129419573 100 Work Ubuntu Freeradius2 CoovaChilli Daloradius
Transcript of 129419573 100 Work Ubuntu Freeradius2 CoovaChilli Daloradius
100% Work! Ubuntu+Freeradius2+CoovaChilli+Daloradius
eth0 = 11.11.11.2 Interneteth1 = 10.10.10.1 LAN
1. Network Interface Cardnano /etc/network/interfacesiface eth0 inet static address 11.11.11.2 netmask 255.255.255.240 gateway 11.11.11.1auto eth1
**kalo belom bs silahkan memakai webmin..$ wget http://www.webmin.com/jcameron-key.asc$ sudo apt-key add jcameron-key.asc
Tambahkan di vi /etc/apt/sources.listdeb http://download.webmin.com/download/repository sarge contribdeb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
$ apt-get install unzip fakeroot ssh build-essential rrdtool snmp snmpd php5-cli php5-gd php5 php5-mysql php5-gmp php-pear php5-snmp php5-adodb php-db make ssl-cert freeradius freeradius-mysql freeradius-utils curl perl openssl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl git-core gcc webmin libssl0.9.8 libapache2-mod-auth-mysql php5-common libapache2-mod-php5 mysql-server apache2
$ sudo apt-get update
Akses webmin dari browser anda https://10.10.10.1:9090masukan user root dan passwordnya.
2. forward packetnano /etc/sysctl.conf net.ip4.ip_forward=1
3. module tun coova nano /etc/modulesmodprobe tun restart
4. LAMP Server DNS Servertasksel LAMP Server Openssh-Server
6. radius script tablesmysqladmin -ppasswd create radiusmysql -u root -ppasswd radius < /etc/freeradius/sql/mysql/schema.sqlmysql -u root -ppasswd radius < /etc/freeradius/sql/mysql/nas.sqlmysql -u root -ppasswdmysql>GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius';mysql>FLUSH PRIVILEGES;mysql>quit
7. sql.confnano -w /etc/freeradius/sql.confsql {
database = "mysql"driver = "rlm_sql_${database}"
server = "localhost"login = "radius"password = "radius"radius_db = "radius"acct_table1 = "radacct"acct_table2 = "radacct"postauth_table = "radpostauth"authcheck_table = "radcheck"authreply_table = "radreply"groupcheck_table = "radgroupcheck"groupreply_table = "radgroupreply"usergroup_table = "radusergroup"deletestalesessions = yessqltrace = nosqltracefile = ${logdir}/sqltrace.sqlnum_sql_socks = 5connect_failure_retry_delay = 60nas_table = "nas"$INCLUDE sql/${database}/dialup.conf
}
nano /etc/freeradius/radiusd.confprefix = /usrexec_prefix = /usrsysconfdir = /etclocalstatedir = /varsbindir = ${exec_prefix}/sbinlogdir = /var/log/freeradiusraddbdir = /etc/freeradiusradacctdir = ${logdir}/radacctconfdir = ${raddbdir}run_dir = ${localstatedir}/run/freeradiusdb_dir = ${raddbdir}libdir = /usr/lib/freeradiuspidfile = ${run_dir}/freeradius.pidmax_request_time = 30cleanup_delay = 5max_requests = 1024
listen {type = authipaddr = *port = 0
}listen {
ipaddr = *port = 0type = acct
}
hostname_lookups = noallow_core_dumps = noregular_expressions = yesextended_expressions = yes
log {destination = filesfile = ${logdir}/radius.logsyslog_facility = daemon
stripped_names = noauth = noauth_badpass = noauth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {max_attributes = 200reject_delay = 1status_server = yes
}
proxy_requests = yes$INCLUDE proxy.conf$INCLUDE clients.conf
thread pool {max_servers = 32min_spare_servers = 3max_spare_servers = 10max_requests_per_server = 0
}modules {
$INCLUDE ${confdir}/modules/$INCLUDE eap.conf$INCLUDE sql.conf$INCLUDE sql/mysql/counter.conf
}instantiate {
execexprexpirationmax_all_mbnoresetcounterlogintime
}
$INCLUDE policy.conf$INCLUDE sites-enabled/
8. client.conf Coova-chilli Daloradius freeradiusnano -w /etc/freeradius/clients.confclient localhost {
ipaddr = 127.0.0.1secret = radiusrequire_message_authenticator = nonastype = other # localhost isn't usually a NAS...
