100% Works Ubuntu 12.04 LTS + Freeradius +
Coova-Chill + daloRADIUS
Pre-requisites
-Ubuntu
12.04 LTS
-2 NICs eth0
connected to Internet on either static or dhcp, eth1 connect to clients with no
IP address
Install
Ubuntu 12.04 LTS Server
- Install
LAMP, SSH Server, BIND
Update
packages cache
3 sudo apt-get update
Install freeradius
12 sudo apt-get install freeradius freeradius-mysql apache2 php5
libapache2-mod-php5 mysql-server mysql-client php5-mysql
Setup FQDN
13 nano /etc/apache2/httpd.conf
e.g.
servername ppPortal.local
Daloradius
Download
daloradius-0.9-9 from http://sourceforge.net/projects/daloradius/
17 tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/
18 sudo tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/
21 cd /var/www/
23 sudo mv daloradius-0.9-9 daloradius
26 cd daloradius/contrib/db/
Create RADIUSDB database
32 mysql -u root -p
mysql>
create database radiusdb;
mysql>quit
35 mysql -u root -p radiusdb <
fr2-mysql-daloradius-and-freeradius.sql
36 mysql -u root -p
mysql>CREATE
USER 'raddbuser'@'localhost';
mysql>SET
PASSWORD FOR 'raddbuser'@'localhost' = PASSWORD('raddbpass');
mysql>GRANT
ALL ON radiusdb.* to 'raddbuser'@'localhost';
mysql>
quit
Test Freeradius
[https://help.ubuntu.com/community/WifiDocs/CoovaChilli?highlight=%28ManufacturerModel%29]
The default
FreeRadius setup authorize's usernames and passwords from a "file"
found in /etc/freeradius/users. We should test the default FreeRadius setup
before we change the authorization link from "file" to
"sql" (mysql).
Add username
an password to our user "file". edit "John Doe"
nano -w
/etc/freeradius/users
NOTE: you
have to work as root to see this file
uncomment
"John
Doe" Auth-Type := Local, User-Password ==
"hello"
Reply-Message = "Hello, %u"
At this
point you need to reboot your ubuntu box
reboot
Check
FreeRadius config files.
sudo
/etc/init.d/freeradius stop
sudo
freeradius -XXX
If all goes
well the last line should display
Mon Jun 29
15:24:34 2009 : Debug: Ready to process requests.
Ctrl+C to
exit.
NOTE: If you
get error “Error binding to port for 0.0.0.0 port 1812”, it means freeradius is
already running. Stop it by doing the following:
# ps –A |
grep freeradius
To get
process ID of freeradius
#kill -9
freeradius-PID
Start
FreeRadius again
sudo
/etc/init.d/freeradius start
Test
password authorization to "file"
sudo radtest
"John Doe" hello 127.0.0.1 0 testing123
If all goes
well you should get a reply
Sending
Access-Request of id 136 to 127.0.0.1 port 1812
User-Name = "John Doe"
User-Password = "hello"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv:
Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
Reply-Message = "Hello, John Doe"
change
authorization to sql
in
/etc/freeradius/radiusd.conf
on line 683
include the sql module: uncomment the line "$INCLUDE sql.conf" and
" $INCLUDE sql/mysql/counter.conf" in "modules { ... }"
Then further
around line 710 in the instantiate section make sure you have,
chillispot_max_bytes
noresetcounter
which are
our counters which we define in the next section. Then in
/etc/freeradius/sites-available/default, in the authorize section after it has
the "Look in an SQL database..." it has an "sql" entry that
may be commented out so uncomment it and add the new counters so that it is
now,
sql
chillispot_max_bytes
noresetcounter
If the above
tests worked we can now change authorization from "file" to
"sql" in:
/etc/freeradius/sites-available/default
comment
"files" (line 152) and uncomment sql on line 159 also uncomment sql
on line 428 under the "session {... }" section and also in the
accounting section on line 383
That should
be it. Now update the counter.conf in the next section.
