MySQL/Chilli is not that difficult to put together with a decent amount of Linux Experience. It works really well IMO. I am not having any problems with it. I got it put together, took excellent notes on what I did, and did some customizations to it. I did this for a large timeshare resort with a crapload of wrt54g routers flashed with dd-wrt behind the chillispot box. It took 3 days total to put together and a lot of patience with freeradius debugging.

I have Chillispot up and working in a large timeshare company.

It would be fantastic if we had the ability to assign a certain ip address to users based on either their login info or their mac info, and if it's by mac address, still be able to authenticate via radius for everyone.

In my environment (672 condo timeshare) my radius database gets user information from our pbx system (asterisk) which in turn gets guest checkin / checkout info from our reservations system via a daemon. So, guest checks in -> guest name, room number sent to asterisk -> asterisk turns phones on in room -> asterisk agi inserts login info into radcheck. User granted access to wireless. Process reversed on checkout.

My problem is that I would like to give certain mac addresses a reserved IP address for security reasons - i.e. a VP traveling from resort to resort can log in get a static IP and then the upstream Cisco router takes care of granting them access based on their IP address.

Thanks