Annotation of embedaddon/coova-chilli/doc/chilli.conf.5.in, revision 1.1
1.1 ! misho 1: .\" * chilli.conf
! 2: .\" * Copyright (C) 2002, 2003, 2004, 2005 Mondru AB.
! 3: .\" * Copyright (C) 2007 David Bird <david@coova.com>
! 4: .\" *
! 5: .\" * All rights reserved.
! 6: .\" *
! 7: .\" Manual page for chilli
! 8: .\" SH section heading
! 9: .\" SS subsection heading
! 10: .\" LP paragraph
! 11: .\" IP indented paragraph
! 12: .\" TP hanging label
! 13:
! 14: .TH chilli.conf 5 "August 2007"
! 15: .SH NAME
! 16: chilli.conf \- Chilli Configuration
! 17:
! 18: .SH DESCRIPTION
! 19:
! 20: .B chilli
! 21: has many configuration parameters which can either be used on the command
! 22: line or in a configuration file. When on the command line, options are
! 23: prefixed with two dashes and may or may not have an equal sign, for
! 24: instance, these are equivalent:
! 25:
! 26: .I chilli --uamallowed coova.org --uamanydns
! 27:
! 28: .I chilli --uamallowed="coova.org" --uamanydns
! 29:
! 30: Options that do not have arguments behave the same way, just without any
! 31: equal sign or second argument. When in the configuration file, options must
! 32: not have any dashes, but can still be used with or without the equal sign,
! 33: as in:
! 34:
! 35: .I uamallowed "coova.org"
! 36:
! 37: .I uamallowed=coova.org
! 38:
! 39: .I uamanydns
! 40:
! 41: Options given on the command line take precedent over any options defined in
! 42: a configuration file. The default main configuration file is
! 43: .I @SYSCONFDIR@/chilli.conf
! 44: which can be overridden using the
! 45: .B \-\-conf
! 46: option (or just
! 47: .B \-\-c
! 48: for short) on the command line. Configuration files may also include other
! 49: configuration files as in:
! 50:
! 51: .I include /path/to/chilli/configfile.conf
! 52:
! 53: Blank lines and comment lines starting with
! 54: .B '#'
! 55: are also allowed in the configuration file.
! 56:
! 57: .SH OPTIONS
! 58:
! 59: As mentioned above, all options below are able to be put on the command line
! 60: (prefixed with '--') or in a configuration file. A few options, shown below
! 61: with the leading dashes, are typically only used on the command line.
! 62:
! 63: .TP
! 64: .BI --help
! 65: Or
! 66: .B -h
! 67: for short; prints help and exits (command line)
! 68:
! 69: .TP
! 70: .BI --version
! 71: Or
! 72: .B -V
! 73: for short; prints version and exits (command line)
! 74:
! 75: .TP
! 76: .BI --fg
! 77: Or
! 78: .B -f
! 79: for short; runs server in foreground (command line)
! 80:
! 81: .TP
! 82: .BI --debug
! 83: Or
! 84: .B -d
! 85: for short; run server in debug mode (command line)
! 86:
! 87: .TP
! 88: .BI --debugfacility " level"
! 89: Increase the debug level (command line) (should be named debuglevel)
! 90:
! 91: .TP
! 92: .BI --conf " file"
! 93: Or
! 94: .BI -c " file"
! 95: for short; use the configuration file
! 96: .I file
! 97: instead of the default show in
! 98: .B FILES
! 99: (command line)
! 100:
! 101: .TP
! 102: .BI logfacility " facility"
! 103: The
! 104: .BR syslog(8)
! 105: facility to use for logging.
! 106:
! 107: .TP
! 108: .BI interval " seconds"
! 109: Re-read configuration file and do DNS lookups every interval
! 110: seconds. This has the same effect as sending the HUP signal. If
! 111: .B interval
! 112: is 0 (zero) this feature is disabled.
! 113:
! 114: .TP
! 115: .BI pidfile " file"
! 116: Filename to put the process id, see
! 117: .B FILES
! 118: for default.
! 119:
! 120: .TP
! 121: .BI statedir " path"
! 122: Directory of non-volatile data, see
! 123: .B FILES
! 124: for default.
! 125:
! 126: .TP
! 127: .BI cmdsock " file"
! 128: UNIX socket used for communication with
! 129: .BR chilli_query(1)
! 130: see
! 131: .B FILES
! 132: for default.
! 133:
! 134: .TP
! 135: .BI net " net"
! 136: Network address of the uplink interface (default = 192.168.182.0/24). The
! 137: network address is set during initialisation when
! 138: .B chilli
! 139: establishes a tun device for the uplink interface. The network address
! 140: is specified as either <address>/<netmask> (192.168.182.0/255.255.255.0)
! 141: or <address>/<prefix> (192.168.182.0/24).
! 142:
! 143: .TP
! 144: .BI dynip " net"
! 145: Dynamic IP address pool. Specifies a pool of dynamic IP addresses. If
! 146: this option is omitted the network address specified by the
! 147: .B net
! 148: option is used for dynamic IP address allocation. See the
! 149: .B net
! 150: option for a description of the network address format.
! 151:
! 152: .TP
! 153: .BI statip " net"
! 154: Static IP address pool. Specifies a pool of static IP addresses. With
! 155: static address allocation the IP address of the client can be
! 156: specified by the radius server. Static address allocation can be used
! 157: for both MAC authentication and Wireless Protected Access.
! 158:
! 159: .TP
! 160: .BI dns1 " host"
! 161: DNS Server 1. It is used to inform the client about the DNS address to
! 162: use for host name resolution. If this option is not given the system
! 163: primary DNS is used.
! 164:
! 165: .TP
! 166: .BI dns2 " host"
! 167: DNS Server 2. It is used to inform the client about the DNS address to
! 168: use for host name resolution. If this option is not given the system
! 169: secondary DNS is used.
! 170:
! 171: .TP
! 172: .BI domain " domain"
! 173: Domain name. It is used to inform the client about the domain name to
! 174: use for DNS lookups.
! 175:
! 176: .TP
! 177: .BI ipup " script"
! 178: Script executed after the TUN/TAP network interface has been brought up.
! 179: Executed with the following parameters:
! 180: .I <device-name> <ip-address> <net-mask>
! 181: and with environment variables:
! 182: .RS
! 183: .TP
! 184: .BI DEV= <tun/tap-device-name>
! 185: The TUN/TAP device being brought up.
! 186:
! 187: .TP
! 188: .BI ADDR= <tun/tap-device-ip>
! 189: The TUN/TAP device IP address being brought up.
! 190:
! 191: .TP
! 192: .BI MASK= <tun/tap-device-mask>
! 193: The TUN/TAP device net mask being brought up.
! 194:
! 195: .TP
! 196: .BI NET= <tun/tap-device-net>
! 197: The TUN/TAP device network being brought up.
! 198:
! 199: .TP
! 200: .BI DHCPIF= <interface>
! 201: The
! 202: .B dhcpif
! 203: configured in
! 204: .BR chilli.conf(5)
! 205:
! 206: .TP
! 207: .BI UAMPORT= <port-num>
! 208: The
! 209: .B uamport
! 210: configured in
! 211: .BR chilli.conf(5)
! 212:
! 213: .TP
! 214: .BI UAMUIPORT= <port-num>
! 215: The
! 216: .B uamuiport
! 217: configured in
! 218: .BR chilli.conf(5)
! 219:
! 220: .RE
! 221:
! 222: .TP
! 223: .BI ipdown " script"
! 224: Script executed after the tun network interface has been taken down
! 225: with the same arguments and environment variables as above.
! 226:
! 227: .TP
! 228: .BI conup " script"
! 229: Script executed after the tun network interface has been brought up.
! 230: Executed with the following environment variables (see source code for
! 231: possibly more):
! 232: .RS
! 233:
! 234: .TP
! 235: .BI DEV= <tun/tap-device>
! 236: The TUN/TAP device.
! 237:
! 238: .TP
! 239: .BI ADDR= <chilli-ip>
! 240: IP Address of chilli, see the
! 241: .B uamlisten
! 242: option.
! 243:
! 244: .TP
! 245: .BI NET= <chilli-net>
! 246: Network of chilli, see the
! 247: .B net
! 248: option.
! 249:
! 250: .TP
! 251: .BI MASK= <chilli-net-mask>
! 252: Network mask of chilli, see the
! 253: .B net
! 254: options.
! 255:
! 256: .TP
! 257: .BI NAS_IP_ADDRESS= <radiuslisten>
! 258: Is set to the
! 259: .B radiuslisten
! 260: value.
