100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS

100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS

Pre-requisites

-Ubuntu 12.04 LTS

-2 NICs eth0 connected to Internet on either static or dhcp, eth1 connect to clients with no IP address

Install Ubuntu 12.04 LTS Server

- Install LAMP, SSH Server, BIND

Update packages cache

    3  sudo apt-get update

Install freeradius

   12  sudo apt-get install freeradius freeradius-mysql apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql

Setup FQDN

   13  nano /etc/apache2/httpd.conf

      e.g.

      servername ppPortal.local

Daloradius

Download daloradius-0.9-9 from http://sourceforge.net/projects/daloradius/

   17  tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/

   18  sudo tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/

   21  cd /var/www/

   23  sudo mv daloradius-0.9-9 daloradius

   26  cd daloradius/contrib/db/

Create RADIUSDB database

   32  mysql -u root -p

mysql> create database radiusdb;

mysql>quit

   35  mysql -u root -p radiusdb < fr2-mysql-daloradius-and-freeradius.sql

   36  mysql -u root -p

mysql>CREATE USER 'raddbuser'@'localhost';

mysql>SET PASSWORD FOR 'raddbuser'@'localhost' = PASSWORD('raddbpass');

mysql>GRANT ALL ON radiusdb.* to 'raddbuser'@'localhost';

mysql> quit

Test Freeradius

[https://help.ubuntu.com/community/WifiDocs/CoovaChilli?highlight=%28ManufacturerModel%29]

The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users. We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).

Add username an password to our user "file". edit "John Doe"

nano -w /etc/freeradius/users

NOTE: you have to work as root to see this file

uncomment

"John Doe"     Auth-Type := Local, User-Password == "hello"

               Reply-Message = "Hello, %u"

At this point you need to reboot your ubuntu box

reboot

Check FreeRadius config files.

sudo /etc/init.d/freeradius stop

sudo freeradius -XXX

If all goes well the last line should display

Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.

Ctrl+C to exit.

NOTE: If you get error “Error binding to port for 0.0.0.0 port 1812”, it means freeradius is already running. Stop it by doing the following:

# ps –A | grep freeradius

To get process ID of freeradius

#kill -9 freeradius-PID

Start FreeRadius again

sudo /etc/init.d/freeradius start

Test password authorization to "file"

sudo radtest "John Doe" hello 127.0.0.1 0 testing123

If all goes well you should get a reply

Sending Access-Request of id 136 to 127.0.0.1 port 1812

        User-Name = "John Doe"

        User-Password = "hello"

        NAS-IP-Address = 255.255.255.255

        NAS-Port = 0

rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37

        Reply-Message = "Hello, John Doe"

change authorization to sql

in

/etc/freeradius/radiusd.conf

on line 683 include the sql module: uncomment the line "$INCLUDE sql.conf" and " $INCLUDE sql/mysql/counter.conf" in "modules { ... }"

Then further around line 710 in the instantiate section make sure you have,

chillispot_max_bytes

noresetcounter

which are our counters which we define in the next section. Then in /etc/freeradius/sites-available/default, in the authorize section after it has the "Look in an SQL database..." it has an "sql" entry that may be commented out so uncomment it and add the new counters so that it is now,

sql

chillispot_max_bytes

noresetcounter

If the above tests worked we can now change authorization from "file" to "sql" in:

/etc/freeradius/sites-available/default

comment "files" (line 152) and uncomment sql on line 159 also uncomment sql on line 428 under the "session {... }" section and also in the accounting section on line 383

That should be it. Now update the counter.conf in the next section.

FreeRadius SQL counter.conf

To match the radcheck and radgroupchecks we use then you also need to add two matching counter.conf checks as follows. Edit the /etc/radddb/sql/mysql/counter.conf file (unless the counter is already defined in that), add the following at the end,

sqlcounter noresetcounter {

counter-name = Session-Timeout

check-name = Session-Timeout

reply-name = Session-Timeout

sqlmod-inst = sql

key = User-Name

reset = never

query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"

}

sqlcounter chillispot_max_bytes {

counter-name = ChilliSpot-Max-Total-Octets

check-name = ChilliSpot-Max-Total-Octets

reply-name = ChilliSpot-Max-Total-Octets

sqlmod-inst = sql

key = User-Name

reset = never

query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{%k}'"

}

   

Daloradius Web Interface Pre-requisites

   36  apt-get install php-pear php5-gd php-db

Test apache configuration

   54  apachectl configtest

Restart apache

   57  apachectl restart

Install php pear

   91  wget pear.php.net/go-pear.phar

   92  php go-pear.phar

   93  pear install DB

Install Coova-Chilli

  103  wget http://coova-chilli.s3.amazonaws.com/coova-chilli-1.2.9.tar.gz

  104  apt-get install build-essential linux-headers-server libssl-dev

  105  tar zxvf coova-chilli-1.2.9.tar.gz

  106  ls

  107  cd coova-chilli-1.2.9/

  111  ./configure --prefix= --enable-miniportal --with-openssl

  112  make

  113  make install

  114  cd

  116  wget http://dfn.dl.sourceforge.net/project/haserl/haserl-devel/haserl-0.9.29.tar.gz

  118  tar zxvf haserl-0.9.29.tar.gz

  119  cd haserl-0.9.29/

  120  ls

  121  ./configure --prefix=

  122  make

  123  make install

Create chilli user

     Useradd chilli

Set freeradius and Chilli to start at boot time

  124  update-rc.d freeradius defaults

  125  update-rc.d chilli defaults

Also there is a problem at rebooting time. The workaround is to put the following in

  127  nano /etc/rc.local

/etc/init.d/freeradius restart

/etc/init.d/chilli restart

exit 0

  128  cp /etc/chilli/defaults /etc/chilli/config

  133  reboot

Check Chilli and freeradius status

  138  ps -A | grep freeradius

  140  ps -A | grep chilli

IPtables

The creators of CoovaChilli have predefined rules for iptables, but their script needs a little help before it works. CoovaChilli's iptables config is done in the /etc/chilli/up.sh script which runs after the tun interface is up, so that the exact tun interface is known.

/etc/chilli/up.sh calls /etc/chilli/ipup.sh, if it exists. By default, it does not. If you need to run your own commands after the main iptables configuration is done, create /etc/chilli/ipup.sh and populate it however you like, being sure to make it executable (chmod +x /etc/chilli/ipup.sh) when done.

create

/etc/chilli/ipup.sh

with the following content:

# force-add the final rule necessary to fix routing tables

iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

  142  nano /etc/chilli/ipup.sh

  143  chmod +x /etc/chilli/ipup.sh

Daloradius Database connection settings

  151  nano /var/www/daloradius/library/daloradius.conf.php

• $configValues['CONFIG_DB_ENGINE'] = 'mysql';

• $configValues['CONFIG_DB_HOST'] = 'localhost';

• $configValues['CONFIG_DB_USER'] = 'raddbuser';

• $configValues['CONFIG_DB_PASS'] = 'raddbpass';

• $configValues['CONFIG_DB_NAME'] = 'radiusdb';

Touch daloradius log file.

• touch /var/log/daloradius.log

daloRADIUS 0.9-9 – QUCIK START

Create Profiles – Time Based Profile

Go to Management tab > Select Profiles > Create New Profiles >Add Profile Attributes

Type Profile Name, e.g. 60Mins

Add attributes

Check Attributes

Simultaneous-Use = 1

Max-All-Session = 3600

[this is in seconds, for 60mins = 3600seconds]

Session-Timeout = 3600

Reply Attributes

Session-Timeout = 3600

Idle-Timeout = 60

Acct-Interim-Interval = 120

Billing Plans – Time Based

Go to Billing Tab> Select Plans > New Plan

1. Enter Plan Information details from Plan Name to Plan Active

2. Enter Time Settings details

3. Select Profile from the drop-down

Add Hotspot

Go to Management Tab > Hotspots > Click New Hotspot

Enter Hotspot Name and MAC Address of interface connected to clients, Click Apply

Add NAS

Go to Management > Nas > Click New NAS

Enter NAS Info, IP, NAS secret (e.g. testing123), NAS type, Other and NAS shortname. Set NAS Ports to 3997, Click Apply

Create Pre-paid Vouchers – Batch Users – Walk-In

Go to Management > Batch Users > Click Batch Add Users

Enter Account Info, Batch Id/Name, e.g. 60Mins_12_11_12, a Batch Description, Select Hotspot.

I use Create Random Users, with default username/password length of 8, and set number of instances to create (number of vouchers).

Select Group, e.g. 60Mins for 1 hour vouchers, Group Priority 0 or 1 is fine and then the Plan name for 1 hour. Click Apply

You can print the vouchers/tickets.

Create Member User Accounts

Go to Management > Users > Click New User

Enter Account Info, username, password and select Group. You can also enter User Info First/Last names, email, etc. Click Apply

Testing Login

Using a client connected to the same interface as the eth1, open a web browser. You should get an IP in this range 10.1.0.X. Go to www.google.com. You will be redirected to the Coova login page. Login in to the Hotspot using either a Batch User or a Member User