Hardware Requirements:
1. PC with at least 2 NICs ( I
used 3 NICs on mine)
i. eth0: Internet
ii. eth1: Hotspot LAN
iii. eth2: Admin (optional)
2. Access Point
Software Requirements:
1. ClearOS 5.2 Enterprise
(http://www.clearfoundation.com/Software/downloads)
2. FreeRadius2
3. Coova-Chilli
(http://www.clearcenter.com/media/dev/coova-chilli-1.2.5-1.i386.rpm)
4. Easyhotspot-web_only_0.2
(http://sourceforge.net/projects/easyhotspot/)
Install ClearOS
- Install ClearOS as a Gateway
i.e. choose Gateway mode on system mode
- Select software modules
- Graphical Console
- DHCP and Local DNS Servers
- Mail Server
- Web Server
- Database Server / MySQL
- Optional modules (Web Proxy,
Antimalware, Antispam, Bandwidth Manager, Intrusion Protection, Protocol
filter)
- Follow on-screen instructions to
complete installation and reboot the system. The system reboots into a GUI
screen. Login using root and password you set during installation and Complete
Installation wizard tasks
Firewall Settings
Go to Firewall by clicking the
Firewall link at the end of the installation wizard. Add firewall rules to
allow SSH and HTTP
IP Settings
Go to Network>IP Settings and
make sure eth0 is configured for Internet Access and eth1 is set on something
line Hot LAN or LAN and on DHCP. If you are using 3 NICs like I did, set eth2
with static/dhcp LAN IP address. Ensure the links are up.
Check Internet connectivity by
open a second terminal (CTRL+F2). Login and trying pinging a web address. This
verifies that Internet and DNS are working well. If successful, proceed to
install FreeRadius2 otherwise check your connections.
Install/Setup FreeRadius2
(http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap)
For ClearOS 5.2, run your updates.
For older versions, you must upgrade to 5.2 before you can use this module.
# yum update
Install the FreeRadius service by
running the following from command line:
# yum --enablerepo=base-plus
install app-freeradius
# service syswatch restart
In Webconfig, click on the RADIUS
server link under Network » Settings » RADIUS Server
To start the service, click Start.
To make the service start automatically on each reboot, click To Auto
You may assign a group to
authenticate through your RADIUS server. Select a group and click Update.
To allow a remote device to use
the RADIUS server, give the client remote device(s) a nickname without spaces.
Insert an IP address or CIDR. Select a password to be used by these client
devices (e.g. testing123 from HS_RADSECRET=testing123) and click Add.
NOTE: You can follow the complete
HOWTO
(http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap)
if you want to use LDAP authentication.
Configure FreeRadius2 to use SQL
Install freeRadius2-mysql
# yum install freeradius2-mysql
Edit radius.conf file
To do this, edit /etc/raddb/radiusd.conf
and pretty much ignore everything except around about line 640 in the modules
section uncomment or make sure that you have,
$INCLUDE sql.conf
and then further down make sure
you have,
$INCLUDE sql/mysql/counter.conf
Then further around line 710 in
the instantiate section make sure you have,
chillispot_max_bytes
noresetcounter
which are our counters which we
define in the next section. Then in /etc/raddb/sites-enabled/default, in the
authorise section after it has the "Look in an SQL database..." it
has an "sql" entry that may be commented out so uncomment it and add
the new counters so that it is now,
sql
chillispot_max_bytes
noresetcounter
and then later in /etc/raddb/sites-enabled/default
in the accounting section uncomment the sql about line 343,
sql
and then later in /etc/raddb/sites-enabled/default
in the session section uncomment the sql about line 370,
sql
and then finally in /etc/raddb/sites-enabled/default
in the post-auth section uncomment the sql about line 370,
sql
That should be it. Now update the
counter.conf in the next section.
FreeRadius SQL counter.conf
settings needed
To match the radcheck and radgroupchecks
we use then you also need to add two matching counter.conf checks as follows.