}
nano -w /etc/freeradius/sites-available/defaultauthorize {
preprocesschapmschapsuffixeap {
ok = return}unixfilessql
noresetcounterdailycountermonthlycounterexpirationlogintimepap
}authenticate {
Auth-Type PAP {pap
}Auth-Type CHAP {
chap}Auth-Type MS-CHAP {
mschap}unix
}preacct {
preprocessacct_uniquesuffixfiles
}accounting {
detailunixradutmpsradutmpsqlattr_filter.accounting_response
}session {
radutmpsql
}post-auth {
sqlexec
}pre-proxy {}post-proxy {
eap}
Tahap selanjutnya adalah merubah file /etc/freeradius/sql/mysql/counter.confsqlcounter dailycounter {
counter-name = Daily-Session-Timecheck-name = Max-Daily-Sessionreply-name = Session-Timeoutsqlmod-inst = sqlkey = User-Namereset = dailyquery = "SELECT SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \ FROM radacct WHERE username = '%{%k}' AND \ UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"}sqlcounter monthlycounter {
counter-name = Monthly-Session-Timecheck-name = Max-Monthly-Sessionreply-name = Session-Timeoutsqlmod-inst = sqlkey = User-Namereset = monthly
query = "SELECT SUM(acctsessiontime - \ GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
FROM radacct WHERE username='%{%k}' AND \ UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"}sqlcounter noresetcounter {
counter-name = Session-Timeoutcheck-name = Session-Timeoutreply-name = Session-Timeoutsqlmod-inst = sqlkey = User-Namereset = neverquery = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"
}sqlcounter max_all_mb {
counter-name = Max-All-MBcheck-name = Max-All-MBreply-name = ChilliSpot-Max-Total-Octetssqlmod-inst = sqlkey = User-Namereset = neverquery = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%
{%k}'"#query = "SELECT SUM(AcctInputOctets)/(1024*1024) + SUM(AcctOutputOctets)/(1024*1024) FROM
radacct WHERE UserName='%{%k}'"
}sqlcounter octetslimit {
counter-name = Max-All-MBcheck-name = Max-All-MBreply-name = Chillispot-Max-Total-Octetskey = User-Namereset = neverquery = "SELECT SUM(acctinputoctets+acctoutputoctets) from radacct WHERE UserName='%
{%k}'"sqlmod-inst = sql
}
Sampai dini, seharusnya freeradius sudah bekerja. Anda bisa memastikan dengan manjalankan freeradius dengan mode debug.$ /etc/init.d/freeradius stop$ /usr/sbin/freeradius -X$ /usr/sbin/freeradius
10. User Radius restart Freeradius Usermysql -u root -ppasswordmysql> use radius;mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('guest', 'Password','guest');
/etc/init.d/freeradius restartradtest guest guest 127.0.0.1 0 radiusrad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=198, length=20
coova-chilli
11. download cd /tmp$ wget http://ap.coova.org/chilli/coova-chilli_1.2.2_i386.debOr$ wget http://coova-chilli.s3.amazonaws.com/coova-chilli_1.3.0_i386.deb$ dpkg -i coova-chilli_1.2.2_i386.deb
Secara default, coova chilli di set dalam keadaan tidak aktif, anda harus mengaktifkan dengan cara merubah isi file /etc/default/chilli dan cariSTART_CHILLI=0 ubah menjadi START_CHILLI=1
12. coova file config chilli cp /etc/chilli/defaults /etc/chilli/config
13. folder hotspotmkdir /var/www/hotspot && cd /var/www/hotspotcp /etc/chilli/www/* /var/www/hotspotmkdir /var/www/hotspot/imagescp /var/www/hotspot/coova.jpg /var/www/hotspot/images
14. folder uammkdir /var/www/hotspot/uamcd /var/www/hotspot/uamwget http://ap.coova.org/uam/wget http://ap.coova.org/js/chilli.js
15. Host Address $ sed -i 's/ap.coova.org\/js\/chilli.js/192.168.0.1\/uam\/chilli.js/g' /var/www/hotspot/uam/index.html$ sed -i 's/192.168.182.1/10.10.10.1/g' /etc/chilli/www/ChilliLibrary.js$ sed -i 's/192.168.182.1/10.10.10.1/g' /var/www/hotspot/ChilliLibrary.js
30. login Hotspot cd /var/www/hotspot/wget http://www.truesoft.co.th/wifi/uam.tgztar -xzvf uam.tgzcd uammv index.html index.html-omv chilli.js chilli.js-o
17. file /etc/chilli/config nano /etc/chilli/config
HS_WANIF=ppp0 # WAN Interface toward the InternetHS_LANIF=eth0 # Subscriber Interface for client devicesHS_NETWORK=10.10.10.0 # HotSpot Network (must include HS_UAMLISTEN)HS_NETMASK=255.255.255.0 # HotSpot Network NetmaskHS_UAMLISTEN=10.10.10.1 # HotSpot IP Address (on subscriber network)HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
