Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
230 views7 pages

Set Test For

This document provides instructions for setting up a Wi-Fi hotspot on a Debian server using CoovaChilli, FreeRadius, MySQL, and daloRADIUS. It describes installing the necessary software, configuring FreeRadius and MySQL to work with CoovaChilli and daloRADIUS, and modifying configuration files to enable authentication with the hotspot. Key steps include enabling IP forwarding, installing CoovaChilli from source, configuring FreeRadius for SQL authentication, setting up the daloRADIUS administration interface, and modifying CoovaChilli configuration files.

Uploaded by

Sanjeev Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
230 views7 pages

Set Test For

This document provides instructions for setting up a Wi-Fi hotspot on a Debian server using CoovaChilli, FreeRadius, MySQL, and daloRADIUS. It describes installing the necessary software, configuring FreeRadius and MySQL to work with CoovaChilli and daloRADIUS, and modifying configuration files to enable authentication with the hotspot. Key steps include enabling IP forwarding, installing CoovaChilli from source, configuring FreeRadius for SQL authentication, setting up the daloRADIUS administration interface, and modifying CoovaChilli configuration files.

Uploaded by

Sanjeev Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Debian Wi-Fi hotspot using CoovaChilli, FreeRadius, MySQL and daloRADIUS

I decide to create hotspot from my server to allow other connect to Internet for free. I used "Captive portal" solution based on these applications:
CoovaChilli
FreeRadius
MySQL
daloRADIUS
When somebody wants to connect to Internet using my wifi, the first page he can see is the register/login page (whatever page he wants to visit).
After registration/login he is able to connect to Internet.chi

So let's see how I did it.

Let's have one server with two network interfaces - first (eth0) goes to Internet, the second one (eth1) is the wifi for "unknown" clients.


Install basic software:
aptitude install mysql-server phpmyadmin freeradius freeradius-utils freeradius-mysql apache2 php-pear php-db
a2enmod ssl
a2ensite default-ssl
service apache2 restart
cd /tmp && wget 'http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius-0.9-8/daloradius-0.9-
8.tar.gz'
tar xvzf daloradius-0.9-8.tar.gz
mv /tmp/daloradius-0.9-8 /var/www/daloradius
chown -R www-data:www-data /var/www/daloradius
cp -r /var/www/daloradius/contrib/chilli/portal2/* /var/www/
rm /var/www/index.html

Because my machine is 64 bit I need to build CoovaChilli package myself:
aptitude --assume-yes install dpkg-dev debhelper libssl-dev
cd /tmp
wget -c http://ap.coova.org/chilli/coova-chilli-1.2.2.tar.gz
tar xzf coova-chilli*.tar.gz
cd coova-chilli*
dpkg-buildpackage -rfakeroot

Install CoovaChilli:
cd ..
dpkg -i coova-chilli_*_amd64.deb

Configure FreeRadius

Change /etc/freeradius/clients.conf:
client 127.0.0.1 {
secret = mysecret
}

Change /etc/freeradius/sql.conf:
server = "localhost"
login = "root"
password = "xxxx"

Uncomment in /etc/freeradius/sites-available/default:
authorize {
sql
}

accounting {
sql
}

Uncomment in /etc/freeradius/radiusd.conf:
$INCLUDE sql.conf

Configure MySQL database for FreeRadius
mysql -u root --password=xxxx
mysql> CREATE DATABASE radius;
mysql> exit

mysql -u root --password=xxxx radius < /var/www/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql

daloRADIUS configuration

Modify this file /var/www/daloradius/library/daloradius.conf.php
$configValues['CONFIG_DB_PASS'] = 'xxxx';
$configValues['CONFIG_MAINT_TEST_USER_RADIUSSECRET'] = 'mysecret';
$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';

You also need to modify following configuration files to setup sign in web pages /var/www/signup-*/library/daloradius.conf.php:
$configValues['CONFIG_DB_PASS'] = 'xxxx';
$configValues['CONFIG_DB_NAME'] = 'radius';
$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';
$configValues['CONFIG_SIGNUP_SUCCESS_MSG_LOGIN_LINK'] = "Click <b>here</b>".
" to return to the Login page and start your surfing";

Chnage lines in /var/www/signup*/index.php to (changed 'User-Password' -> 'Cleartext-Password' and '==' -> ':='):
$sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADCHECK']." (id, Username, Attribute, op, Value) ".
" VALUES (0, '$username', 'Cleartext-Password', ':=', '$password')";

Another file need to be modified to communicate with CoovaChilli is /var/www/hotspotlogin/hotspotlogin.php.
$uamsecret = "uamsecret";

Now you should be able to reach daloRADIUS installation on http://127.0.0.1/daloradius/
username: administrator
password: radius

Routing

We should not forget to enable packet forwarding and setup NAT:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
sed --in-place=.old 's/^#\(net.ipv4.ip_forward=1\)/\1/' /etc/sysctl.conf
sysctl -p

CoovaChilli configuration

Let's start with /etc/chilli/defaults:
HS_NETWORK=192.168.10.0
HS_UAMLISTEN=192.168.10.1

