100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS
Pre-requisites
-Ubuntu 12.04 LTS
-2 NICs eth0 connected to Internet on either static or dhcp, eth1 connect to clients with no IP address
Install Ubuntu 12.04 LTS Server
- Install LAMP, SSH Server, BIND
Update packages cache
3 sudo apt-get update
Install freeradius
12 sudo apt-get install freeradius freeradius-mysql apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql
Setup FQDN
13 nano /etc/apache2/httpd.conf
e.g.
servername ppPortal.local
Download daloradius-0.9-9
15 wget http://sourceforge.net/settings/mirr...s-0.9-9.tar.gz
17 tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/
18 sudo tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/
21 cd /var/www/
23 sudo mv daloradius-0.9-9 daloradius
26 cd daloradius/contrib/db/
Create RADIUSDB database
32 mysql -u root -p
mysql> create database radiusdb;
mysql>quit
35 mysql -u root -p radiusdb < fr2-mysql-daloradius-and-freeradius.sql
36 mysql -u root -p
mysql>CREATE USER 'raddbuser'@'localhost';
mysql>SET PASSWORD FOR 'raddbuser'@'localhost' = PASSWORD('raddbpass');
mysql>GRANT ALL ON radiusdb.* to 'raddbuser'@'localhost';
mysql> quit
Test Freeradius
[https://help.ubuntu.com/community/Wi...turerModel%29]
The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users. We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).
Add username an password to our user "file". edit "John Doe"
nano -w /etc/freeradius/users
NOTE: you have to work as root to see this file
uncomment
"John Doe" Auth-Type := Local, User-Password == "hello"
Reply-Message = "Hello, %u"
At this point you need to reboot your ubuntu box
reboot
Check FreeRadius config files.
sudo /etc/init.d/freeradius stop
sudo freeradius -XXX
If all goes well the last line should display
Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.
Ctrl+C to exit.
NOTE: If you get error “Error binding to port for 0.0.0.0 port 1812”, it means freeradius is already running. Stop it by doing the following:
# ps –A | grep freeradius
To get process ID of freeradius
#kill -9 freeradius-PID
Start FreeRadius again
sudo /etc/init.d/freeradius start
Test password authorization to "file"
sudo radtest "John Doe" hello 127.0.0.1 0 testing123
If all goes well you should get a reply
Sending Access-Request of id 136 to 127.0.0.1 port 1812
User-Name = "John Doe"
User-Password = "hello"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
Reply-Message = "Hello, John Doe"
Change authorization to sql
change authorization to sql
in
/etc/freeradius/radiusd.conf
on line 683 include the sql module: uncomment the line "$INCLUDE sql.conf" and " $INCLUDE sql/mysql/counter.conf" in "modules { ... }"
If the above tests worked we can now change authorization from "file" to "sql" in:
/etc/freeradius/sites-available/default
comment "files" (line 152) and uncomment sql on line 159 also uncomment sql on line 428 under the "session {... }" section and also in the accounting section on line 383
Counters
Edit radius.conf file
Around line 710 in the instantiate section make sure you have,
chillispot_max_bytes
noresetcounter
which are our counters which we define in the next section. Then in /etc/freeradius/sites-available/default, in the authorize section after it has the "Look in an SQL database..." it has an "sql" entry that may be commented out so uncomment it and add the new counters so that it is now,
sql
chillispot_max_bytes
noresetcounter
That should be it. Now update the counter.conf in the next section.
FreeRadius SQL counter.conf settings needed
To match the radcheck and radgroupchecks we use then you also need to add two matching counter.conf checks as follows. Edit the /etc/freeradius/sql/mysql/counter.conf file (unless the counter is already defined in that), add the following at the end,
sqlcounter noresetcounter {
counter-name = Session-Timeout
check-name = Session-Timeout
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"
}
sqlcounter chillispot_max_bytes {
counter-name = ChilliSpot-Max-Total-Octets
check-name = ChilliSpot-Max-Total-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{%k}'"
}
Daloradius Web Interface Pre-requisites
36 apt-get install php-pear php5-gd php-db
# wget pear.php.net/go-pear.phar
# php go-pear.phar
# pear install DB
Test apache configuration
54 apachectl configtest
Restart apache
57 apachectl restart
Install Coova-Chilli
103 wget http://coova-chilli.s3.amazonaws.com...i-1.2.9.tar.gz
104 apt-get install build-essential linux-headers-server libssl-dev
105 tar zxvf coova-chilli-1.2.9.tar.gz
106 ls
107 cd coova-chilli-1.2.9/
111 ./configure --prefix= --enable-miniportal --with-openssl
112 make
113 make install
114 cd
116 wget http://dfn.dl.sourceforge.net/projec...-0.9.29.tar.gz
118 tar zxvf haserl-0.9.29.tar.gz
119 cd haserl-0.9.29/
120 ls
121 ./configure --prefix=
122 make
123 make install
Create chilli user
Useradd chilli
Set freeradius and Chilli to start at boot time
124 update-rc.d freeradius defaults
125 update-rc.d chilli defaults
Also there is a problem at rebooting time. The workaround is to put the following in
127 nano /etc/rc.local
/etc/init.d/freeradius restart
/etc/init.d/chilli restart
exit 0
128 cp /etc/chilli/defaults /etc/chilli/config
133 reboot
Check Chilli and freeradius status
138 ps -A | grep freeradius
140 ps -A | grep chilli
IPtables
The creators of CoovaChilli have predefined rules for iptables, but their script needs a little help before it works. CoovaChilli's iptables config is done in the /etc/chilli/up.sh script which runs after the tun interface is up, so that the exact tun interface is known.
/etc/chilli/up.sh calls /etc/chilli/ipup.sh, if it exists. By default, it does not. If you need to run your own commands after the main iptables configuration is done, create /etc/chilli/ipup.sh and populate it however you like, being sure to make it executable (chmod +x /etc/chilli/ipup.sh) when done.
create
/etc/chilli/ipup.sh
with the following content:
# force-add the final rule necessary to fix routing tables
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
142 nano /etc/chilli/ipup.sh
143 chmod +x /etc/chilli/ipup.sh
Daloradius Database connection settings
151 nano /var/www/daloradius/library/daloradius.conf.php
• $configValues['CONFIG_DB_ENGINE'] = 'mysql';
• $configValues['CONFIG_DB_HOST'] = 'localhost';
• $configValues['CONFIG_DB_USER'] = 'raddbuser';
• $configValues['CONFIG_DB_PASS'] = 'raddbpass';
• $configValues['CONFIG_DB_NAME'] = 'radiusdb';
Touch daloradius log file.
• touch /var/log/daloradius.log
daloRADIUS 0.9-9 – QUCIK START
Fire up Firefox (or any other borowser) and go to the URL http://<localhost or the managemet system's ip>/daloradius.
Default Log in with the administrator for management:
username: administrator
password: radius
Create Profiles – Time Based Profile
Go to Management tab > Select Profiles > Create New Profiles >Add Profile Attributes
Type Profile Name, e.g. 60Mins
Add attributes
Check Attributes
Simultaneous-Use = 1
Max-All-Session = 3600
[this is in seconds, for 60mins = 3600seconds]
Session-Timeout = 3600
Reply Attributes
Session-Timeout = 3600
Idle-Timeout = 60
Acct-Interim-Interval = 120
Billing Plans – Time Based
Go to Billing Tab> Select Plans > New Plan
1. Enter Plan Information details from Plan Name to Plan Active
2. Enter Time Settings details
3. Select Profile from the drop-down
Add Hotspot
Go to Management Tab > Hotspots > Click New Hotspot
Enter Hotspot Name and MAC Address of interface connected to clients, Click Apply
Add NAS
Go to Management > Nas > Click New NAS
Enter NAS Info, IP, NAS secret (e.g. testing123), NAS type, Other and NAS shortname. Set NAS Ports to 3997, Click Apply
Create Pre-paid Vouchers – Batch Users – Walk-In
Go to Management > Batch Users > Click Batch Add Users
Enter Account Info, Batch Id/Name, e.g. 60Mins_12_11_12, a Batch Description, Select Hotspot.
I use Create Random Users, with default username/password length of 8, and set number of instances to create (number of vouchers).
Select Group, e.g. 60Mins for 1 hour vouchers, Group Priority 0 or 1 is fine and then the Plan name for 1 hour. Click Apply
You can print the vouchers/tickets.
Create Member User Accounts
Go to Management > Users > Click New User
Enter Account Info, username, password and select Group. You can also enter User Info First/Last names, email, etc. Click Apply
Testing Login
Using a client connected to the same interface as the eth1, open a web browser. You should get an IP in this range 10.1.0.X. Go to www.google.com. You will be redirected to the Coova login page. Login in to the Hotspot using either a Batch User or a Member User
Bookmarks