Results 1 to 10 of 70

Thread: 100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS

Threaded View

  1. #1
    Join Date
    May 2011

    Smile 100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS

    100% Works Ubuntu 12.04 LTS + Freeradius + Coova-Chill + daloRADIUS

    -Ubuntu 12.04 LTS
    -2 NICs eth0 connected to Internet on either static or dhcp, eth1 connect to clients with no IP address

    Install Ubuntu 12.04 LTS Server
    - Install LAMP, SSH Server, BIND

    Update packages cache
    3 sudo apt-get update

    Install freeradius
    12 sudo apt-get install freeradius freeradius-mysql apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql

    Setup FQDN
    13 nano /etc/apache2/httpd.conf
    servername ppPortal.local

    Download daloradius-0.9-9
    15 wget

    17 tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/
    18 sudo tar zxvf daloradius-0.9-9-rc1.tar.gz -C /var/www/
    21 cd /var/www/
    23 sudo mv daloradius-0.9-9 daloradius
    26 cd daloradius/contrib/db/

    Create RADIUSDB database
    32 mysql -u root -p
    mysql> create database radiusdb;
    35 mysql -u root -p radiusdb < fr2-mysql-daloradius-and-freeradius.sql
    36 mysql -u root -p
    mysql>CREATE USER 'raddbuser'@'localhost';
    mysql>SET PASSWORD FOR 'raddbuser'@'localhost' = PASSWORD('raddbpass');
    mysql>GRANT ALL ON radiusdb.* to 'raddbuser'@'localhost';
    mysql> quit

    Test Freeradius

    The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users. We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).

    Add username an password to our user "file". edit "John Doe"

    nano -w /etc/freeradius/users

    NOTE: you have to work as root to see this file


    "John Doe" Auth-Type := Local, User-Password == "hello"
    Reply-Message = "Hello, %u"

    At this point you need to reboot your ubuntu box


    Check FreeRadius config files.

    sudo /etc/init.d/freeradius stop
    sudo freeradius -XXX

    If all goes well the last line should display

    Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.
    Ctrl+C to exit.

    NOTE: If you get error “Error binding to port for port 1812”, it means freeradius is already running. Stop it by doing the following:

    # ps –A | grep freeradius

    To get process ID of freeradius
    #kill -9 freeradius-PID

    Start FreeRadius again

    sudo /etc/init.d/freeradius start

    Test password authorization to "file"

    sudo radtest "John Doe" hello 0 testing123

    If all goes well you should get a reply

    Sending Access-Request of id 136 to port 1812
    User-Name = "John Doe"
    User-Password = "hello"
    NAS-IP-Address =
    NAS-Port = 0
    rad_recv: Access-Accept packet from host, id=136, length=37
    Reply-Message = "Hello, John Doe"

    Change authorization to sql
    change authorization to sql



    on line 683 include the sql module: uncomment the line "$INCLUDE sql.conf" and " $INCLUDE sql/mysql/counter.conf" in "modules { ... }"

    If the above tests worked we can now change authorization from "file" to "sql" in:


    comment "files" (line 152) and uncomment sql on line 159 also uncomment sql on line 428 under the "session {... }" section and also in the accounting section on line 383

    Edit radius.conf file

    Around line 710 in the instantiate section make sure you have,


    which are our counters which we define in the next section. Then in /etc/freeradius/sites-available/default, in the authorize section after it has the "Look in an SQL database..." it has an "sql" entry that may be commented out so uncomment it and add the new counters so that it is now,


    That should be it. Now update the counter.conf in the next section.

    FreeRadius SQL counter.conf settings needed
    To match the radcheck and radgroupchecks we use then you also need to add two matching counter.conf checks as follows. Edit the /etc/freeradius/sql/mysql/counter.conf file (unless the counter is already defined in that), add the following at the end,

    sqlcounter noresetcounter {
    counter-name = Session-Timeout
    check-name = Session-Timeout
    reply-name = Session-Timeout
    sqlmod-inst = sql
    key = User-Name
    reset = never
    query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"

    sqlcounter chillispot_max_bytes {
    counter-name = ChilliSpot-Max-Total-Octets
    check-name = ChilliSpot-Max-Total-Octets
    reply-name = ChilliSpot-Max-Total-Octets
    sqlmod-inst = sql
    key = User-Name
    reset = never
    query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{%k}'"

    Daloradius Web Interface Pre-requisites
    36 apt-get install php-pear php5-gd php-db

    # wget
    # php go-pear.phar
    # pear install DB

    Test apache configuration
    54 apachectl configtest

    Restart apache
    57 apachectl restart

    Install Coova-Chilli
    103 wget
    104 apt-get install build-essential linux-headers-server libssl-dev
    105 tar zxvf coova-chilli-1.2.9.tar.gz
    106 ls
    107 cd coova-chilli-1.2.9/
    111 ./configure --prefix= --enable-miniportal --with-openssl
    112 make
    113 make install
    114 cd
    116 wget
    118 tar zxvf haserl-0.9.29.tar.gz
    119 cd haserl-0.9.29/
    120 ls
    121 ./configure --prefix=
    122 make
    123 make install

    Create chilli user
    Useradd chilli
    Set freeradius and Chilli to start at boot time
    124 update-rc.d freeradius defaults
    125 update-rc.d chilli defaults

    Also there is a problem at rebooting time. The workaround is to put the following in

    127 nano /etc/rc.local

    /etc/init.d/freeradius restart
    /etc/init.d/chilli restart
    exit 0

    128 cp /etc/chilli/defaults /etc/chilli/config
    133 reboot

    Check Chilli and freeradius status
    138 ps -A | grep freeradius
    140 ps -A | grep chilli

    The creators of CoovaChilli have predefined rules for iptables, but their script needs a little help before it works. CoovaChilli's iptables config is done in the /etc/chilli/ script which runs after the tun interface is up, so that the exact tun interface is known.

    /etc/chilli/ calls /etc/chilli/, if it exists. By default, it does not. If you need to run your own commands after the main iptables configuration is done, create /etc/chilli/ and populate it however you like, being sure to make it executable (chmod +x /etc/chilli/ when done.



    with the following content:

    # force-add the final rule necessary to fix routing tables
    iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

    142 nano /etc/chilli/
    143 chmod +x /etc/chilli/

    Daloradius Database connection settings
    151 nano /var/www/daloradius/library/daloradius.conf.php

    • $configValues['CONFIG_DB_ENGINE'] = 'mysql';
    • $configValues['CONFIG_DB_HOST'] = 'localhost';
    • $configValues['CONFIG_DB_USER'] = 'raddbuser';
    • $configValues['CONFIG_DB_PASS'] = 'raddbpass';
    • $configValues['CONFIG_DB_NAME'] = 'radiusdb';

    Touch daloradius log file.
    • touch /var/log/daloradius.log

    daloRADIUS 0.9-9 – QUCIK START
    Fire up Firefox (or any other borowser) and go to the URL http://<localhost or the managemet system's ip>/daloradius.

    Default Log in with the administrator for management:

    username: administrator
    password: radius

    Create Profiles – Time Based Profile
    Go to Management tab > Select Profiles > Create New Profiles >Add Profile Attributes
    Type Profile Name, e.g. 60Mins

    Add attributes
    Check Attributes
    Simultaneous-Use = 1
    Max-All-Session = 3600
    [this is in seconds, for 60mins = 3600seconds]
    Session-Timeout = 3600
    Reply Attributes
    Session-Timeout = 3600
    Idle-Timeout = 60
    Acct-Interim-Interval = 120

    Billing Plans – Time Based
    Go to Billing Tab> Select Plans > New Plan
    1. Enter Plan Information details from Plan Name to Plan Active
    2. Enter Time Settings details
    3. Select Profile from the drop-down

    Add Hotspot
    Go to Management Tab > Hotspots > Click New Hotspot
    Enter Hotspot Name and MAC Address of interface connected to clients, Click Apply

    Add NAS
    Go to Management > Nas > Click New NAS
    Enter NAS Info, IP, NAS secret (e.g. testing123), NAS type, Other and NAS shortname. Set NAS Ports to 3997, Click Apply

    Create Pre-paid Vouchers – Batch Users – Walk-In
    Go to Management > Batch Users > Click Batch Add Users
    Enter Account Info, Batch Id/Name, e.g. 60Mins_12_11_12, a Batch Description, Select Hotspot.
    I use Create Random Users, with default username/password length of 8, and set number of instances to create (number of vouchers).
    Select Group, e.g. 60Mins for 1 hour vouchers, Group Priority 0 or 1 is fine and then the Plan name for 1 hour. Click Apply
    You can print the vouchers/tickets.

    Create Member User Accounts
    Go to Management > Users > Click New User
    Enter Account Info, username, password and select Group. You can also enter User Info First/Last names, email, etc. Click Apply

    Testing Login
    Using a client connected to the same interface as the eth1, open a web browser. You should get an IP in this range 10.1.0.X. Go to You will be redirected to the Coova login page. Login in to the Hotspot using either a Batch User or a Member User
    Last edited by laughmo; June 27th, 2013 at 04:19 PM.

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts