August 26

static ip / macauth @ chilli spot

nano /etc/chilli.conf

—————————————————————————————————————

##########################################################################$
#
# Sample ChilliSpot configuration file
#
##########################################################################$

# TAG: fg
# Include this flag if process is to run in the foreground
#fg

# TAG: debug
# Include this flag to include debug information.
#debug

# TAG: interval
# Re-read configuration file at this interval. Will also cause new domain
# name lookups to be performed. Value is given in seconds.
interval 3600

# TAG: pidfile
# File to store information about the process id of the program.
# The program must have write access to this file/directory.
pidfile /var/run/chilli.pid

# TAG: statedir
# Directory to use for nonvolatile storage.
# The program must have write access to this directory.
# This tag is currently ignored
#statedir ./
# TUN parameters

# TAG: net
# IP network address of external packet data network
# Used to allocate dynamic IP addresses and set up routing.
# Normally you do not need to uncomment this tag.
net 10.0.0.0/24 < กลุ่มไอพีที่จะให้ chilli แจกเน็ต

# TAG: dynip
# Dynamic IP address pool
# Used to allocate dynamic IP addresses to clients.
# If not set it defaults to the net tag.
# Do not uncomment this tag unless you are an experienced user!
dynip 10.0.0.5/24 < กลุ่มไอพีที่จะให้ chilli แจกไอพี (ในตัวอย่างแจกเริ่มต้นจาก ไอพี 5)

# TAG: statip
# Static IP address pool
# Used to allocate static IP addresses to clients.
# Do not uncomment this tag unless you are an experienced user!
statip 10.0.0.0/24 < กลุ่มไอพีที่จะทำการ fix
# TAG: dns1

# Primary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
dns1 192.168.100.200 < ไอพี เครื่อง chilli เอง

# TAG: dns2
# Secondary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this tag.
dns2 192.168.100.1 < ไอพี router

# TAG: domain
# Domain name
# Will be suggested to the client.
# Normally you do not need to uncomment this tag.
#domain key.chillispot.org
domain localhost

# TAG: ipup
# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
#ipup /etc/chilli.ipup

# TAG: ipdown
# Script executed after network interface has been taken down.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this tag.
#ipdown /etc/chilli.ipdown

# TAG: conup
# Script executed after a user has been authenticated.
# Executed with the following parameters: <devicename> <ip address>
# <mask> <user ip address> <user mac address> <filter ID>
# Normally you do not need to uncomment this tag.
#conup /etc/chilli.conup

# TAG: conup
# Script executed after a user has disconnected.
# Executed with the following parameters: <devicename> <ip address>
# <mask> <user ip address> <user mac address> <filter ID>
# Normally you do not need to uncomment this tag.
#conup /etc/chilli.condown
# Radius parameters

# TAG: radiuslisten

# IP address to listen to
# Normally you do not need to uncomment this tag.
radiuslisten 127.0.0.1

# TAG: radiusserver1
# IP address of radius server 1
# For most installations you need to modify this tag.
radiusserver1 127.0.0.1

# TAG: radiusserver2
# IP address of radius server 2
# If you have only one radius server you should set radiusserver2 to the
# same value as radiusserver1.
# For most installations you need to modify this tag.
radiusserver2 127.0.0.1

# TAG: radiusauthport
# Radius authentication port
# The UDP port number to use for radius authentication requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#radiusauthport 1812

# TAG: radiusacctport
# Radius accounting port
# The UDP port number to use for radius accounting requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this tag.
#radiusacctport 1813

# TAG: radiussecret
# Radius shared secret for both servers
# For all installations you should modify this tag.
radiussecret testing123

# TAG: radiusnasid
# Radius NAS-Identifier
# Normally you do not need to uncomment this tag.
#radiusnasid nas01

# TAG: radiusnasip
# Radius NAS-IP-Address
# Normally you do not need to uncomment this tag.
#radiusnasip 127.0.0.1

# TAG: radiuscalled
# Radius Called-Station-ID
# Normally you do not need to uncomment this tag.
#radiuscalled 00133300

# TAG: radiuslocationid
# WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,

# cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE>
# Normally you do not need to uncomment this tag.
#radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport

# TAG: radiuslocationname
# WISPr Location Name. Should be in the format:
# <HOTSPOT_OPERATOR_NAME>,<LOCATION>
# Normally you do not need to uncomment this tag.
#radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport
# Radius proxy parameters

# TAG: proxylisten
# IP address to listen to
# Normally you do not need to uncomment this tag.
proxylisten 10.0.0.1

# TAG: proxyport
# UDP port to listen to.
# If not specified a port will be selected by the system
# Normally you do not need to uncomment this tag.
proxyport 1645

# TAG: proxyclient
# Client(s) from which we accept radius requests
# Normally you do not need to uncomment this tag.
proxyclient 10.0.0.1/24

# TAG: proxysecret
# Radius proxy shared secret for all clients
# If not specified defaults to radiussecret
# Normally you do not need to uncomment this tag.
proxysecret testing123
# Remote configuration management

# TAG: confusername
# If confusername is specified together with confpassword chillispot
# will at regular intervals specified by the interval option query the
# radius server for configuration information.
# Normally you do not need to uncomment this tag.
confusername conf

# TAG: confpassword
# If confusername is specified together with confpassword chillispot
# will at regular intervals specified by the interval option query the
# radius server for configuration information.
# Normally you do not need to uncomment this tag.
confpassword secret

# DHCP Parameters

# TAG: dhcpif
# Ethernet interface to listen to.
# This is the network interface which is connected to the access points.
# In a typical configuration this tag should be set to eth1.
dhcpif eth2.30 < การ์ดแลนใบที่จะให้ chilli แจกไอพี

# TAG: dhcpmac
# Use specified MAC address.
# An address in the range 00:00:5E:00:02:00 – 00:00:5E:FF:FF:FF falls
# within the IANA range of addresses and is not allocated for other
# purposes.
# Normally you do not need to uncomment this tag.
#dhcpmac 00:00:5E:00:02:00

# TAG: lease
# Time before DHCP lease expires
# Normally you do not need to uncomment this tag.
lease 600
# Universal access method (UAM) parameters

# TAG: uamserver
# URL of web server handling authentication.
uamserver http://10.0.0.1/yiuwifi/hotspotlogin.php

# TAG: uamhomepage
# URL of welcome homepage.
# Unauthenticated users will be redirected to this URL. If not specified
# users will be redirected to the uamserver instead.
# Normally you do not need to uncomment this tag.
#uamhomepage http://192.168.182.1/welcome.html

# TAG: uamsecret
# Shared between chilli and authentication web server
uamsecret #############

# TAG: uamlisten
# IP address to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
uamlisten 10.0.0.1

# TAG: uamport
# TCP port to listen to for authentication requests
# Do not uncomment this tag unless you are an experienced user!
uamport 3990

# TAG: uamallowed
# Comma separated list of domain names, IP addresses or network segments

# the client can access without first authenticating.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#uamallowed www.chillispot.org,10.11.12.0/24
uamallowed yiu.ac.th,reg.yiu.ac.th < กำหนดเว็บที่ยอมให้เข้าโดยไม่ต้อง authen

# TAG: uamanydns
# If this flag is given unauthenticated users are allowed to use
# any DNS server.
# Normally you do not need to uncomment this tag.
#uamanydns
# MAC authentication

# TAG: macauth
# If this flag is given users will be authenticated only on their MAC
# address.
# Normally you do not need to uncomment this tag.
macauth

# TAG: macallowed
# List of MAC addresses.
# The MAC addresses specified in this list will be authenticated only on
# their MAC address.
# This tag is ignored if the macauth tag is given.
# It is possible to specify this tag multiple times.
# Normally you do not need to uncomment this tag.
#macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9

# TAG: macpasswd
# Password to use for MAC authentication.
# Normally you do not need to uncomment this tag.
macpasswd password

# TAG: macsuffix
# Suffix to add to MAC address in order to form the username.
# Normally you do not need to uncomment this tag.
#macsuffix suffix

