100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS

[laughmo]

100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS

Pre-requisites
-Ubuntu 12.04 LTS
-2 NICs eth0 connected to Internet on either static or dhcp, eth1 connect to clients with no IP address

Install Ubuntu 12.04 LTS Server
- Install LAMP, SSH Server, BIND

Update packages cache
3 sudo apt-get update

Install freeradius
12 sudo apt-get install freeradius freeradius-mysql apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql

Setup FQDN
13 nano /etc/apache2/httpd.conf
e.g.
servername ppPortal.local

Download daloradius-0.9-9
15 wget http://sourceforge.net/settings/mirr...s-0.9-9.tar.gz

17 tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/
18 sudo tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/
21 cd /var/www/
23 sudo mv daloradius-0.9-9 daloradius
26 cd daloradius/contrib/db/

Create RADIUSDB database
32 mysql -u root -p
mysql> create database radiusdb;
mysql>quit
35 mysql -u root -p radiusdb < fr2-mysql-daloradius-and-freeradius.sql
36 mysql -u root -p
mysql>CREATE USER 'raddbuser'@'localhost';
mysql>SET PASSWORD FOR 'raddbuser'@'localhost' = PASSWORD('raddbpass');
mysql>GRANT ALL ON radiusdb.* to 'raddbuser'@'localhost';
mysql> quit

Test Freeradius
[https://help.ubuntu.com/community/Wi...turerModel%29]

The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users. We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).

Add username an password to our user "file". edit "John Doe"

nano -w /etc/freeradius/users

NOTE: you have to work as root to see this file

uncomment

"John Doe" Auth-Type := Local, User-Password == "hello"
Reply-Message = "Hello, %u"

At this point you need to reboot your ubuntu box

reboot

Check FreeRadius config files.

sudo /etc/init.d/freeradius stop
sudo freeradius -XXX

If all goes well the last line should display

Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.
Ctrl+C to exit.

NOTE: If you get error “Error binding to port for 0.0.0.0 port 1812”, it means freeradius is already running. Stop it by doing the following:

# ps –A | grep freeradius

To get process ID of freeradius
#kill -9 freeradius-PID

Start FreeRadius again

sudo /etc/init.d/freeradius start

Test password authorization to "file"

sudo radtest "John Doe" hello 127.0.0.1 0 testing123

If all goes well you should get a reply

Sending Access-Request of id 136 to 127.0.0.1 port 1812
User-Name = "John Doe"
User-Password = "hello"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
Reply-Message = "Hello, John Doe"

change authorization to sql

in

/etc/freeradius/radiusd.conf

on line 683 include the sql module: uncomment the line "$INCLUDE sql.conf" and " $INCLUDE sql/mysql/counter.conf" in "modules { ... }"

If the above tests worked we can now change authorization from "file" to "sql" in:

/etc/freeradius/sites-available/default

comment "files" (line 152) and uncomment sql on line 159 also uncomment sql on line 428 under the "session {... }" section and also in the accounting section on line 383


Daloradius Web Interface Pre-requisites
36 apt-get install php-pear php5-gd php-db

# wget pear.php.net/go-pear.phar
# php go-pear.phar
# pear install DB

Test apache configuration
54 apachectl configtest

Restart apache
57 apachectl restart

Install php pear
91 wget pear.php.net/go-pear.phar
92 php go-pear.phar

Install Coova-Chilli
103 wget http://coova-chilli.s3.amazonaws.com...i-1.2.9.tar.gz
104 apt-get install build-essential linux-headers-server libssl-dev
105 tar zxvf coova-chilli-1.2.9.tar.gz
106 ls
107 cd coova-chilli-1.2.9/
111 ./configure --prefix= --enable-miniportal --with-openssl
112 make
113 make install
114 cd
116 wget http://dfn.dl.sourceforge.net/projec...-0.9.29.tar.gz
118 tar zxvf haserl-0.9.29.tar.gz
119 cd haserl-0.9.29/
120 ls
121 ./configure --prefix=
122 make
123 make install

