ubuntu 13.04 - coovachilli and daloradius captive portal

configure your public network interface(use 2 nic and do not configure eth1 or private nic):
edit /etc/network/interfaces:
	sudo nano /etc/network/interfaces

	# public network interface
	auto eth0
	iface eth0 inet dhcp

Install freeradius:
	sudo apt-get install freeradius freeradius-mysql

download daloradius:
	cd /var/www/
	sudo wget http://sourceforge.net/projects/daloradius/files/latest/download
	sudo tar zxvf daloradius-0.9-9.tar.gz
	sudo mv /var/www/daloradius-0.9-9 /var/www/daloradius
	cd /var/www/daloradius/contrib/db

create radiusdb database:
	mysql -u root -p
	create database radiusdb;
	quit

	mysql -u root -p radiusdb < fr2-mysql-daloradius-and-freeradius.sql

	mysql -u root -p
	CREATE USER 'raddbuser'@'localhost';
	SET PASSWORD FOR 'raddbuser'@'localhost' = PASSWORD('raddbpass');
	GRANT ALL ON radiusdb.* to 'raddbuser'@'localhost';
	quit

test freeradius:
The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users.
We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).

edit /etc/freeradius/users:
	sudo nano /etc/freeradius/users

	uncomment:
	"John Doe" Auth-Type := Local, User-Password == "hello"
	Reply-Message = "Hello, %u"

reboot ubuntu:
	sudo reboot

Check FreeRadius config files:
	sudo service freeradius stop
	sudo freeradius -XXX

	If all goes well the last line should display:
	Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.

	Ctrl+C to exit.

	NOTE: If you get error “Error binding to port for 0.0.0.0 port 1812”, it means freeradius is already running.
	Stop it by doing the following:
		sudo ps –A | grep freeradius
		sudo kill -9 freeradius-PID

Start FreeRadius again:
	sudo service freeradius start

Test password authorization to "file"
	sudo radtest "John Doe" hello 127.0.0.1 0 testing123

	If all goes well you should get a reply:

	Sending Access-Request of id 136 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 255.255.255.255
	NAS-Port = 0
	rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
	Reply-Message = "Hello, John Doe"

Change authorization to sql:
edit /etc/freeradius/radiusd.conf:
	sudo nano -c /etc/freeradius/radiusd.conf

	uncomment items around line 700 and line 712:

	modules{
	$INCLUDE sql.conf
	$INCLUDE sql/mysql/counter.conf
	}

	make sure that the following are present around line 765:

	instantiate{
	chillispot_max_bytes
	noresetcounter
	}

edit /etc/freeradius/sites-available/default:
	sudo nano -c /etc/freeradius/sites-available/default

	make sure that the item are the same:
	comment "file" line item around line 170 and uncomment "sql" line item around 179 and the two line items if not present:

	authorize{
	#file
	sql
	chillispot_max_bytes
	noresetcounter
	}

	uncomment "sql" line item around line 407:

	accounting{
	sql
	}

	uncomment "sql" line item around line 455:

	session{
	sql
	}


Edit the /etc/freeradius/sql/mysql/counter.conf:
To match the radcheck and radgroupchecks we use then you also need to add two matching counter.conf checks as follows:
add at the end if not present:

sqlcounter noresetcounter {
counter-name = Session-Timeout
check-name = Session-Timeout
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"
}

sqlcounter chillispot_max_bytes {
counter-name = ChilliSpot-Max-Total-Octets
check-name = ChilliSpot-Max-Total-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{%k}'"
}


edit the /etc/freeradius/sql.conf:
	sudo nano -c /etc/freeradius/sql.conf

change values it accordingly :

	server = "localhost"
	login = "raddbuser"
	password = "raddbpass"
	radius_db = "radiusdb"

install Daloradius Web Interface Pre-requisites:
	sudo apt-get install php-pear php5-gd php-db