HS_RADSECRET=mysecret
HS_UAMSECRET=uamsecret
HS_UAMFORMAT=https://\$HS_UAMLISTEN/hotspotlogin/hotspotlogin.php
HS_UAMHOMEPAGE=https://\$HS_UAMLISTEN

Then don't forget to enable CoovaChilli to start in /etc/default/chilli
START_CHILLI=1

Maybe you need to execute chilli and radius server with some debug options to see "errors" during client connection:
chilli --fg --debug
freeradius -X

Few links we created:
http://192.168.10.1/signup-free/ - sign up page (if you don't have username/password)
http://192.168.10.1:3990/prelogin - use for login to your portal
http://192.168.10.1/daloradius/ - daloradius admin page
http://192.168.10.1/phpmyadmin/ - phpmyadmin page (useful for sql database)

This how-to describe simple configuration of CoovaChilli so there are many things to configure. I didn't mentioned anything about security - so it's up to you to
tweak it yourself.

You can find additional info on this web page:

https://help.ubuntu.com/community/WifiDocs/CoovaChilli

Engoy... ;-)






Ubuntu Server + Freeradius 2.0.x + coovachilli + Daloradius

so first thing first i needs :
- Ubuntu 10.04 (Lucid Lynx)
- Lamp Server
- DNS Server
- OpenSSH Server
- Radisu Management web based (daloradius)

1. setting up the server machine

Ubuntu 10.04
I'm using ubuntu 10.04 and installed it on my vmware to test it.
first thing first i need to install debian-archive-keyring so my package i want to install can be authenticated easily, command : sudo apt-get install debian-
archive-keyring
and then invoke apt-get update
after that i enable internet forwarding so that another computer can send and receive packet from internet through my ubuntu. command : nano
/etc/sysctl.conf and find line with net.ipv4.ip_forward=1 then remove the #.

Lamp Server
To install lamp server using command : sudo apt-get install lamp-server^
when the download is finished, there is another gui asking about password for mysql.
then when the server is running there is another problem, although i can say that not a much problem, there will be notification like this : "apache2: Could not reliably
determine the server's fully qualified domain name, using 127.0.1.1 for ServerName"
nano /etc/apache2/apache2.conf and add this line in the bottom : ServerName 127.0.0.1 save, and then restart the
apache /etc/init.d/apache2 restart

DNS Server
im using bind9 package for the dns server :
sudo apt-get install bind9
and then configure the forwarders :
nano /etc/bind/named.conf.options
then uncomment and fill the ip address with one you use

forwarders {

8.8.8.8;

}; then restart service /etc/init.d/bind9 restart

openSSH server
to install openssh server package :
sudo apt-get install openssh-server
print server
samba file server
webmin

2. setting up freeradius

install using :
sudo apt-get install freeradius freeradius-mysql
then choose yes, and continue downloading and installing
then stop the radius
/etc/init.d/freeradius stop
then run in debugging mode
freeradius -X
and if there are no errors detected (Ready to process requests.) then ctrl+c to stop and continue the next step

the next step is create radius database into mysql and create user named radius:
mysql -u root -p (then insert your password)
then type the following :
CREATE DATABASE radius;

GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radpassword'; (where you can change
radpassword into anything you like for the user radius in mysql)

FLUSH PRIVILEGES;

quit

then insert the radius database into mysql :
mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
insert your password for user root
mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
insert your password for user root
the next step is configure radius to connect to mysql :
nano /etc/freeradius/sql.conf
look for this line then change it accordingly :
server = "localhost"
login = "radius"
password = "radiussecret"
and then on the same file configuration change
# readclient = yes
into
readclient = yes
nano /etc/freeradius/clients.conf
look for
secret = testing123 change it into secret = radpassword and then at the bottom line add this line
client 192.168.1.0/24 { //ip of server
secret=radpassword
}
next, i set up freeradius to use mysql for its database (backup it first)

cp /etc/freeradius/sites-available/default /etc/freeradius/sites-available/confignano /etc/freeradius/sites-
available/default
in authorize section, looks for
files add # so that it become like this
# files

looks for another line below
# sql , remove # so it become like this
sql

looks for another sql word on accounting section and session, if there is a (#) remove it
save dan exit
then make a user for testing the freeradius mysql -u root -p
then type your root password
mysql > use radius;
mysql > INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('guest', 'password', 'guest')
mysql > select * from radcheck where UserName='guest';
mysql > exit
next step is to activate sql module nano /etc/freeradius/radiusd.conf
remove comment from $INCLUDE sql.conf
add # pad file in /etc/hosts
#::1 localhost ip6-localhost ip6-loopback