Edit the /etc/radddb/sql/mysql/counter.conf file (unless the counter is already
defined in that), add the following at the end,
sqlcounter noresetcounter {
counter-name = Session-Timeout
check-name = Session-Timeout
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT
SUM(Acctsessiontime) FROM radacct WHERE serName='%{%k}'"
}
sqlcounter chillispot_max_bytes {
counter-name = ChilliSpot-Max-Total-Octets
check-name =
ChilliSpot-Max-Total-Octets
reply-name =
ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT
SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE
UserName='%{%k}'"
}
IMPORTANT: Make sure you comment
out all occurrences ldap and files in /etc/raddb/sites-enabled/default
Setup easyhotspot database to be
used by FreeRadius
Go to Webconfig>Server>MySQL
and set MySQL to Auto start On Boot and start the Service. You will be required
to supply a password for MySQL (if you have not set one already)
On the terminal:
#mysql –u root –p
mysql> create database
easyhotspot_opensource;
mysql>CREATE USER
'easyhotspot'@'localhost';
mysql>SET PASSWORD FOR
'easyhotspot'@'localhost' = PASSWORD('easyhotspot');
mysql>GRANT ALL ON
easyhotspot_opensource.* to 'easyhotspot'@'localhost';
mysql> quit
Easyhotspot Database Setup
Download easyhotspot from here 2 http://sourceforge.net/projects/easyhotspot/
#tar xfv workingehs.tar
#cd easyhotspot
# mysql –u root –p
easyhotspot_opensource < easyhotspot_opensource_2011-08-22.sql
Setup Easyhotspot
Preparation
#yum install php php-mysql php-gd
php-pear php-db
# wget
http://pear.php.net/go-pear.phar
# php go-pear.phar
# pear install DB
Restart Apache1
#Service httpd restart
Copy the easyhotspot folder to
/opt
Create a soft link in
/var/www/html for easyhotspot/htdocs
# cd /var/www/html/
# ln –s /opt/easyhotspot/htdocs easyhotspot
Setup Raddb to Use Easyhotspot_Opensource Database
Edit /etc/raddb/sql.conf and set
the following:-
# vi /etc/raddb/sql.conf
# Connection info:
server = "localhost"
#port = 3306
login = " easyhotspot "
password = " easyhotspot "
# Database table configuration for
everything except Oracle
radius_db = " easyhotspot _opensource"
Install/Setup Captive Portal
(http://www.clearfoundation.com/docs/howtos/captive_portal)
Preparation
You will need the working RADIUS
server to get this going. Be sure to do the 'Additional setup' items at the
bottom so that PAP is working.
You will need to set up localhost
as an authorized client of the RADIUS server.
Create a user called coovachilli
with mail only and make a group called chilli.
Get the code.
wget
http://www.clearcenter.com/media/dev/coova-chilli-1.2.5-1.i386.rpm
wget
http://www.clearcenter.com/media/dev/haserl
cp haserl /usr/sbin/
chmod +x /usr/sbin/haserl
Install the code
rpm -Uvh
coova-chilli-1.2.5-1.i386.rpm
Configure Coovachilli
/etc/chilli/defaults
Set the following values:
HS_LANIF, change this value if it is wrong (ie. HS_LANIF=eth2).
HS_NETWORK, set this to the values
of your network (ie. HS_NETWORK=192.168.1.0).
HS_NETMASK, change this value if
it is wrong (ie. HS_NETMASK=255.255.255.128).
HS_UAMLISTEN, set this to the IP
of your server (ie. HS_UAMLISTEN=192.168.1.1).
HS_DNS1 and HS_DNS1, set these to
the IP address of your local DNS server, in this case your server (ie.
HS_DNS1=192.168.1.1 and HS_DNS2=192.168.1.1).
HS_RADSECRET, set this to the
secret password that you placed in the RADIUS configuration for the localhost
entry in Webconfig (ie. HS_RADSECRET=mysecretpassword).
HS_RAD_PROTO=mschapv2, set this so
the program knows to use the NT-Password infrastructure of LDAP described in
the PAP section of the FreeRADIUS 2 Howto. This value does NOT exist and you
must define it (set this to HS_RAD_PROTO=mschapv2).
HS_UAMDOMAINS, set all the domains
that you want for your 'walled garden. These sites will work even if users
don't authenticate via your captive portal:
HS_UAMDOMAINS=".clearcenter.com,.clearfoundation.com"
Start Coova Chilli
#service chilli start
Testing
Connect a client to network (or
Wireless Network). This is where eth1 on your clearOS server is connected.
-The client should receive an IP
address of say 10.1.0.x
If so, open a web browser on the
client. You should get a redirection to the coova login page.
No comments:
Post a Comment