# TAG: kick user online
# Example
# /bin/echo User-Name=love| /usr/bin/radclient -x 127.0.0.1:3779 disconnec$
coaport 3779

————————————————————————————————-

Fix ไอพีให้กับ Mac Address

เพิ่มข้อมูลในตาราง radreply

UserName = MAC Address เครื่องที่ต้องการ Fix ไอพี  (รูปแบบ XX-XX-XX-XX-XX-XX)
Attribbute = Framed-IP-Address
op = :=
Value = หมายเลขไอพีในกลุ่มที่กำหนดในส่วน statip

รูปแบบคำสั่ง SQL

INSERT INTO `ชื่อฐานข้อมูล`.`radreply` (`id`, `UserName`, `Attribute`, `op`, `Value`) VALUES (NULL, ‘XX-XX-XX-XX-XX-XX‘, ‘Framed-IP-Address‘, ‘:=’, ‘หมายลข ip address ที่ต้องการกำหนด‘);

 

ถ้าต้องการให้ออกเน็ตทันทีที่ต่อเข้ากับเครือข่าย

เพิ่มข้อมูลในตาราง radcheck 

UserName = MAC Address เครื่องที่ต้องการออกเน็ตทันทีที่ต่อเข้ากับเครือข่าย (รูปแบบ XX-XX-XX-XX-XX-XX)
Attribbute = Auth-Type
op = ==
Value = Accept

รูปแบบคำสั่ง SQL

INSERT INTO `ชื่อฐานข้อมูล`.`radcheck` (`id`, `UserName`, `Attribute`, `op`, `Value`) VALUES (NULL, ‘XX-XX-XX-XX-XX-XX‘, ‘Auth-Type‘, ‘==’, ‘Accept’);

 

( สำหรับระบบ phpwifi ) เพื่อให้ในหน้ารายงานผู้ที่กำลังใช้งานระบบแสดงผลเป็นชื่อแทน เลข Mac address

เพิ่มข้อมูลในตาราง radreply

UserName = MAC Address เครื่องที่ต้องการกำหนด (รูปแบบ XX-XX-XX-XX-XX-XX)
Attribbute = Nick-Name-MAC
op = :=
Value = กำหนดชื่อที่ต้องการแสดงผล เช่นชื่ออุปกรณ์ ชื่อเจ้าของ ฯลฯ

รูปแบบคำสั่ง SQL

INSERT INTO `ชื่อฐานข้อมูล`.`radreply` (`id`, `UserName`, `Attribute`, `op`, `Value`) VALUES (NULL, ‘XX-XX-XX-XX-XX-XX‘, ‘Nick-Name-MAC’, ‘:=’, ‘กำหนดชื่อ‘);

 

กำหนดความเร็วในการ upload และ download (หน่วยเป็น ไบต์)

เพิ่มข้อมูลในตาราง radreply (สำหรับค่า upload)

UserName = MAC Address เครื่องที่ต้องการกำหนด (รูปแบบ XX-XX-XX-XX-XX-XX)
Attribbute = WISPr-Bandwidth-Max-Up
op = :=
Value = 1024000 (หน่วยเป็นไบต์)

เพิ่มข้อมูลในตาราง radreply (สำหรับค่า download)

UserName = MAC Address เครื่องที่ต้องการกำหนด (รูปแบบ XX-XX-XX-XX-XX-XX)
Attribbute = WISPr-Bandwidth-Max-Up
op = :=
Value = 40960000 (หน่วยเป็นไบต์)

รูปแบบคำสั่ง SQL (มัดรวม)

INSERT INTO `ชื่อฐานข้อมูล`.`radreply` (`id`, `UserName`, `Attribute`, `op`, `Value`) VALUES (NULL, ‘XX-XX-XX-XX-XX-XX‘, ‘WISPr-Bandwidth-Max-Up’, ‘:=’, ‘1024000‘), (NULL, ‘XX-XX-XX-XX-XX-XX‘, ‘WISPr-Bandwidth-Max-Down’, ‘:=’, ‘40960000‘);


Tags: , ,
Copyright 2019. All rights reserved.

Posted August 26, 2013 by lumos in category "Uncategorized