FreeRadius SQL counter.conf
To match the
radcheck and radgroupchecks we use then you also need to add two matching
counter.conf checks as follows. Edit the /etc/radddb/sql/mysql/counter.conf
file (unless the counter is already defined in that), add the following at the
end,
sqlcounter
noresetcounter {
counter-name
= Session-Timeout
check-name =
Session-Timeout
reply-name =
Session-Timeout
sqlmod-inst
= sql
key =
User-Name
reset =
never
query =
"SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"
}
sqlcounter
chillispot_max_bytes {
counter-name
= ChilliSpot-Max-Total-Octets
check-name =
ChilliSpot-Max-Total-Octets
reply-name =
ChilliSpot-Max-Total-Octets
sqlmod-inst
= sql
key =
User-Name
reset =
never
query =
"SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE
UserName='%{%k}'"
}
Daloradius Web Interface Pre-requisites
36 apt-get install php-pear php5-gd php-db
Test apache configuration
54 apachectl configtest
Restart
apache
57 apachectl restart
Install php
pear
91 wget pear.php.net/go-pear.phar
92 php go-pear.phar
93 pear install DB
Install Coova-Chilli
104 apt-get install build-essential linux-headers-server libssl-dev
105 tar zxvf coova-chilli-1.2.9.tar.gz
106 ls
107 cd coova-chilli-1.2.9/
111 ./configure --prefix= --enable-miniportal --with-openssl
112 make
113 make install
114 cd
116 wget
http://dfn.dl.sourceforge.net/project/haserl/haserl-devel/haserl-0.9.29.tar.gz
118 tar zxvf haserl-0.9.29.tar.gz
119 cd haserl-0.9.29/
120 ls
121 ./configure --prefix=
122 make
123 make install
Create chilli user
Useradd chilli
Set
freeradius and Chilli to start at boot time
124 update-rc.d freeradius defaults
125 update-rc.d chilli defaults
Also there
is a problem at rebooting time. The workaround is to put the following in
127 nano /etc/rc.local
/etc/init.d/freeradius
restart
/etc/init.d/chilli
restart
exit 0
128 cp /etc/chilli/defaults /etc/chilli/config
133 reboot
Check Chilli
and freeradius status
138 ps -A | grep freeradius
140 ps -A | grep chilli
IPtables
The creators
of CoovaChilli have predefined rules for iptables, but their script needs a
little help before it works. CoovaChilli's iptables config is done in the
/etc/chilli/up.sh script which runs after the tun interface is up, so that the
exact tun interface is known.
/etc/chilli/up.sh
calls /etc/chilli/ipup.sh, if it exists. By default, it does not. If you need
to run your own commands after the main iptables configuration is done, create
/etc/chilli/ipup.sh and populate it however you like, being sure to make it
executable (chmod +x /etc/chilli/ipup.sh) when done.
create
/etc/chilli/ipup.sh
with the
following content:
# force-add
the final rule necessary to fix routing tables
iptables -I
POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
142 nano /etc/chilli/ipup.sh
143 chmod +x /etc/chilli/ipup.sh
Daloradius Database connection settings
151 nano /var/www/daloradius/library/daloradius.conf.php
•
$configValues['CONFIG_DB_ENGINE'] = 'mysql';
•
$configValues['CONFIG_DB_HOST'] = 'localhost';
•
$configValues['CONFIG_DB_USER'] = 'raddbuser';
•
$configValues['CONFIG_DB_PASS'] = 'raddbpass';
•
$configValues['CONFIG_DB_NAME'] = 'radiusdb';
Touch
daloradius log file.
• touch
/var/log/daloradius.log
daloRADIUS 0.9-9 – QUCIK START
Create Profiles – Time Based Profile
Go to Management tab
> Select Profiles > Create New Profiles >Add Profile Attributes
Type Profile Name,
e.g. 60Mins
Add attributes
Check Attributes
Simultaneous-Use = 1
Max-All-Session =
3600
[this is in seconds,
for 60mins = 3600seconds]
Session-Timeout =
3600
Reply Attributes
Session-Timeout =
3600
Idle-Timeout = 60
Acct-Interim-Interval
= 120
Billing Plans – Time Based
Go to Billing Tab>
Select Plans > New Plan
1. Enter Plan
Information details from Plan Name to Plan Active
2. Enter Time
Settings details
3. Select Profile
from the drop-down
Add Hotspot
Go to Management Tab
> Hotspots > Click New Hotspot
Enter Hotspot Name
and MAC Address of interface connected to clients, Click Apply
Add NAS
Go to Management >
Nas > Click New NAS
Enter NAS Info, IP, NAS
secret (e.g. testing123), NAS type, Other and NAS shortname. Set NAS Ports to
3997, Click Apply
Create Pre-paid Vouchers – Batch Users – Walk-In
Go to Management >
Batch Users > Click Batch Add Users
Enter Account Info,
Batch Id/Name, e.g. 60Mins_12_11_12, a Batch Description, Select Hotspot.
I use Create Random
Users, with default username/password length of 8, and set number of instances
to create (number of vouchers).
Select Group, e.g.
60Mins for 1 hour vouchers, Group Priority 0 or 1 is fine and then the Plan
name for 1 hour. Click Apply
You can print the
vouchers/tickets.
Create Member User Accounts
Go to Management >
Users > Click New User
Enter Account Info,
username, password and select Group. You can also enter User Info First/Last
names, email, etc. Click Apply
Testing Login
Using a client
connected to the same interface as the eth1, open a web browser. You should get
an IP in this range 10.1.0.X. Go to www.google.com.
You will be redirected to the Coova login page. Login in to the Hotspot using
either a Batch User or a Member User