3. Instalasi coova chili

download the package : wget http://coova-chilli.s3.amazonaws.com/coova-chilli_1.0.13-1_i386.deb
and then install it dpkg -i coova-chilli_1.0.13-1_i386.deb
copy default chilli configuration (for backup purpose) cp /etc/chilli/default /etc/chilli/config then create folder for hotspot web mkdir
/var/www/hotspot
cd /var/www/hotspot
cp /etc/chilli/www/* /var/www/hotspot
mkdir /var/www/hotspot/images
cp /var/www/hotspot/coova.jpg /var/www/hotspot/images/
and also make folder for uam mkdir /var/www/hotspot/uam
cd /var/www/hotspot/uam
wget http://ap.coova.org/uam/
wget http://ap.coova.org/js/chilli.js
change the configuration to use my ip address sed -i 's/ap.coova.org\/js\/chilli.js/192.168.0.1\/uam\/chilli.js/g'
/var/www/hotspot/uam/index.html edit chilli library to match my ip address sed -i 's/192.168.182.1/192.168.0.1/g'
/etc/chilli/www/ChilliLibrary.js
sed -i 's/192.168.182.1/192.168.0.1/g' /var/www/hotspot/ChilliLibrary.js configure chilli to start on boot nano
/etc/default/chilliSTART_CHILLI=1
CONFFILE="/etc/chilli.conf" edit chilli configuration file nano /etc/chilli/default change accordingly
HS_LANIF=eth0 # Subscriber Interface for client devices
HS_NETWORK=192.168.1.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=192.168.1.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot Port (on subscriber network)

HS_NASID=nas01
HS_UAMSECRET=uamsecret
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_RADSECRET=radpassword
HS_UAMALLOW=www.google.com,192.168.1.0/24

HS_UAMSERVER=192.168.1.1
HS_UAMFORMAT=https://\$HS_UAMSERVER/uam/index.php
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
HS_UAMSERVICE=https://192.168.1.1/cgi-bin/hotspotlogin.cgi
configure chilli firewall nano /etc/chilli/up.sh add this code at the bottom line # may not have been populated the first time; run again
[ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null
# force-add the final rule necessary to fix routing tables
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
thats the end of setting up coovachilli

4. SSL configuration

install ssl sudo apt-get install libapache2-mod-auth-mysql make ssl folder mkdir /etc/apache2/ssl install certificate apt-get install
ssl-cert view your hostname to make the certification hostname -f and then generate the certificate by using those hostname make-ssl-cert
/usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem editing your hostname nano /etc/hosts127.0.0.1 localhost
192.168.0.1 ## your hostname enable ssl module a2enmod ssl reload/restart your apache /etc/init.d/apache2 force-reload create Virtual
host for hotspot nano /etc/apache2/sites-available/hotspot then fill with this code (thx to zjapske for the code http://pastebin.com/HmqXvwfr)

NameVirtualHost 192.168.0.1:443
<VirtualHost 192.168.0.1:443>
ServerAdmin [email protected]
DocumentRoot "/var/www/hotspot"
ServerName "192.168.0.1"
<Directory "/var/www/hotspot/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>


Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"
<Directory "/usr/share/freeradius-dialupadmin/htdocs/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

<Directory "/var/www/hotspot/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/hotspot-error.log

LogLevel warn

CustomLog /var/log/apache2/hotspot-access.log combined

ServerSignature On
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

then enable virtual host a2ensite hotspot edit listening port nano /etc/apache2/ports.conf
Listen *:443
Listen *:80
#
# Listen 443
#
edit site default nano /etc/apache2/sites-available/default
NameVirtualHost *:80

create login page for the hotspot
mkdir -p /var/www/hotspot/
cd /var/www/hotspot/
wget http://www.truesoft.co.th/wifi/uam.tgz
tar -xzvf uam.tgz
reboot the server end of ssl configuration

5. Instal DaloRadius (radius management interface)

For Daloradius i use daloradius-0.9-8, for version 9-9 i haven't try to use it yet, but i'll update it later
after download it go to the folder where daloradius located, then


tar -xzvf daloradius-0.9-8.tar.gz copy the directory into www cp daloradius-0.9-8 /var/www/ -R changing owner dan permission chown
www-data:www-data /var/www/daloradius-0.9-8 -R
chmod 644 /var/www/daloradius-0.9-8/library/daloradius.conf.php
then install daloradius database into mysql mysql -u root -p radius < /var/www/daloradius-0.9-8/contrib/db/mysql-daloradius.sql
change database configuration accordingly nano /var/www/daloradius-0.9-8/library/daloradius.conf.php
'FREERADIUS_VERSION' = '2';
'CONFIG_DB_ENGINE' = 'mysql';
'CONFIG_DB_HOST' = '127.0.0.1'
'CONFIG_DB_USER' = 'radius'
'CONFIG_DB_PASS' = 'radpassword'
'CONFIG_DB_NAME' = 'radius'
if something occured like : mysql connection error when you try to login just create another user 'radius' with same password, but instead of @'localhost' use
@'%' mysql -u root -p
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'%' IDENTIFIED BY 'radpassword';
FLUSH PRIVILEGES;

after that make sure that these following package is installed sudo apt-get install php5-common php5-gd php-pear php-db libapache2-mod-
php5
then login to http://192.168.1.1/daloradius-0.9-8/login.php
login using username : administrator | password : radius
thats all thx, any question just add your comment bellow

source : http://opensource.telkomspeedy.com/forum/viewtopic.php?id=10812
http://manajung.blogspot.com/2010/01/daloradius-on-ubunto-910.html

You might also like