Test apache configuration:
	sudo apachectl configtest

Restart apache:
	apachectl restart

download coova-chilli:
	sudo wget http://coova-chilli.s3.amazonaws.com/coova-chilli-1.2.9.tar.gz

install pre-requisites:
	sudo apt-get install build-essential linux-headers-server libssl-dev

extract coova-chilli:
	sudo tar zxvf coova-chilli-1.2.9.tar.gz

go to coova-chilli folder:
	cd coova-chilli-1.2.9/

Install Coova-Chilli:
	sudo ./configure --prefix= --enable-miniportal --with-openssl
	sudo make
	sudo make install

return home folder:
	cd

download and install haserl:
	sudo wget http://dfn.dl.sourceforge.net/project/haserl/haserl-devel/haserl-0.9.29.tar.gz
	sudo tar zxvf haserl-0.9.29.tar.gz
	cd haserl-0.9.29/
	sudo  ./configure --prefix=
	sudo make
	sudo make install

create chilli user:
	sudo useradd chilli

Set freeradius and Chilli to start at boot time:
	sudo update-rc.d freeradius defaults
	sudo update-rc.d chilli defaults

to fix the rebooting time problem and to connect clients to internet:
	sudo nano -c /etc/rc.local

	add the following before exit 0:
	/etc/init.d/freeradius restart
	/etc/init.d/chilli restart

	/sbin/iptables -P FORWARD ACCEPT
	/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE

enable ip forwarding:
edit /etc/sysctl.conf:
	sudo nano /etc/sysctl.conf

	uncomment:
	net.ipv4.ip_forward=1

copy chilli default file to config file:
	sudo cp /etc/chilli/defaults /etc/chilli/config

restart ubuntu:
	sudo reboot

Daloradius Database connection settings:
	sudo nano -c /var/www/daloradius/library/daloradius.conf.php

change values below:

	$configValues['CONFIG_DB_ENGINE'] = 'mysql';
	$configValues['CONFIG_DB_HOST'] = 'localhost';
	$configValues['CONFIG_DB_USER'] = 'raddbuser';
	$configValues['CONFIG_DB_PASS'] = 'raddbpass';
	$configValues['CONFIG_DB_NAME'] = 'radiusdb';

create daloradius log file:
	sudo touch /var/log/daloradius.log

to access daloradius web management console:

	http://<ubuntu server's ip>/daloradius/login.php
	username: administrator
	password: radius

Create Profiles – Time Based Profile
Go to Management tab > Select Profiles > Create New Profiles >Add Profile Attributes
Type Profile Name, e.g. 60Mins

Add attributes
Check Attributes
Simultaneous-Use = 1
Max-All-Session = 3600
[this is in seconds, for 60mins = 3600seconds]
Session-Timeout = 3600
Reply Attributes
Session-Timeout = 3600
Idle-Timeout = 60
Acct-Interim-Interval = 120


Billing Plans – Time Based
Go to Billing Tab> Select Plans > New Plan
1. Enter Plan Information details from Plan Name to Plan Active
2. Enter Time Settings details
3. Select Profile from the drop-down


Add Hotspot
Go to Management Tab > Hotspots > Click New Hotspot
Enter Hotspot Name and MAC Address of interface connected to clients, Click Apply


Add NAS
Go to Management > Nas > Click New NAS
Enter NAS Info, IP, NAS secret (e.g. testing123), NAS type, Other and NAS shortname. Set NAS Ports to 3997, Click Apply

Create Pre-paid Vouchers – Batch Users – Walk-In
Go to Management > Batch Users > Click Batch Add Users
Enter Account Info, Batch Id/Name, e.g. 60Mins_12_11_12, a Batch Description, Select Hotspot.
I use Create Random Users, with default username/password length of 8, and set number of instances to create (number of vouchers).
Select Group, e.g. 60Mins for 1 hour vouchers, Group Priority 0 or 1 is fine and then the Plan name for 1 hour. Click Apply
You can print the vouchers/tickets.

Create Member User Accounts
Go to Management > Users > Click New User
Enter Account Info, username, password and select Group. You can also enter User Info First/Last names, email, etc. Click Apply

Testing Login
Using a client connected to the same interface as the eth1, open a web browser. You should get an IP in this range 10.1.0.X.
Go to www.google.com. You will be redirected to the Coova login page.
Login in to the Hotspot using either a Batch User or a Member User