so first thing first i needs :
- Ubuntu 10.04 (Lucid Lynx)
- Lamp Server
- DNS Server
- OpenSSH Server
- Radisu Management web based (daloradius)
1. setting up the server machine
Ubuntu 10.04
I'm using ubuntu 10.04 and installed it on my vmware to test it.
first thing first i need to install debian-archive-keyring so my package i want to install can be authenticated easily, command :
sudo apt-get install debian-archive-keyringand then invoke
apt-get updateafter that i enable internet forwarding so that another computer can send and receive packet from internet through my ubuntu. command :
nano /etc/sysctl.conf and find line with net.ipv4.ip_forward=1 then remove the #.Lamp Server
To install lamp server using command :
sudo apt-get install lamp-server^when the download is finished, there is another gui asking about password for mysql.
then when the server is running there is another problem, although i can say that not a much problem, there will be notification like this : "apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName"
nano /etc/apache2/apache2.conf and add this line in the bottom : ServerName 127.0.0.1 save, and then restart the apache /etc/init.d/apache2 restartDNS Server
im using bind9 package for the dns server :
sudo apt-get install bind9and then configure the forwarders :
nano /etc/bind/named.conf.optionsthen uncomment and fill the ip address with one you use
forwarders {
8.8.8.8;
};
then restart service /etc/init.d/bind9 restartopenSSH server
to install openssh server package :
sudo apt-get install openssh-serverprint server
samba file server
webmin
2. setting up freeradius
install using :
sudo apt-get install freeradius freeradius-mysqlthen choose yes, and continue downloading and installing
then stop the radius
/etc/init.d/freeradius stopthen run in debugging mode
freeradius -Xand if there are no errors detected (Ready to process requests.) then ctrl+c to stop and continue the next step
the next step is create radius database into mysql and create user named radius:
mysql -u root -p (then insert your password)then type the following :
CREATE DATABASE radius;
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radpassword'; (where you can change radpassword into anything you like for the user radius in mysql)
FLUSH PRIVILEGES;
quitthen insert the radius database into mysql :
mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sqlinsert your password for user root
mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sqlinsert your password for user root
the next step is configure radius to connect to mysql :
nano /etc/freeradius/sql.conflook for this line then change it accordingly :
server = "localhost"
login = "radius"
password = "radiussecret"
and then on the same file configuration change
# readclient = yesinto
readclient = yesnano /etc/freeradius/clients.conflook for
secret = testing123
change it into
secret = radpassword
and then at the bottom line add this lineclient 192.168.1.0/24 { //ip of server
secret=radpassword
}next, i set up freeradius to use mysql for its database (backup it first)
cp /etc/freeradius/sites-available/default /etc/freeradius/sites-available/config
nano /etc/freeradius/sites-available/defaultin authorize section, looks for
files add # so that it become like this# fileslooks for another line below
# sql, remove # so it become like thissqllooks for another sql word on accounting section and session, if there is a (#) remove it
save dan exit
then make a user for testing the freeradius
mysql -u root -pthen type your root password
mysql > use radius;
mysql > INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('guest', 'password', 'guest')
mysql > select * from radcheck where UserName='guest';
mysql > exitnext step is to activate sql module
nano /etc/freeradius/radiusd.confremove comment from
$INCLUDE sql.confadd # pad file in /etc/hosts
#::1 localhost ip6-localhost ip6-loopback3. Instalasi coova chili
download the package :
wget http://coova-chilli.s3.amazonaws.com/coova-chilli_1.0.13-1_i386.deband then install it
dpkg -i coova-chilli_1.0.13-1_i386.debcopy default chilli configuration (for backup purpose)
cp /etc/chilli/default /etc/chilli/config
then create folder for hotspot web
mkdir /var/www/hotspot
cd /var/www/hotspot
cp /etc/chilli/www/* /var/www/hotspot
mkdir /var/www/hotspot/images
cp /var/www/hotspot/coova.jpg /var/www/hotspot/images/
and also make folder for uam
mkdir /var/www/hotspot/uam
cd /var/www/hotspot/uam
wget http://ap.coova.org/uam/
wget http://ap.coova.org/js/chilli.js
change the configuration to use my ip address
sed -i 's/ap.coova.org\/js\/chilli.js/192.168.0.1\/uam\/chilli.js/g' /var/www/hotspot/uam/index.html
edit chilli library to match my ip address
sed -i 's/192.168.182.1/192.168.0.1/g' /etc/chilli/www/ChilliLibrary.js
sed -i 's/192.168.182.1/192.168.0.1/g' /var/www/hotspot/ChilliLibrary.js
configure chilli to start on boot
nano /etc/default/chilli
START_CHILLI=1
CONFFILE="/etc/chilli.conf"
edit chilli configuration file
nano /etc/chilli/default
change accordingly
HS_LANIF=eth0 # Subscriber Interface for client devices
HS_NETWORK=192.168.1.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=192.168.1.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot Port (on subscriber network)
HS_NASID=nas01
HS_UAMSECRET=uamsecret
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_RADSECRET=radpassword
HS_UAMALLOW=www.google.com,192.168.1.0/24
HS_UAMSERVER=192.168.1.1
HS_UAMFORMAT=https://\$HS_UAMSERVER/uam/index.php
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
HS_UAMSERVICE=https://192.168.1.1/cgi-bin/hotspotlogin.cgi
configure chilli firewall
nano /etc/chilli/up.sh
add this code at the bottom line
# may not have been populated the first time; run again
[ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null
# force-add the final rule necessary to fix routing tables
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
thats the end of setting up coovachilli4. SSL configuration
install ssl
sudo apt-get install libapache2-mod-auth-mysql
make ssl folder
mkdir /etc/apache2/ssl
install certificate
apt-get install ssl-cert
view your hostname to make the certification
hostname -f
and then generate the certificate by using those hostname
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
editing your hostname
nano /etc/hosts
127.0.0.1 localhost
192.168.0.1 ## your hostname
enable ssl module
a2enmod ssl
reload/restart your apache
/etc/init.d/apache2 force-reload
create Virtual host for hotspot
nano /etc/apache2/sites-available/hotspot
then fill with this code (thx to zjapske for the code http://pastebin.com/HmqXvwfr)
Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"
<Directory "/usr/share/freeradius-dialupadmin/htdocs/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Directory "/var/www/hotspot/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/hotspot-error.log
LogLevel warn
CustomLog /var/log/apache2/hotspot-access.log combined
ServerSignature On
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>
then enable virtual host
a2ensite hotspot
edit listening port
nano /etc/apache2/ports.conf
Listen *:443
Listen *:80
#
# Listen 443
#
edit site default
nano /etc/apache2/sites-available/default
NameVirtualHost *:80
create login page for the hotspot
mkdir -p /var/www/hotspot/
cd /var/www/hotspot/
wget http://www.truesoft.co.th/wifi/uam.tgz
tar -xzvf uam.tgz
reboot the server
end of ssl configuration5. Instal DaloRadius (radius management interface)
For Daloradius i use daloradius-0.9-8, for version 9-9 i haven't try to use it yet, but i'll update it later
after download it go to the folder where daloradius located, then
tar -xzvf daloradius-0.9-8.tar.gz
copy the directory into www
cp daloradius-0.9-8 /var/www/ -R
changing owner dan permission
chown www-data:www-data /var/www/daloradius-0.9-8 -R
chmod 644 /var/www/daloradius-0.9-8/library/daloradius.conf.php
then install daloradius database into mysql
mysql -u root -p radius < /var/www/daloradius-0.9-8/contrib/db/mysql-daloradius.sql
change database configuration accordingly
nano /var/www/daloradius-0.9-8/library/daloradius.conf.php
'FREERADIUS_VERSION' = '2';
'CONFIG_DB_ENGINE' = 'mysql';
'CONFIG_DB_HOST' = '127.0.0.1'
'CONFIG_DB_USER' = 'radius'
'CONFIG_DB_PASS' = 'radpassword'
'CONFIG_DB_NAME' = 'radius'
if something occured like : mysql connection error when you try to login
just create another user 'radius' with same password, but instead of @'localhost' use @'%'
mysql -u root -p
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'%' IDENTIFIED BY 'radpassword';
FLUSH PRIVILEGES;
after that make sure that these following package is installed
sudo apt-get install php5-common php5-gd php-pear php-db libapache2-mod-php5
then login to http://192.168.1.1/daloradius-0.9-8/login.php
login using username : administrator | password : radius
thats all thx, any question just add your comment bellow
source : http://opensource.telkomspeedy.com/forum/viewtopic.php?id=10812
http://manajung.blogspot.com/2010/01/daloradius-on-ubunto-910.html
32 comments
configuration in ports.conf:
Listen *:443
Listen *:80
#
# Listen 443
#
can you tell me how should i put that configuration in ports.conf?thx..
