Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- configure your public network interface(use 2 nic and do not configure eth1 or private nic):
- edit /etc/network/interfaces:
- sudo nano /etc/network/interfaces
- # public network interface
- auto eth0
- iface eth0 inet dhcp
- Install freeradius:
- sudo apt-get install freeradius freeradius-mysql
- download daloradius:
- cd /var/www/
- sudo wget http://sourceforge.net/projects/daloradius/files/latest/download
- sudo tar zxvf daloradius-0.9-9.tar.gz
- sudo mv /var/www/daloradius-0.9-9 /var/www/daloradius
- cd /var/www/daloradius/contrib/db
- create radiusdb database:
- mysql -u root -p
- create database radiusdb;
- quit
- mysql -u root -p radiusdb < fr2-mysql-daloradius-and-freeradius.sql
- mysql -u root -p
- CREATE USER 'raddbuser'@'localhost';
- SET PASSWORD FOR 'raddbuser'@'localhost' = PASSWORD('raddbpass');
- GRANT ALL ON radiusdb.* to 'raddbuser'@'localhost';
- quit
- test freeradius:
- The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users.
- We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).
- edit /etc/freeradius/users:
- sudo nano /etc/freeradius/users
- uncomment:
- "John Doe" Auth-Type := Local, User-Password == "hello"
- Reply-Message = "Hello, %u"
- reboot ubuntu:
- sudo reboot
- Check FreeRadius config files:
- sudo service freeradius stop
- sudo freeradius -XXX
- If all goes well the last line should display:
- Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.
- Ctrl+C to exit.
- NOTE: If you get error “Error binding to port for 0.0.0.0 port 1812”, it means freeradius is already running.
- Stop it by doing the following:
- sudo ps –A | grep freeradius
- sudo kill -9 freeradius-PID
- Start FreeRadius again:
- sudo service freeradius start
- Test password authorization to "file"
- sudo radtest "John Doe" hello 127.0.0.1 0 testing123
- If all goes well you should get a reply:
- Sending Access-Request of id 136 to 127.0.0.1 port 1812
- User-Name = "John Doe"
- User-Password = "hello"
- NAS-IP-Address = 255.255.255.255
- NAS-Port = 0
- rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
- Reply-Message = "Hello, John Doe"
- Change authorization to sql:
- edit /etc/freeradius/radiusd.conf:
- sudo nano -c /etc/freeradius/radiusd.conf
- uncomment items around line 700 and line 712:
- modules{
- $INCLUDE sql.conf
- $INCLUDE sql/mysql/counter.conf
- }
- make sure that the following are present around line 765:
- instantiate{
- chillispot_max_bytes
- noresetcounter
- }
- edit /etc/freeradius/sites-available/default:
- sudo nano -c /etc/freeradius/sites-available/default
- make sure that the item are the same:
- comment "file" line item around line 170 and uncomment "sql" line item around 179 and the two line items if not present:
- authorize{
- #file
- sql
- chillispot_max_bytes
- noresetcounter
- }
- uncomment "sql" line item around line 407:
- accounting{
- sql
- }
- uncomment "sql" line item around line 455:
- session{
- sql
- }
- Edit the /etc/freeradius/sql/mysql/counter.conf:
- To match the radcheck and radgroupchecks we use then you also need to add two matching counter.conf checks as follows:
- add at the end if not present:
- sqlcounter noresetcounter {
- counter-name = Session-Timeout
- check-name = Session-Timeout
- reply-name = Session-Timeout
- sqlmod-inst = sql
- key = User-Name
- reset = never
- query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"
- }
- sqlcounter chillispot_max_bytes {
- counter-name = ChilliSpot-Max-Total-Octets
- check-name = ChilliSpot-Max-Total-Octets
- reply-name = ChilliSpot-Max-Total-Octets
- sqlmod-inst = sql
- key = User-Name
- reset = never
- query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{%k}'"
- }
- edit the /etc/freeradius/sql.conf:
- sudo nano -c /etc/freeradius/sql.conf
- change values it accordingly :
- server = "localhost"
- login = "raddbuser"
- password = "raddbpass"
- radius_db = "radiusdb"
- install Daloradius Web Interface Pre-requisites:
- sudo apt-get install php-pear php5-gd php-db
- Test apache configuration:
- sudo apachectl configtest
- Restart apache:
- apachectl restart
- download coova-chilli:
- sudo wget http://coova-chilli.s3.amazonaws.com/coova-chilli-1.2.9.tar.gz
- install pre-requisites:
- sudo apt-get install build-essential linux-headers-server libssl-dev
- extract coova-chilli:
- sudo tar zxvf coova-chilli-1.2.9.tar.gz
- go to coova-chilli folder:
- cd coova-chilli-1.2.9/
- Install Coova-Chilli:
- sudo ./configure --prefix= --enable-miniportal --with-openssl
- sudo make
- sudo make install
- return home folder:
- cd
- download and install haserl:
- sudo wget http://dfn.dl.sourceforge.net/project/haserl/haserl-devel/haserl-0.9.29.tar.gz
- sudo tar zxvf haserl-0.9.29.tar.gz
- cd haserl-0.9.29/
- sudo ./configure --prefix=
- sudo make
- sudo make install
- create chilli user:
- sudo useradd chilli
- Set freeradius and Chilli to start at boot time:
- sudo update-rc.d freeradius defaults
- sudo update-rc.d chilli defaults
- to fix the rebooting time problem and to connect clients to internet:
- sudo nano -c /etc/rc.local
- add the following before exit 0:
- /etc/init.d/freeradius restart
- /etc/init.d/chilli restart
- /sbin/iptables -P FORWARD ACCEPT
- /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
- enable ip forwarding:
- edit /etc/sysctl.conf:
- sudo nano /etc/sysctl.conf
- uncomment:
- net.ipv4.ip_forward=1
- copy chilli default file to config file:
- sudo cp /etc/chilli/defaults /etc/chilli/config
- restart ubuntu:
- sudo reboot
- Daloradius Database connection settings:
- sudo nano -c /var/www/daloradius/library/daloradius.conf.php
- change values below:
- $configValues['CONFIG_DB_ENGINE'] = 'mysql';
- $configValues['CONFIG_DB_HOST'] = 'localhost';
- $configValues['CONFIG_DB_USER'] = 'raddbuser';
- $configValues['CONFIG_DB_PASS'] = 'raddbpass';
- $configValues['CONFIG_DB_NAME'] = 'radiusdb';
- create daloradius log file:
- sudo touch /var/log/daloradius.log
- to access daloradius web management console:
- http://<ubuntu server's ip>/daloradius/login.php
- username: administrator
- password: radius
- Create Profiles – Time Based Profile
- Go to Management tab > Select Profiles > Create New Profiles >Add Profile Attributes
- Type Profile Name, e.g. 60Mins
- Add attributes
- Check Attributes
- Simultaneous-Use = 1
- Max-All-Session = 3600
- [this is in seconds, for 60mins = 3600seconds]
- Session-Timeout = 3600
- Reply Attributes
- Session-Timeout = 3600
- Idle-Timeout = 60
- Acct-Interim-Interval = 120
- Billing Plans – Time Based
- Go to Billing Tab> Select Plans > New Plan
- 1. Enter Plan Information details from Plan Name to Plan Active
- 2. Enter Time Settings details
- 3. Select Profile from the drop-down
- Add Hotspot
- Go to Management Tab > Hotspots > Click New Hotspot
- Enter Hotspot Name and MAC Address of interface connected to clients, Click Apply
- Add NAS
- Go to Management > Nas > Click New NAS
- Enter NAS Info, IP, NAS secret (e.g. testing123), NAS type, Other and NAS shortname. Set NAS Ports to 3997, Click Apply
- Create Pre-paid Vouchers – Batch Users – Walk-In
- Go to Management > Batch Users > Click Batch Add Users
- Enter Account Info, Batch Id/Name, e.g. 60Mins_12_11_12, a Batch Description, Select Hotspot.
- I use Create Random Users, with default username/password length of 8, and set number of instances to create (number of vouchers).
- Select Group, e.g. 60Mins for 1 hour vouchers, Group Priority 0 or 1 is fine and then the Plan name for 1 hour. Click Apply
- You can print the vouchers/tickets.
- Create Member User Accounts
- Go to Management > Users > Click New User
- Enter Account Info, username, password and select Group. You can also enter User Info First/Last names, email, etc. Click Apply
- Testing Login
- Using a client connected to the same interface as the eth1, open a web browser. You should get an IP in this range 10.1.0.X.
- Go to www.google.com. You will be redirected to the Coova login page.
- Login in to the Hotspot using either a Batch User or a Member User
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement