1

(3 replies, posted in UAM Configuration)

It should be possible to make one in ASP. I've rebuilt my own from scratch in PHP.

There are variety of get Vars that Chilli sends to the page. One of them is the ip and port chillispot is running on. Its a matter of hashing hte password and username they type and sending a aheader to givert to that address:portnumber?var1=stuff&var2=stuff.

At the top of hotspotlogin.php is a list of get vars it uses. In addition to the ones chilli sends. There's one called "res"

various values of res and what they do:
notyet - user not logged in diplay form
doLogin -process the login form, diverts the encrypted result to chilli for authentication
failled - not logged in for good reason
sucess - logged in sucessfully
logoff - diverts to chillispot with code for logout
already - already logded in

if you call your uam server with res=oneOfTheAbove its easier to figure out what its doing.

It should be realtively easy to write an asp one (Ive never done ASP).

The way the default PHP one works is to populate hidden fields of the form with all the data chilli sends as get vars. Submits the form to itself, used the hidden fields to write a http header diverting the users browser to the chillispot deamon, with the username and password as encryped vars
[pre]
header('Location: http://'.$_POST['uamip'].':'.$_POST['uamport'].'/logon?username='.$_POST['UserName'].'&password='.$pappassword);
[/pre]
is the clever bit. $_POST is form data in PHP. $pappasswrord is the form password encrypeted and hased using the UAM secret.

Hope this helps your figure out how to do in in ASP.

Err not sure, enable groups as the guy above says and create the table. Then Restart Radius.

As to the loging off - I didn't disconnect them I mearly set a login time in radgroupreply, guests get logged off after half an hour any way. Users after a n Hour I think. Stops the little B****ers leaving filesharing apps on all night.

For the observant of you who spotted I'd ballesd up the full version of this post on my website, I've fixed it.....

http://www.oceanhippie.net/content.php?Cat=1&Res=1190

Tom

I've cleaned up the above and inculded the code to be added to hotspotlogin.php and put it on my site.

its here: http://www.oceanhippie.net/content.php? … p;Res=1190

The above could be adapted to provide a trial period.

Using a series of hacks to the UAM server our free network now works on the following rules:

Users must register to use the system.
Users must confrim their email address
However if they just chance on the hotspot they're  allowed limited "trial period" to recieve the confrim email address message.
Usage limits are applied to prevent overuse of the sytem and to irritate fileshares (its bloody hard to block them).

My codes kind of a mess at the minute but if anyones interested I'll share it with some instructions.

In basic it goes something like this:
UAM and Radius are on same server, radius is using MySQL to store usernames etc.

Customised splash screen reads the mac=ADDRESS attribute that chilli helpfully sents it.
Then it looks for that mac address as a username in the Raduis users
If its not there it creats a radius user with name of ADDRESS. Now there is a unique "Guest" account specific to that computer.
If it is there then it looks that MAC (also a username in radius) up in the Radius Accounting table. If its been used more than reasonable to retrieve and email. It moves it to a different radius group, wich is no longer allowed to log in.

The splash screen has an extra form, identical to the normal login one, except the username field is hidden and preset to the MAC address of the PC.

Voila, free acess, with Identifiable users with no pre-registration required.

PART 2 Fair usage.

This one's script is easier, this is a PHP script I run off cron every hour. Punishes people who download too much stay online too long, or upload to much. Works by moving group membership around.

My Groups:
[pre]
+----+-----------+-----------+----+--------+
| id | GroupName | Attribute | op | Value  |
+----+-----------+-----------+----+--------+
|  1 | device    | Auth-Type | := | Local  | mac authed devices
|  2 | user      | Auth-Type | := | Local  | "normal" users
|  3 | guest     | Auth-Type | := | Local  | "guest's with registraition period remaining"
|  4 | expGuest  | Auth-Type | := | Reject | guest registration preriod expired
|  5 | mates     | Auth-Type | := | Local  | my mates (extra privalges)
|  6 | punish    | Auth-Type | := | Reject | people temporally punihed.
+----+-----------+-----------+----+--------+
[/pre]
My Group Reply (big fat warning, unless its been changed hotspotlogin.php's reply feature is broken)
[pre]
+----+-----------+--------------------------+----+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------+
| id | GroupName | Attribute                | op | Value                                                                                                                                                                                                          | prio |
+----+-----------+--------------------------+----+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------+
|  1 | guest     | WISPr-Bandwidth-Max-Down | := | 512000                                                                                                                                                                                                         |    0 |
|  2 | guest     | WISPr-Bandwidth-Max-Up   | := | 128000                                                                                                                                                                                                         |    0 |
|  3 | guest     | Session-Timeout          | := | 1800                                                                                                                                                                                                           |    0 |
|  4 | user      | WISPr-Bandwidth-Max-Down | := | 512000                                                                                                                                                                                                         |    0 |
|  5 | user      | WISPr-Bandwidth-Max-Up   | := | 128000                                                                                                                                                                                                         |    0 |
|  6 | user      | Session-Timeout          | := | 7200                                                                                                                                                                                                           |    0 |
|  7 | guest     | Reply-Message            | := | This is a GUEST login - you have 20 minutes to register! before this is permantly disabled. WE ARE NOT KIDDING! It will stop working VERY SOON!                                                                |    0 |
| 12 | punish    | Reply-Message            | := | You've over used one of our our quotas. either by downloading or uploading to much or staying online too long. Wait a while and your access will be restored. The PierToPier.net Team.                         |    0 |
| 11 | expGuest  | Reply-Message            | := | Your Guest Access has expired. You need to register. Since you're going to need to confim your email, your going to have to get some internet somewhere else! Register Now, reply to the confirm email latter! |    0 |
+----+-----------+--------------------------+----+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------+
9 rows in set (0.00 sec)
[/pre]
Bit difficult to read, but they set the bandwidth for the various groups and the reply messages for guests and expired guests and punished people.
[pre]

anyway heres the code
#!/usr/bin/php -q
<?php
$hostname = "localhost";
$database = "radius"; //your radius database name
$username = "MySQLUserWithAccessToRadius"; //MySQL username
$password = "PasswordForAbove"; //MySQL password

// LIMITS of aceptability
$timeOn=21600; //minutes 6 hours = 21600
$inData=1000000000; //bytes
$outData=500000000; //bytes
// Punishament Adjusters.
$timePen=7200; //don't re-enable till ther'es 2 hours in hand
$inPen=100000000; //make a 10 percent leway
$out=50000000; //make a 10 percent leway
$p2pdb = mysql_pconnect($hostname, $username, $password) or die(mysql_error());
mysql_select_db($database, $p2pdb);
$query_day = "SELECT radacct.UserName, SUM(acctSessionTime) as timeOn, SUM(AcctInputOctets) AS inData, SUM(AcctOutputOctets) AS outData, NOW() as now
FROM radacct LEFT JOIN usergroup ON radacct.UserName=usergroup.UserName
WHERE AcctStopTime >= DATE_SUB(NOW(),INTERVAL 1 DAY) AND GroupName='user'
GROUP BY UserName";
$day = mysql_query($query_day, $p2pdb) or die(mysql_error());
$row_day = mysql_fetch_assoc($day);
$totalRows_day = mysql_num_rows($day);
$flag=0;
echo "Normal Users's on last 24 hours, looking for evildoers\n";
do{
        echo $row_day['UserName']."\tTime: ".round($row_day['timeOn']/3600,3)."\tIn: ".round($row_day['inData']/1000000)."Meg\tOut: ".round($row_day['outData']/1000000)."Meg\n";
        if($row_day['timeOn']>=$timeOn) {$flag=1; echo "Time On Flagged\n";}
        if($row_day['inData']>=$inData) {$flag=1; echo "data In  Flagged\n";}
        if($row_day['outData']>=$outData) {$flag=1; echo "data Out Flagged\n";}
        if($flag==1) { //got our self a scumbag
                $moveGroup = "update usergroup SET GroupName='punish' WHERE UserName='".$row_day['UserName']."'";
                if (@mysql_query($moveGroup)) {
                        echo "Moved ".$row_day['UserName']." to punishment cell\n";
                } else { $mess=($mess. "Oops, something nasty happened updating the Radius Server Group membership");
                }
        }
} while ($row_day = mysql_fetch_assoc($day));
$flag=0; //Re-set flag
// put them back if they've droped below the levels
$query_ret = "SELECT radacct.UserName, SUM(acctSessionTime) as timeOn, SUM(AcctInputOctets) AS inData, SUM(AcctOutputOctets) AS outData
FROM radacct LEFT JOIN usergroup ON radacct.UserName=usergroup.UserName
WHERE AcctStopTime >= DATE_SUB(NOW(),INTERVAL 1 DAY) AND GroupName='punish'
GROUP BY UserName";
$ret = mysql_query($query_ret, $p2pdb) or die(mysql_error());
$row_ret = mysql_fetch_assoc($ret);
$totalRows_ret = mysql_num_rows($ret);
//re caulcuate for re-enable
$timeOn=$timeOn-$timePen;
$inData=$inData-$inPen;
$outData=$outData-$outPen;
echo "\n";
echo "      Looking for people to move back\n";
do{
        echo "Time: ".round($row_ret['timeOn']/3600,3)."\tIn: ".round($row_ret['inData']/1000000)."Meg\tOut: ".round($row_ret['outData']/1000000)."Meg";
        if($row_ret['timeOn']<=$timeOn && $row_ret['inData']<=$inData && $row_ret['outData']<=$outData) {
                $moveGroup = "update usergroup SET GroupName='user' WHERE UserName='".$row_ret['UserName']."'";
                if (@mysql_query($moveGroup)) {
                        echo "\tMoving ".$row_ret['UserName']." back to the General Population\n";
                } else { $mess=($mess. "Oops, something nasty happened updating the Radius Server Group membership");
                }
        } else { echo "\tLeaving ".$row_ret['UserName']." in punish\n"; }
} while ($row_ret = mysql_fetch_assoc($ret));

?>

[/pre]
you will need command line php to run this one.

Have fun Tom http://www.oceanhippie.net/cat.php?Cat=1