For the Virtual host for hotspot
http://pastebin.com/HmqXvwfr
it means you just add
Listen *:443
and change Listen :80 to
Listen *:80
and then add # for any Listen 443 below those line
Thx Man i appreciate it, tq for the code, i edit my blog later...
Please can you procedure of testing a client after completing above process ..
I tried with below command but I got an error. Please can you give full procedure of testing a client.
radtest guest guest 127.0.0.1 0 radpassword
Here is the result after commiting this command on my machine:
#radtest guest guest 127.0.0.1 0 radpassword
Sending Access-Request of id 102 to 127.0.0.1 port 1812
User-Name = "guest"
User-Password = "guest"
NAS-IP-Address = 192.168.0.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=102, length=20
if you receive Access-Accept then your freeradius is already using sql for its user table
if you receive Access-Reject try run your freeradius using "freeradius -X" for debugging purpose
Dear Ryan,
I tried in debug mode and also get reject packet.
I completed till 2. setting up freeradius and tried.
# sudo freeradius -X
out after sending request from client..
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 46022, id=212, length=57
User-Name = "guest"
User-Password = "guest"
NAS-IP-Address = 192.168.0.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> guest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 212 to 127.0.0.1 port 46022
Waking up in 4.9 seconds.
Cleaning up request 0 ID 212 with timestamp +10
Ready to process requests.
client output...
sudo radtest guest guest 127.0.0.1 0 radpassword
[sudo] password for sam:
Sending Access-Request of id 212 to 127.0.0.1 port 1812
User-Name = "guest"
User-Password = "guest"
NAS-IP-Address = 192.168.0.1
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=212, length=20
Please help me I am not understand what is the problem. I followed all the step correctly....
try editing and change accordingly file config in /etc/freeradius/sites-available/default instead of /etc/freeradius/sites-available/config
Thank you very much for the help.....
I did change in /etc/freeradius/sites-available/default and after I run the freeradius in Debug mode I got an error as below
ype, secret FROM nas
rlm_sql (sql): Ignoring unconnected handle 4..
rlm_sql (sql): Ignoring unconnected handle 3..
rlm_sql (sql): Ignoring unconnected handle 2..
rlm_sql (sql): Ignoring unconnected handle 1..
rlm_sql (sql): Ignoring unconnected handle 0..
rlm_sql (sql): There are no DB handles to use! skipped 5, tried to connect 0
Failed to load clients from SQL.
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
/etc/freeradius/sql.conf[22]: Instantiation failed for module "sql"
/etc/freeradius/sites-enabled/default[159]: Failed to find module "sql".
/etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
If I do changes in etc/freeradius/sites-available/config the freeradius in debug mode running correctly....
try to look again at /etc/freeradius/sql.conf at line 22 below,
server = "localhost"
login = "radius"
password = "radiussecret"
*and remove # from read client
readclient = yes
if those doesn't help try change the login using "root"
have you uncomment $include sql.conf
in /etc/freeradius/radiusd.conf ??
if it still doesn't work try uploading your sql.conf, radiusd.conf, clients.conf
Thank you very much for the help Ryan .... :)
The above problem I solved ...