Create chilli user
Useradd chilli
Set freeradius and Chilli to start at boot time
124 update-rc.d freeradius defaults
125 update-rc.d chilli defaults

Also there is a problem at rebooting time. The workaround is to put the following in

127 nano /etc/rc.local

/etc/init.d/freeradius restart
/etc/init.d/chilli restart
exit 0

128 cp /etc/chilli/defaults /etc/chilli/config
133 reboot

Check Chilli and freeradius status
138 ps -A | grep freeradius
140 ps -A | grep chilli

IPtables
The creators of CoovaChilli have predefined rules for iptables, but their script needs a little help before it works. CoovaChilli's iptables config is done in the /etc/chilli/up.sh script which runs after the tun interface is up, so that the exact tun interface is known.

/etc/chilli/up.sh calls /etc/chilli/ipup.sh, if it exists. By default, it does not. If you need to run your own commands after the main iptables configuration is done, create /etc/chilli/ipup.sh and populate it however you like, being sure to make it executable (chmod +x /etc/chilli/ipup.sh) when done.

create

/etc/chilli/ipup.sh

with the following content:

# force-add the final rule necessary to fix routing tables
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

142 nano /etc/chilli/ipup.sh
143 chmod +x /etc/chilli/ipup.sh

Daloradius Database connection settings
151 nano /var/www/daloradius/library/daloradius.conf.php

• $configValues['CONFIG_DB_ENGINE'] = 'mysql';
• $configValues['CONFIG_DB_HOST'] = 'localhost';
• $configValues['CONFIG_DB_USER'] = 'raddbuser';
• $configValues['CONFIG_DB_PASS'] = 'raddbpass';
• $configValues['CONFIG_DB_NAME'] = 'radiusdb';

Touch daloradius log file.
• touch /var/log/daloradius.log

daloRADIUS 0.9-9 – QUCIK START

Create Profiles – Time Based Profile
Go to Management tab > Select Profiles > Create New Profiles >Add Profile Attributes
Type Profile Name, e.g. 60Mins

Add attributes
Check Attributes
Simultaneous-Use = 1
Max-All-Session = 3600
[this is in seconds, for 60mins = 3600seconds]
Session-Timeout = 3600
Reply Attributes
Session-Timeout = 3600
Idle-Timeout = 60
Acct-Interim-Interval = 120

Billing Plans – Time Based
Go to Billing Tab> Select Plans > New Plan
1. Enter Plan Information details from Plan Name to Plan Active
2. Enter Time Settings details
3. Select Profile from the drop-down

Add Hotspot
Go to Management Tab > Hotspots > Click New Hotspot
Enter Hotspot Name and MAC Address of interface connected to clients, Click Apply

Add NAS
Go to Management > Nas > Click New NAS
Enter NAS Info, IP, NAS secret (e.g. testing123), NAS type, Other and NAS shortname. Set NAS Ports to 3997, Click Apply

Create Pre-paid Vouchers – Batch Users – Walk-In
Go to Management > Batch Users > Click Batch Add Users
Enter Account Info, Batch Id/Name, e.g. 60Mins_12_11_12, a Batch Description, Select Hotspot.
I use Create Random Users, with default username/password length of 8, and set number of instances to create (number of vouchers).
Select Group, e.g. 60Mins for 1 hour vouchers, Group Priority 0 or 1 is fine and then the Plan name for 1 hour. Click Apply
You can print the vouchers/tickets.

Create Member User Accounts
Go to Management > Users > Click New User
Enter Account Info, username, password and select Group. You can also enter User Info First/Last names, email, etc. Click Apply

Testing Login
Using a client connected to the same interface as the eth1, open a web browser. You should get an IP in this range 10.1.0.X. Go to www.google.com. You will be redirected to the Coova login page. Login in to the Hotspot using either a Batch User or a Member User