# DNS Nawala ServersHS_DNS1=180.131.144.144HS_DNS2=180.131.145.145
# HotSpot settings for simple Captive PortalHS_NASID=nas01HS_RADIUS=localhostHS_RADIUS2=localhostHS_UAMALLOW=10.10.10.1,192.168.1.4,192.168.1.226,192.168.1.254,newmed.ac.id,www.google.com,www.yahoo.comHS_RADSECRET=radius # sesuai yang kita isikan di /etc/freeradius/clients.confHS_UAMSECRET=uamsecretHS_RADIUS=localhostHS_RADIUS2=localhostHS_UAMALIASNAME=chilliHS_UAMSERVER=10.10.10.1HS_UAMFORMAT=https://\$HS_UAMSERVER/uam/HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.htmlHS_UAMSERVICE=https://10.10.10.1/cgi-bin/hotspotlogin.cgiHS_TCP_PORTS="22 80 443 10000"
HS_MODE=hotspotHS_TYPE=chillispotHS_WWWDIR=/etc/chilli/wwwHS_WWWBIN=/etc/chilli/wwwshHS_PROVIDER=NewMedHS_PROVIDER_LINK=http://newmed.ac.idHS_LOC_NAME="Selamat Datang di Kampus New Media"
Selanjutnya adalah download dan install Haserl$ wget http://sourceforge.net/projects/haserl/files/haserl/0.8.0/haserl-0.8.0.tar.gz$ tar -zxvf haserl-0.8.0.tar.gz$ cd haserl-0.8.0;./configure;make;sudo make install
Kemudian Edit file /etc/chilli/wwwshcari :haserl=$(which haserl 2>/dev/null)
ubah menjadi :haserl=/usr/local/bin/haserl
18. Firewallnano /etc/chilli/up.sh# may not have been populated the first time; run again[ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null# force-add the final rule necessary to fix routing tablesiptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE
21. folder ssl mkdir /etc/apache2/ssl
22. cat /etc/hostnametetsuya.hotspot
23. make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
24. module ssl a2enmod ssl/etc/init.d/apache2 force-reload
25. hosts nano /etc/hosts
127.0.0.1 localhost.local localhost127.0.1.1 Authen.local Authen10.10.10.1 Authen.local Authen
26. hotspot nano -w /etc/apache2/sites-available/hotspot
NameVirtualHost 10.10.10.1:443<VirtualHost 10.10.10.1:443>
ServerAdmin [email protected]
DocumentRoot /var/www/hotspotServerName "10.10.10.1"<Directory /var/www/hotspot/>
Options Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,denyallow from all
</Directory>
Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"<Directory "/usr/share/freeradius-dialupadmin/htdocs/">
Options Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,denyallow from all
</Directory>
<Directory "/var/www/hotspot/cgi-bin/">AllowOverride NoneOptions ExecCGI -MultiViews +SymLinksIfOwnerMatchOrder allow,denyAllow from all
</Directory>
ErrorLog /var/log/apache2/hotspot-error.logLogLevel warnCustomLog /var/log/apache2/hotspot-access.log combinedServerSignature OnSSLEngine onSSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>
27. hotspot apachea2ensite hotspot
28. Listen Ports apache nano -w /etc/apache2/ports.conf
Listen *:443Listen *:80
nano -w /etc/apache2/apache2.confServerName 10.10.10.1
29. default nano -w /etc/apache2/sites-available/defaultNameVirtualHost *:80<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www<Directory />
Options FollowSymLinksAllowOverride None
</Directory><Directory /var/www/>
Options Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,denyallow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/<Directory "/usr/lib/cgi-bin">
AllowOverride NoneOptions +ExecCGI -MultiViews +SymLinksIfOwnerMatchOrder allow,denyAllow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory>
</VirtualHost>
31. restart reboot
32. daloRADIUS cd /tmpwget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius-0.9-8/daloradius-0.9-8.tar.gzorwget http://nchc.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gztar -zxvf daloradius-0.9-9.tar.gzcp -R daloradius-0.9-9/ /var/www/daloradiuschown -R www-data:www-data /var/www/daloradiuschmod 644 /var/www/daloradius/library/daloradius.conf.php
36. database radius Database scriptmysql -u root -p radius < /var/www/daloradius/contrib/db/mysql-daloradius.sql
37. nano /var/www/daloradius/library/daloradius.conf.phpCONFIG_DB_ENGINE = mysqlCONFIG_DB_HOST = 127.0.0.1CONFIG_DB_USER = rootCONFIG_DB_PASS = password MysqlCONFIG_DB_NAME = radius$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';
39. touch permission logmkdir /var/log/freeradius/radaccttouch /var/log/freeradius/radacct/sql-relaytouch /var/log/freeradius/radutmptouch /var/log/daloradius.logchown 755 /var/log/freeradiuschown freerad:freerad /var/log/freeradius/radutmp
40. config http://10.10.10.1/daloradius/login.php Username: administratorPassword: radius