I changed secret password in /etc/freeradius/sql.conf to radpassword ... :)
Sending Access-Request of id 13 to 127.0.0.1 port 1812
User-Name = "guest"
User-Password = "guest"
NAS-IP-Address = 192.168.0.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=13, length=2
I am newbie to freeradius this tutorial help me a lot....
Thanks once again to ryan ...
Works great!
tested on ubuntu 12.04 and 10.04 doloradius 9.8 and 9.9
thanks
Thanks For This Post Rayan, it is very usefull for me. may be you can able to help about ip addresses? bcz in this post you used 2 ip address pls spesifiy witch is eth0 and eth1 and how to give this. and i am noy understand.
edit site default
nano /etc/apache2/sites-available/default
NameVirtualHost *:80
please I have eth0(dhcp) and eth0 and I would like to use an AP for my captive portal.
can you edit to me how could i configured it?
please help
i have this error in my browser...
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
@hotspot-error.log file it says
[Fri Aug 17 11:26:25 2012] [warn] RSA server certificate CommonName (CN) `myservername' does NOT match server name!?
here's my /etc/hosts file
127.0.0.1 localhost
xxx.xxx.xxx.xxx myservername
# The following lines are desirable for IPv6 capable hosts
#::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
and my /etc/hostname file also matches my server name
I had freeradius working and decided to follow your steps to install daloradius. I got the startup page but i can no longer proceed from there with "DB Error: extension not found". What i am worried about is that i can no longer access phpmyadmin using localhost/phpmyadmin. Any workaround?
Hi There,
Thanks for the this guide.
I any still confused on the IP addressing of this setup
Could you explain what IP goes where bases on this config.
E.G. what IP does eth0 and eth1
If you could post the output for 'ifconfig' that will be a big help.
A separate interface is also created tun0 by coovachilli. Where can I change the IP for this?
Thanks
no clue about tun0 settings?and what about 2 diferent IP classes 192.168.182.1/192.168.0.1/ I understand that 192.168.0.1 is for WAN but what about 192.168.182.1?
hi Ryan,
this is a very helpful and very great guide for a newbie like me..
i have manage to follow your guide so far so good..just the problem is my client didnt land on the landing page instead it land on uam page...i have no idea about that...can you give me clue what or where to edit it?
T.I.A Ryan
Hi Ryan, i have an issue when testing coovachilli. When trying to connect a new PC thru Wifi connection it shows the Coova Redirecting page and after that it redirects to www.coova.org immediately, it doesnt show the login page. How can i solve that issue? Can you help me please?
Help me !!!!!!!!!
Mon Nov 24 15:38:32 2014 : Debug: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
Mon Nov 24 15:38:32 2014 : Debug: }
Mon Nov 24 15:38:32 2014 : Error: "rlm_sql mysql" is NOT an SQL driver!
Mon Nov 24 15:38:32 2014 : Error: /etc/freeradius/sql.conf[22]: Instantiation failed for module "sql"
Mon Nov 24 15:38:32 2014 : Error: /etc/freeradius/sites-enabled/default[159]: Failed to load module "sql".
Mon Nov 24 15:38:32 2014 : Error: /etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
Problème d'affichage de la page de daloradius "Erreur de connexion SSL"
Please help me
Salut, tu as toujours besoin d'aide ?
Hi Ron,
Im having the similar issue. Did u solve it? If yes, plz share how it was resolved.
salut, j'ai vraiment besoin d'aide Antoine, s'il vous plait si vous pouvez me donnez votre adresse mail pour vous contacter. j'ai des dans l’intégration de openldap avec freeradius et daloradius.
http://ap.coova.org/uam is nto available .What to do?
http://ap.coova.org site is down from where i can download http://ap.coova.org/uam/ files :-(
hello all,
same problem for me.
did you find a solution ?
rgds