Topic: Coova Chilli Config [Resolved]

[p-jones]

Hi

The coova chilli contrib meets all my requirements however I am having a minor config issue that I dont know how to resolve.

It installed exactly as described onto a new install and fully patched SME 7.5.?

I am using IE8 and this is how I expect it to be used most. When I get re directed to the login / guest page I first get the dreaded MS message about non signed security certificates. How can I get rid of this. I really dont need an https connection for this.

The second annoyance I would like to eliminate is that the login screen opens in window of its own and this window must remain open. This effectively means I must start another instance of IE to start surfing. This is not how other captive portals I have used  when travelling behave.

I dont consider a reconfiguration of IE to be a solution. I am testing with a fairly conventional IE config and the target market would be casual laptop users with equally conventional IE configurations

I am really not certain if these are bugs so I will start here and move to the bug tracker if necessary.


Thanks
Peter

[Daniel B.]

Hi.

For the https warning, it'is because your uers will send clear text passwords to the CGI, so HTTPS is strongly recommanded. If you really want to use HTTP, you'll need to:

- create a custom template overriding /etc/e-smith/templates/etc/chilli.conf/55uamserver, and removing the s
- modify /opt/chilli/cgi-bin/hotspotlogin.cgi and comment the block which enforce HTTPS (line 38 to 54)

For the popup, this is the way chillispot and coovachilli works, the popup is there to display the remaining time, and to allow the user to logout. You need to let it open. I don't think it's a big deal, opening a popup doesn't start another instance of IE, just another window (IE is not a multi process browser). If you really want to remove the need for the popup, you'll need to hack the cgi script /opt/chilli/cgi-bin/hotspotlogin.cgi (check for the occurences of doOnBeforeUnload).


Regards, Daniel

[p-jones]

Uhmmmm

- create a custom template overriding /etc/e-smith/templates/etc/chilli.conf/55uamserver, and removing the s
- modify /opt/chilli/cgi-bin/hotspotlogin.cgi and comment the block which enforce HTTPS (line 38 to 54)

The customs template worked as it should but remarking out the suggested lines just stopped any form of login screen from being displayed. I am out of my depth here now. Any suggestions as to where to next ?

Thanks
Peter

[Daniel B.]

You've probably commented some lines which shouldn't. Check /var/log/httpd/error_log wile you try to load the page

[p-jones]

Check /var/log/httpd/error_log wile you try to load the page

[Mon Nov 29 11:43:29 2010] [warn] RSA server certificate CommonName (CN) `coova.local' does NOT match server name!?
[Mon Nov 29 11:43:30 2010] [notice] Digest: generating secret for digest authentication ...
[Mon Nov 29 11:43:30 2010] [notice] Digest: done
[Mon Nov 29 11:43:35 2010] [warn] RSA server certificate CommonName (CN) `coova.local' does NOT match server name!?
[Mon Nov 29 11:43:35 2010] [notice] Apache configured -- resuming normal operations
[Mon Nov 29 11:50:28 2010] [notice] caught SIGTERM, shutting down
[Mon Nov 29 11:51:58 2010] [warn] RSA server certificate CommonName (CN) `coova.local' does NOT match server name!?
[Mon Nov 29 11:51:58 2010] [notice] Digest: generating secret for digest authentication ...
[Mon Nov 29 11:51:58 2010] [notice] Digest: done

You've probably commented some lines which shouldn't.

hotspotlogin now looks like this. Nothing else is commented out.


# Login page need https
## if (!($ENV{HTTPS} =~ /^on$/)) {
## print "Content-type: text/html\n\n
## <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
## <html>
## <head>
## <title>$conf{domain}/title>
## <meta http-equiv=\"Cache-control\" content=\"no-cache\">
## <meta http-equiv=\"Pragma\" content=\"no-cache\">
## <link rel=\"stylesheet\" type=\"text/css\" href=\"/chilli/css/sme.css\" />
## </head>
## <body>
## <p>&nbsp;</p><p>&nbsp;</p>
## <h2>$lang{loginfailed}</H2><br>
## $lang{neddencrypted}</body></html>";
## exit(0);
## }
$loginpath = $ENV{'SCRIPT_NAME'};

[johnp]

When I tried this a while back, seems I had to make a custom-template fragment for /etc/rc.d/init.d/masq/00Functions01Chilli20input and remove the comment from line 15 before it started working.

Maybe Daniel can confirm this.

[Daniel B.]

Indeed, thanks johnp. You also need to create a custom templates for /etc/rc.d/init.d/masq/00Functions01Chilli20input and uncomment the following line:

Code: [Select]

/sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'httpd-e-smith'}{'TCPPort'} --syn -j ACCEPT

[p-jones]

Thanks for this. I will have another look at it tommorrow.

Found a relevant an interesting link here also where they describe exactly the issue I am working to eliminate.

http://en.gentoo-wiki.com/wiki/Chillispot_with_FreeRadius_and_MySQL#Using_unsecure_URIs

Peter

[p-jones]

Thanks Daniel and thanks johnp. Opening up port 80 in the manner suggested solved the issue.

With this sorted, I can live with the extra popup window.

Rgds
Peter