The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users. We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).
Add username an password to our user "file". edit "John Doe"
Sending Access-Request of id 136 to 127.0.0.1 port 1812 User-Name = "John Doe" User-Password = "hello" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37 Reply-Message = "Hello, John Doe"
change authorization to sql
in
/etc/freeradius/radiusd.conf
on line 683 include the sql module: uncomment the line "$INCLUDE sql.conf" and " $INCLUDE sql/mysql/counter.conf" in "modules { ... }"
If the above tests worked we can now change authorization from "file" to "sql" in:
/etc/freeradius/sites-available/default
comment "files" (line 152) and uncomment sql on line 159 also uncomment sql on line 428 under the "session {... }" section and also in the accounting section on line 383
Daloradius Web Interface Pre-requisites 36 apt-get install php-pear php5-gd php-db
# wget pear.php.net/go-pear.phar # php go-pear.phar # pear install DB
Install Coova-Chilli 103 wget http://coova-chilli.s3.amazonaws.com...i-1.2.9.tar.gz 104 apt-get install build-essential linux-headers-server libssl-dev 105 tar zxvf coova-chilli-1.2.9.tar.gz 106 ls 107 cd coova-chilli-1.2.9/ 111 ./configure --prefix= --enable-miniportal --with-openssl 112 make 113 make install 114 cd 116 wget http://dfn.dl.sourceforge.net/projec...-0.9.29.tar.gz 118 tar zxvf haserl-0.9.29.tar.gz 119 cd haserl-0.9.29/ 120 ls 121 ./configure --prefix= 122 make 123 make install
Create chilli user Useradd chilli Set freeradius and Chilli to start at boot time 124 update-rc.d freeradius defaults 125 update-rc.d chilli defaults
Also there is a problem at rebooting time. The workaround is to put the following in
Check Chilli and freeradius status 138 ps -A | grep freeradius 140 ps -A | grep chilli
IPtables The creators of CoovaChilli have predefined rules for iptables, but their script needs a little help before it works. CoovaChilli's iptables config is done in the /etc/chilli/up.sh script which runs after the tun interface is up, so that the exact tun interface is known.
/etc/chilli/up.sh calls /etc/chilli/ipup.sh, if it exists. By default, it does not. If you need to run your own commands after the main iptables configuration is done, create /etc/chilli/ipup.sh and populate it however you like, being sure to make it executable (chmod +x /etc/chilli/ipup.sh) when done.
create
/etc/chilli/ipup.sh
with the following content:
# force-add the final rule necessary to fix routing tables iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
Create Profiles – Time Based Profile Go to Management tab > Select Profiles > Create New Profiles >Add Profile Attributes Type Profile Name, e.g. 60Mins
Billing Plans – Time Based Go to Billing Tab> Select Plans > New Plan 1. Enter Plan Information details from Plan Name to Plan Active 2. Enter Time Settings details 3. Select Profile from the drop-down
Add Hotspot Go to Management Tab > Hotspots > Click New Hotspot Enter Hotspot Name and MAC Address of interface connected to clients, Click Apply
Add NAS Go to Management > Nas > Click New NAS Enter NAS Info, IP, NAS secret (e.g. testing123), NAS type, Other and NAS shortname. Set NAS Ports to 3997, Click Apply
Create Pre-paid Vouchers – Batch Users – Walk-In Go to Management > Batch Users > Click Batch Add Users Enter Account Info, Batch Id/Name, e.g. 60Mins_12_11_12, a Batch Description, Select Hotspot. I use Create Random Users, with default username/password length of 8, and set number of instances to create (number of vouchers). Select Group, e.g. 60Mins for 1 hour vouchers, Group Priority 0 or 1 is fine and then the Plan name for 1 hour. Click Apply You can print the vouchers/tickets.
Create Member User Accounts Go to Management > Users > Click New User Enter Account Info, username, password and select Group. You can also enter User Info First/Last names, email, etc. Click Apply
Testing Login Using a client connected to the same interface as the eth1, open a web browser. You should get an IP in this range 10.1.0.X. Go to www.google.com. You will be redirected to the Coova login page. Login in to the Hotspot using either a Batch User or a Member User
Last edited by laughmo; October 17th, 2012 at 12:38 PM.
Edit radius.conf file
To do this, edit /etc/freeradius/radiusd.conf and pretty much ignore everything except around about line 640 in the modules section uncomment or make sure that you have,
$INCLUDE sql.conf
and then further down make sure you have,
$INCLUDE sql/mysql/counter.conf
Then further around line 710 in the instantiate section make sure you have,
chillispot_max_bytes
noresetcounter
which are our counters which we define in the next section. Then in /etc/freeradius/sites-available/default, in the authorize section after it has the "Look in an SQL database..." it has an "sql" entry that may be commented out so uncomment it and add the new counters so that it is now,
sql
chillispot_max_bytes
noresetcounter
That should be it. Now update the counter.conf in the next section.
FreeRadius SQL counter.conf settings needed
To match the radcheck and radgroupchecks we use then you also need to add two matching counter.conf checks as follows. Edit the /etc/freeradius/sql/mysql/counter.conf file (unless the counter is already defined in that), add the following at the end,
sqlcounter noresetcounter {
counter-name = Session-Timeout
check-name = Session-Timeout
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"
}
Currently everything works except for the self registration page for new users http:/10.0.1.1:3990/www/register.chi which asks for new user details, I was up until yesterday getting a blank page but I resolved that by changing the config file in etc/chilli/ directory to "self". However my problem now is the register button doesn’t do anything when I click it???
I’ve spent 2 days trying figuring out why. I can login using chillispot test account and can create an account under daloradius. Do you happen to know how I can fix this problem and why the register.chi page doesn't do anything, its important I get this working so I can allow new users to access the internet.,
I followed the instruction but when I got to daloradius web page I get the eth1 ip is none. when I connected a device directly to eth1 the laptop got the ip 10.1.0.2 but no internet and wasn't redirected to the login page. Can someone help figure out what I did wrong? or why it is not working.
Here is my config.
eth0 connected to internet modem while the eth1 is connected currently for testing to the laptop but this will be connected to a wireless access point.
thanks a lot for this post. i followed the instructions and it works. i created some users and after trying to access the net, coovachilli redirected me to the login page. and the authentication really works.
im gonna to try this in a real network implementation at school.
100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS
Adv Reply
Re: 100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS
Bookmarks