! 261:
! 262: .TP
! 263: .BI NAS_ID= <nas-id>
! 264: The
! 265: .B radiusnasid
! 266: option.
! 267:
! 268: .TP
! 269: .BI WISPR_LOCATION_ID= <location-id>
! 270: The
! 271: .B radiuslocationid
! 272: option.
! 273:
! 274: .TP
! 275: .BI WISPR_LOCATION_NAME= <location-name>
! 276: The
! 277: .B radiuslocationname
! 278: option.
! 279:
! 280: .TP
! 281: .BI USER_NAME= <username>
! 282: User-name used to login.
! 283:
! 284: .TP
! 285: .BI FRAMED_IP_ADDRESS= <client-ip>
! 286: The client's IP Address.
! 287:
! 288: .TP
! 289: .BI CALLING_STATION_ID= <client-mac>
! 290: The client's MAC Address.
! 291:
! 292: .TP
! 293: .BI CALLED_STATION_ID= <chilli-mac>
! 294: The MAC address of the chilli interface.
! 295:
! 296: .TP
! 297: .BI FILTER_ID= <filter>
! 298: A possible filter ID returned in RADIUS Filter-ID.
! 299:
! 300: .TP
! 301: .BI SESSION_TIMEOUT= <seconds>
! 302: The max session time, as set by RADIUS Session-Timeout.
! 303:
! 304: .TP
! 305: .BI IDLE_TIMEOUT= <seconds>
! 306: The max idle time, as set by RADIUS Idle-Timeout.
! 307:
! 308: .TP
! 309: .BI WISPR_BANDWIDTH_MAX_UP= <bandwidth>
! 310: Max up stream bandwidth set by RADIUS WISPr-Bandwidth-Max-Up.
! 311:
! 312: .TP
! 313: .BI WISPR_BANDWIDTH_MAX_DOWN= <bandwidth>
! 314: Max down stream bandwidth set by RADIUS WISPr-Bandwidth-Max-Down.
! 315:
! 316: .TP
! 317: .BI CHILLISPOT_MAX_INPUT_OCTETS= <bytes>
! 318: Max input octets set by RADIUS ChilliSpot-Max-Input-Octets.
! 319:
! 320: .TP
! 321: .BI CHILLISPOT_MAX_OUTPUT_OCTETS= <bytes>
! 322: Max output octets set by RADIUS ChilliSpot-Max-Output-Octets.
! 323:
! 324: .TP
! 325: .BI CHILLISPOT_MAX_TOTAL_OCTETS= <bytes>
! 326: Max total octets set by RADIUS ChilliSpot-Max-Total-Octets.
! 327:
! 328: .RE
! 329:
! 330: .TP
! 331: .BI condown " script"
! 332: Script executed after a session has moved from authorized state to unauthorized
! 333: with the same environment variables as above.
! 334:
! 335: .TP
! 336: .BI ssid " ssid"
! 337: A parameter that is passed on to the UAM server in the initial redirect
! 338: URL.
! 339:
! 340: .TP
! 341: .BI vlan " vlan"
! 342: A parameter that is passed on to the UAM server in the initial redirect
! 343: URL.
! 344:
! 345: .TP
! 346: .BI nasip " ipaddress"
! 347: Value to use in RADIUS NAS-IP-Address attribute. If not present,
! 348: .B radiuslisten
! 349: is used (which defaults to "0.0.0.0").
! 350:
! 351: .TP
! 352: .BI nasmac " mac"
! 353: MAC address value to use in RADIUS Called-Station-ID attribute. If not present,
! 354: the MAC address of the
! 355: .B dhcpif
! 356: is used for Called-Station-ID.
! 357:
! 358: .TP
! 359: .BI radiuslisten " host"
! 360: Local interface IP address to use for the radius interface. Defaults to the
! 361: value used in RADIUS NAS-IP-Address when
! 362: .B nasip
! 363: is not set.
! 364:
! 365: .TP
! 366: .BI radiusserver1 " host"
! 367: The IP address of radius server 1 (default=rad01.coova.org).
! 368:
! 369: .TP
! 370: .BI radiusserver2 " host"
! 371: The IP address of radius server 2 (default=rad01.coova.org).
! 372:
! 373: .TP
! 374: .BI radiusauthport " port"
! 375: The UDP port number to use for radius authentication requests (default 1812).
! 376:
! 377: .TP
! 378: .BI radiusacctport " port"
! 379: The UDP port number to use for radius accounting requests (default 1813).
! 380:
! 381: .TP
! 382: .BI radiussecret " secret"
! 383: Radius shared secret for both servers (default coova-anonymous). This
! 384: secret should be changed in order not to compromise security.
! 385:
! 386: .TP
! 387: .BI radiusnasid " id"
! 388: Network access server identifier (default nas01).
! 389:
! 390: .TP
! 391: .BI radiuslocationid " id"
! 392: WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,
! 393: cc=<E.164_Country_Code>, ac=<E.164_Area_Code>, network=<ssid/ZONE>. This
! 394: parameter is further described in the document: Wi-Fi Alliance -
! 395: Wireless ISP Roaming - Best Current Practices v1, Feb 2003.
! 396:
! 397: .TP
! 398: .BI radiuslocationname " name"
! 399: WISPr Location Name. Should be in the format:
! 400: <HOTSPOT_OPERATOR_NAME>,<LOCATION>. This parameter is further
! 401: described in the document: Wi-Fi Alliance - Wireless ISP Roaming -
! 402: Best Current Practices v1, Feb 2003.
! 403:
! 404: .TP
! 405: .BI radiusnasporttype " type"
! 406: Value of NAS-Port-Type attribute. Defaults to 19
! 407: (Wireless-IEEE-802.11).
! 408:
! 409: .TP
! 410: .BI radiusoriginalurl
! 411: Flag (defaults to off) to send the ChilliSpot-OriginalURL RADIUS VSA in
! 412: Access-Request.
! 413:
! 414: .TP
! 415: .BI adminuser " username"
! 416: User-name to use for Administrative-User authentication in order to pick up
! 417: chilli configurations and establish a device 'system' session.
! 418:
! 419: .TP
! 420: .BI adminpasswd " password"
! 421: Password to use for Administrative-User authentication in order to pick up
! 422: chilli configurations and establish a device 'system' session.
! 423:
! 424: .TP
! 425: .B swapoctets
! 426: Swap the meaning of "input octets" and "output octets" as it related to
! 427: RADIUS attribtues.
! 428:
! 429: .TP
! 430: .B openidauth
! 431: Allows OpenID authentication by sending
! 432: .I ChilliSpot-Config=allow-openidauth
! 433: in RADIUS Access-Requests to inform the RADIUS server of the option.
! 434:
! 435: .TP
! 436: .B wpaguests
! 437: Allows WPA Guest authentication by sending
! 438: .I ChilliSpot-Config=allow-wpa-guests
! 439: in RADIUS Access-Requests to inform the RADIUS server of the option. The
! 440: RADIUS may return with an Access-Accept containing
! 441: .I ChilliSpot-Config=require-uam-auth
! 442: to give WPA access, but enforce the captive portal.
! 443:
! 444: .TP
! 445: .BI coaport " port"
! 446: UDP port to listen to for accepting radius disconnect requests.
! 447:
! 448: .TP
! 449: .B coanoipcheck
! 450: If this option is given no check is performed on the source IP address
! 451: of radius disconnect requests. Otherwise it is checked that radius
! 452: disconnect requests originate from
! 453: .B radiusserver1
! 454: or
! 455: .B radiusserver2.
! 456:
! 457: .TP
! 458: .BI proxylisten " host"
! 459: Local interface IP address to use for accepting radius requests.
! 460:
! 461: .TP
! 462: .BI proxyport " port"
! 463: UDP Port to listen to for accepting radius requests.
! 464:
! 465: .TP
! 466: .BI proxyclient " host"
! 467: IP address from which radius requests are accepted. If omitted the
! 468: server will not accept radius requests.
! 469:
! 470: .TP
! 471: .BI proxysecret " secret"
! 472: Radius shared secret for clients. If not specified it defaults to
! 473: .B radiussecret.
! 474:
! 475: .TP
! 476: .BI dhcpif " dev"
! 477: Ethernet interface to listen to for the downlink interface. This
! 478: option must be specified.
! 479:
! 480: .TP
! 481: .B usetap
! 482: Use the TAP interface instead of TUN (Linux only).
! 483:
! 484: .TP
! 485: .BI tundev " dev"
! 486: The specific device to use for the TUN/TAP interface.
! 487:
! 488: .TP
! 489: .BI txqlen " bytes"
! 490: The TX queue length to set on the TUN/TAP interface.
! 491:
! 492: .TP
! 493: .BI dhcpmac " address"
! 494: MAC address to listen to. If not specified the MAC address of the
! 495: interface will be used. The MAC address should be chosen so that it
! 496: does not conflict with other addresses on the LAN. An address in the
! 497: range 00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls within the IANA
! 498: range of addresses and is not allocated for other purposes.
! 499: .RS
! 500: The
! 501: .B dhcpmac
! 502: option can be used in conjunction with access filters in the access
! 503: points, or with access points which supports packet forwarding to a
! 504: specific MAC address. Thus it is possible at the MAC level to separate
! 505: access point management traffic from user traffic for improved system
! 506: security.
! 507:
! 508: The
! 509: .B dhcpmac
! 510: option will set the interface in promisc mode.
! 511: .RE
! 512:
! 513: .TP
! 514: .BI lease " seconds"
! 515: Use a DHCP lease of seconds (default 600).
! 516:
! 517: .TP
! 518: .BI dhcpstart " number"
! 519: Where to start assigning IP addresses (default 10).
! 520:
! 521: .TP
! 522: .BI dhcpend " number"
! 523: Where to stop assigning IP addresses (default 254).
! 524:
! 525: .TP
! 526: .B eapolenable
! 527: If this option is given IEEE 802.1x authentication is enabled. ChilliSpot
! 528: will listen for EAP authentication requests on the interface specified by
! 529: .B dhcpif.
! 530: EAP messages received on this interface are forwarded to the radius server.
! 531:
! 532: .TP
! 533: .BI uamserver " url"
! 534: URL of web server to use for authenticating clients.
! 535:
! 536: .TP
! 537: .BI uamhomepage " url"
! 538: URL of homepage to redirect unauthenticated users to. If not specified this defaults to
! 539: .B uamserver.
! 540:
! 541: .TP
! 542: .BI wisprlogin " url"
! 543: A specific URL to be given in WISPr XML LoginURL. Otherwise,
! 544: .B uamserver
! 545: is used.
! 546:
! 547: .TP
! 548: .BI uamsecret " secret"
! 549: Shared secret between uamserver and chilli. This secret should be set
! 550: in order not to compromise security.
! 551:
! 552: .TP
! 553: .BI uamlisten " host"
! 554: IP address to listen to for authentication of clients. If an
! 555: unauthenticated client tries to access the Internet she will be
! 556: redirected to this address.
! 557:
! 558: .TP
! 559: .BI uamport " port"
! 560: TCP port to bind to for authenticating clients (default = 3990).
! 561: If an unauthenticated client tries to access the Internet she will be
! 562: redirected to this port on the
! 563: .B uamlisten
! 564: IP address.
! 565:
! 566: .TP
! 567: .BI uamuiport " port"
! 568: TCP port to bind to for only serving embedded content.
! 569:
! 570: .TP
! 571: .BI uamallowed " domain"
! 572: Comma separated list of resources the client can access without first
! 573: authenticating. Each entry in the list can be a domain names, IP addresses,
! 574: or network segment. Example:
! 575:
! 576: .RS
! 577: .BI uamallowed " www.chillispot.org,10.11.12.0/24"
! 578:
! 579: Where each entry can be made more specific by specifying a protocol and port
! 580: in the format
! 581: .I host/network:port
! 582: or
! 583: .I protocol:host/network
! 584: or
! 585: .I protocol:host/network:port
! 586: where
! 587: .I protocol
! 588: is a protocol name from /etc/protocols,
! 589: .I host/network
! 590: is just as above (a domain, IP, or network), and
! 591: .I port
! 592: is a port number. Example:
! 593:
! 594: .BI uamallowed " coova.org:80,icmp:coova.org"
! 595:
! 596: Adding to your walled garden is useful for allowing access to a credit card payment gateways,
! 597: community website, or other publicly available resources.
! 598:
! 599: ChilliSpot resolves the domain names to a set of IP addresses during
! 600: startup. Some big sites change the returned IP addresses for each
! 601: lookup. This behaviour is not compatible with this option. Domain names in
! 602: the list do get updated periodically based on the
! 603: .B interval
! 604: option.
! 605:
! 606: It is possible to specify the
! 607: .B uamallowed
! 608: option several times. This is useful if many domain names have to be
! 609: specified.
! 610: .RE
! 611:
! 612: .TP
! 613: .BI uamdomain " domain"
! 614: One domain prefix per use of the option; defines a list of domain names to
! 615: automatically add to the walled garden. This is done by the inspecting of
! 616: DNS packets being sent back to the subscriber.
! 617:
! 618: .TP
! 619: .BI uamlogoutip " ipaddress"
! 620: Use this IP address to instantly logout a client accessing it (defaults to 1.1.1.1).
! 621:
! 622: .TP
! 623: .BI defsessiontimeout " seconds"
! 624: Default session timeout (max session time) unless otherwise set by RADIUS
! 625: (defaults to 0, meaning unlimited).
! 626:
! 627: .TP
! 628: .BI defidletimeout " seconds"
! 629: Default idle timeout (max idle time) unless otherwise set by RADIUS
! 630: (defaults to 0, meaning unlimited).
! 631:
! 632: .TP
! 633: .BI definteriminterval " seconds"
! 634: Default interim-interval for RADIUS accounting unless otherwise set by RADIUS
! 635: (defaults to 0, meaning unlimited).
! 636:
! 637: .TP
! 638: .B acctupdate
! 639: Allow updating of session parameters with RADIUS attributes sent in
! 640: Accounting-Response.
! 641:
! 642: .TP
! 643: .BI wwwdir " path"
! 644: Directory where embedded local web content is placed. This content is
! 645: accessible using the URL format http://<uamlisten>:<uamport>/www/<filename>
! 646:
! 647: .TP
! 648: .BI wwwbin " script"
! 649: Executable to run as a CGI type program (like haserl) for URLs with extention
! 650: .B .chi
! 651: - in the format
! 652: http://<uamlisten>:<uamport>/www/<file>.chi
! 653:
! 654: .TP
! 655: .BI uamui " script"
! 656: An init.d style program to handle local content on the
! 657: .B uamuiport
! 658: web server.
! 659:
! 660: .TP
! 661: .B uamanydns
! 662: Allow any DNS server.
! 663: Normally unauthenticated clients are only allowed to communicate with the
! 664: DNS servers specified by the
! 665: .B dns1
! 666: and
! 667: .B dns2
! 668: options. If the
! 669: .B uamanydns
! 670: option is given ChilliSpot will allow the client to use all DNS
! 671: servers. This is convenient for clients which are configured to
! 672: use a fixed set of DNS servers. For security reasons this option
! 673: should be combined with a destination NAT firewall rule which forwards
! 674: all DNS requests to a given DNS server.
! 675:
! 676: .TP
! 677: .B dnsparanoia
! 678: Inspect DNS packets and drop responses with any non- A, CNAME, SOA, or MX
! 679: records (to prevent dns tunnels; experimental).
! 680:
! 681: .TP
! 682: .B uamanyip
! 683: Allow clients to use any IP settings they wish by spoofing ARP
! 684: (experimental).
! 685:
! 686: .TP
! 687: .B nouamsuccess
! 688: Do not return to UAM server on login success, just redirect to original URL.
! 689:
! 690: .TP
! 691: .B nouamwispr
! 692: Do not do any WISPr XML, assume the back-end is doing this instead.
! 693:
! 694: .TP
! 695: .B usestatusfile
! 696: Write the status of clients in a non-volatile state file (experimental).
! 697:
! 698: .TP
! 699: .B chillixml
! 700: Return the so-called Chilli XML along with WISPr XML.
! 701:
! 702: .TP
! 703: .B macauth
! 704: If this option is given ChilliSpot will try to authenticate all users
! 705: based on their mac address alone. The User-Name sent to the radius
! 706: server will consist of the MAC address and an optional suffix which
! 707: is specified by the
! 708: .B macsuffix
! 709: option. If the
! 710: .B macauth
! 711: option is specified the
! 712: .B macallowed
! 713: option is ignored.
! 714:
! 715: .TP
! 716: .BI macallowed " mac"
! 717: List of MAC addresses for which MAC authentication will be performed.
! 718: Example:
! 719:
! 720: .RS
! 721: .BI macallowed " 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9"
! 722:
! 723: The User-Name sent to the radius server will consist of the MAC address
! 724: and an optional suffix which is specified by the
! 725: .B macsuffix
! 726: option. If the
! 727: .B macauth
! 728: option is specified the
! 729: .B macallowed
! 730: option is ignored.
! 731:
! 732: It is possible to specify the
! 733: .B macallowed
! 734: option several times. This is useful if many mac addresses has to be
! 735: specified.
! 736: .RE
! 737:
! 738: .TP
! 739: .BI macsuffix " suffix"
! 740: Suffix to add to the MAC address in order to form the User-Name, which
! 741: is sent to the radius server.
! 742:
! 743: .TP
! 744: .BI macpasswd " password"
! 745: Password used when performing MAC authentication. (default = password)
! 746:
! 747: .TP
! 748: .B macallowlocal
! 749: An option to allow MAC authentication based on
! 750: .B macallowed
! 751: without the use of RADIUS authentication.
! 752:
! 753: .TP
! 754: .BI localusers " file"
! 755: A colon seperated file containing usernames and passwords of locally
! 756: authenticated users.
! 757:
! 758: .TP
! 759: .BI postauthproxy " ipaddress"
! 760: Used with
! 761: .B postauthproxyport
! 762: to define a post authentication HTTP proxy server.
! 763:
! 764: .TP
! 765: .BI postauthproxyport " port"
! 766: Used with
! 767: .B postauthproxy
! 768: to define a post authentication HTTP proxy server.
! 769:
! 770: .TP
! 771: .BI locationname " name"
! 772: Human readable location name used in JSON interface.
! 773:
! 774: .TP
! 775: .B papalwaysok
! 776: (now depreciated; always on) Was used to allow PAP authentication.
! 777:
! 778: .SH FILES
! 779: .I @SYSCONFDIR@/chilli.conf
! 780: .RS
! 781: The main
! 782: .B chilli
! 783: configuration file. Per default, this file includes three other files;
! 784: .B main.conf, hs.conf,
! 785: and
! 786: .B local.conf.
! 787: The main.conf and hs.conf are created by
! 788: the shell script routines in
! 789: .B functions
! 790: based on configurations in the files mentioned below and possibility taking
! 791: some configurations from a remote RADIUS server or URL. The local.conf file is
! 792: reserved for location specific configurations.
! 793:
! 794: .RE
! 795: .I @ETCCHILLI@/defaults
! 796: .RS
! 797: Default configurations used by the
! 798: .B chilli
! 799: init.d and
! 800: .B functions
! 801: scripts in creating the actual configuration files. See the comments in this
! 802: file for more information on how to configure
! 803: .B chilli
! 804: and related scripts and embedded content.
! 805: .RE
! 806:
! 807: .RE
! 808: .I @ETCCHILLI@/config
! 809: .RS
! 810: Location specific configurations used by
! 811: .B chilli
! 812: init.d and
! 813: .B functions
! 814: scripts. Copy the
! 815: .B defaults
! 816: file mentioned above and edit. This file is loaded after the
! 817: .B defaults
! 818: and thus will override settings.
! 819: .RE
! 820:
! 821: .RE
! 822: .I @ETCCHILLI@/functions
! 823: .RS
! 824: Helps configure
! 825: .B chilli
! 826: by loading the above configurations, sets some defaults, and
! 827: provides functions for writing
! 828: .B main.conf, hs.conf,
! 829: and
! 830: .B local.conf
! 831: based on local and possibily centralized settings.
! 832: .RE
! 833:
! 834: .RE
! 835: .I @INITDIR@/chilli
! 836: .RS
! 837: The init.d file for
! 838: .B chilli
! 839: which defaults to using the above configurations to build a set of
! 840: configurations files in the @ETCCHILLI@ directory - taking local
! 841: configurations and optionally centralized configurations from RADIUS or a
! 842: URL.
! 843:
! 844: .RE
! 845:
! 846: .SH "SEE ALSO"
! 847: .BR chilli(8)
! 848: .BR chilli-radius(5)
! 849: .BR chilli_radconfig(1)
! 850: .BR syslogd(8)
! 851:
! 852:
! 853: .SH NOTES
! 854: .LP
! 855:
! 856: See
! 857: .I http://coova.org/
! 858: for further documentation and community support.
! 859: The original ChilliSpot project homepage is/was at www.chillispot.org.
! 860:
! 861: .SH AUTHORS
! 862:
! 863: CoovaChilli and ChilliSpot are licensed under the Gnu Public License.
! 864: Copyright (C) 2002-2005 by Mondru AB.,
! 865: 2006-2007 David Bird <david@coova.com>,
! 866: All rights reserved.
! 867:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>