129419573 100 Work Ubuntu Freeradius2 CoovaChilli Daloradius

100% Work! Ubuntu+Freeradius2+CoovaChilli+Daloradius

eth0 = 11.11.11.2 Interneteth1 = 10.10.10.1 LAN

1. Network Interface Cardnano /etc/network/interfacesiface eth0 inet static address 11.11.11.2 netmask 255.255.255.240 gateway 11.11.11.1auto eth1

**kalo belom bs silahkan memakai webmin..$ wget http://www.webmin.com/jcameron-key.asc$ sudo apt-key add jcameron-key.asc

Tambahkan di vi /etc/apt/sources.listdeb http://download.webmin.com/download/repository sarge contribdeb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

$ apt-get install unzip fakeroot ssh build-essential rrdtool snmp snmpd php5-cli php5-gd php5 php5-mysql php5-gmp php-pear php5-snmp php5-adodb php-db make ssl-cert freeradius freeradius-mysql freeradius-utils curl perl openssl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl git-core gcc webmin libssl0.9.8 libapache2-mod-auth-mysql php5-common libapache2-mod-php5 mysql-server apache2

$ sudo apt-get update

Akses webmin dari browser anda https://10.10.10.1:9090masukan user root dan passwordnya.

2. forward packetnano /etc/sysctl.conf net.ip4.ip_forward=1

3. module tun coova nano /etc/modulesmodprobe tun restart

4. LAMP Server DNS Servertasksel LAMP Server Openssh-Server

6. radius script tablesmysqladmin -ppasswd create radiusmysql -u root -ppasswd radius < /etc/freeradius/sql/mysql/schema.sqlmysql -u root -ppasswd radius < /etc/freeradius/sql/mysql/nas.sqlmysql -u root -ppasswdmysql>GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius';mysql>FLUSH PRIVILEGES;mysql>quit

https://10.10.10.1:9090/

7. sql.confnano -w /etc/freeradius/sql.confsql {

database = "mysql"driver = "rlm_sql_${database}"

server = "localhost"login = "radius"password = "radius"radius_db = "radius"acct_table1 = "radacct"acct_table2 = "radacct"postauth_table = "radpostauth"authcheck_table = "radcheck"authreply_table = "radreply"groupcheck_table = "radgroupcheck"groupreply_table = "radgroupreply"usergroup_table = "radusergroup"deletestalesessions = yessqltrace = nosqltracefile = ${logdir}/sqltrace.sqlnum_sql_socks = 5connect_failure_retry_delay = 60nas_table = "nas"$INCLUDE sql/${database}/dialup.conf

}

nano /etc/freeradius/radiusd.confprefix = /usrexec_prefix = /usrsysconfdir = /etclocalstatedir = /varsbindir = ${exec_prefix}/sbinlogdir = /var/log/freeradiusraddbdir = /etc/freeradiusradacctdir = ${logdir}/radacctconfdir = ${raddbdir}run_dir = ${localstatedir}/run/freeradiusdb_dir = ${raddbdir}libdir = /usr/lib/freeradiuspidfile = ${run_dir}/freeradius.pidmax_request_time = 30cleanup_delay = 5max_requests = 1024

listen {type = authipaddr = *port = 0

}listen {

ipaddr = *port = 0type = acct

}

hostname_lookups = noallow_core_dumps = noregular_expressions = yesextended_expressions = yes

log {destination = filesfile = ${logdir}/radius.logsyslog_facility = daemon

stripped_names = noauth = noauth_badpass = noauth_goodpass = no

}

checkrad = ${sbindir}/checkrad

security {max_attributes = 200reject_delay = 1status_server = yes

}

proxy_requests = yes$INCLUDE proxy.conf$INCLUDE clients.conf

thread pool {max_servers = 32min_spare_servers = 3max_spare_servers = 10max_requests_per_server = 0

}modules {

$INCLUDE ${confdir}/modules/$INCLUDE eap.conf$INCLUDE sql.conf$INCLUDE sql/mysql/counter.conf

}instantiate {

execexprexpirationmax_all_mbnoresetcounterlogintime

}

$INCLUDE policy.conf$INCLUDE sites-enabled/

8. client.conf Coova-chilli Daloradius freeradiusnano -w /etc/freeradius/clients.confclient localhost {

ipaddr = 127.0.0.1secret = radiusrequire_message_authenticator = nonastype = other # localhost isn't usually a NAS...

}

nano -w /etc/freeradius/sites-available/defaultauthorize {

preprocesschapmschapsuffixeap {

ok = return}unixfilessql

noresetcounterdailycountermonthlycounterexpirationlogintimepap

}authenticate {

Auth-Type PAP {pap

}Auth-Type CHAP {

chap}Auth-Type MS-CHAP {

mschap}unix

}preacct {

preprocessacct_uniquesuffixfiles

}accounting {

detailunixradutmpsradutmpsqlattr_filter.accounting_response

}session {

radutmpsql

}post-auth {

sqlexec

}pre-proxy {}post-proxy {

eap}

Tahap selanjutnya adalah merubah file /etc/freeradius/sql/mysql/counter.confsqlcounter dailycounter {

counter-name = Daily-Session-Timecheck-name = Max-Daily-Sessionreply-name = Session-Timeoutsqlmod-inst = sqlkey = User-Namereset = dailyquery = "SELECT SUM(acctsessiontime - \

GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \ FROM radacct WHERE username = '%{%k}' AND \ UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"}sqlcounter monthlycounter {

counter-name = Monthly-Session-Timecheck-name = Max-Monthly-Sessionreply-name = Session-Timeoutsqlmod-inst = sqlkey = User-Namereset = monthly

query = "SELECT SUM(acctsessiontime - \ GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \

FROM radacct WHERE username='%{%k}' AND \ UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'"}sqlcounter noresetcounter {

counter-name = Session-Timeoutcheck-name = Session-Timeoutreply-name = Session-Timeoutsqlmod-inst = sqlkey = User-Namereset = neverquery = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"

}sqlcounter max_all_mb {

counter-name = Max-All-MBcheck-name = Max-All-MBreply-name = ChilliSpot-Max-Total-Octetssqlmod-inst = sqlkey = User-Namereset = neverquery = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%

{%k}'"#query = "SELECT SUM(AcctInputOctets)/(1024*1024) + SUM(AcctOutputOctets)/(1024*1024) FROM

radacct WHERE UserName='%{%k}'"

}sqlcounter octetslimit {

counter-name = Max-All-MBcheck-name = Max-All-MBreply-name = Chillispot-Max-Total-Octetskey = User-Namereset = neverquery = "SELECT SUM(acctinputoctets+acctoutputoctets) from radacct WHERE UserName='%

{%k}'"sqlmod-inst = sql

}

Sampai dini, seharusnya freeradius sudah bekerja. Anda bisa memastikan dengan manjalankan freeradius dengan mode debug.$ /etc/init.d/freeradius stop$ /usr/sbin/freeradius -X$ /usr/sbin/freeradius

10. User Radius restart Freeradius Usermysql -u root -ppasswordmysql> use radius;mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('guest', 'Password','guest');

/etc/init.d/freeradius restartradtest guest guest 127.0.0.1 0 radiusrad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=198, length=20

coova-chilli

11. download cd /tmp$ wget http://ap.coova.org/chilli/coova-chilli_1.2.2_i386.debOr$ wget http://coova-chilli.s3.amazonaws.com/coova-chilli_1.3.0_i386.deb$ dpkg -i coova-chilli_1.2.2_i386.deb

http://coova-chilli.s3.amazonaws.com/coova-chilli_1.3.0_i386.deb

http://ap.coova.org/chilli/coova-chilli_1.2.2_i386.deb

Secara default, coova chilli di set dalam keadaan tidak aktif, anda harus mengaktifkan dengan cara merubah isi file /etc/default/chilli dan cariSTART_CHILLI=0 ubah menjadi START_CHILLI=1

12. coova file config chilli cp /etc/chilli/defaults /etc/chilli/config

13. folder hotspotmkdir /var/www/hotspot && cd /var/www/hotspotcp /etc/chilli/www/* /var/www/hotspotmkdir /var/www/hotspot/imagescp /var/www/hotspot/coova.jpg /var/www/hotspot/images

14. folder uammkdir /var/www/hotspot/uamcd /var/www/hotspot/uamwget http://ap.coova.org/uam/wget http://ap.coova.org/js/chilli.js

15. Host Address $ sed -i 's/ap.coova.org\/js\/chilli.js/192.168.0.1\/uam\/chilli.js/g' /var/www/hotspot/uam/index.html$ sed -i 's/192.168.182.1/10.10.10.1/g' /etc/chilli/www/ChilliLibrary.js$ sed -i 's/192.168.182.1/10.10.10.1/g' /var/www/hotspot/ChilliLibrary.js

30. login Hotspot cd /var/www/hotspot/wget http://www.truesoft.co.th/wifi/uam.tgztar -xzvf uam.tgzcd uammv index.html index.html-omv chilli.js chilli.js-o

17. file /etc/chilli/config nano /etc/chilli/config

HS_WANIF=ppp0 # WAN Interface toward the InternetHS_LANIF=eth0 # Subscriber Interface for client devicesHS_NETWORK=10.10.10.0 # HotSpot Network (must include HS_UAMLISTEN)HS_NETMASK=255.255.255.0 # HotSpot Network NetmaskHS_UAMLISTEN=10.10.10.1 # HotSpot IP Address (on subscriber network)HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)

# DNS Nawala ServersHS_DNS1=180.131.144.144HS_DNS2=180.131.145.145

# HotSpot settings for simple Captive PortalHS_NASID=nas01HS_RADIUS=localhostHS_RADIUS2=localhostHS_UAMALLOW=10.10.10.1,192.168.1.4,192.168.1.226,192.168.1.254,newmed.ac.id,www.google.com,www.yahoo.comHS_RADSECRET=radius # sesuai yang kita isikan di /etc/freeradius/clients.confHS_UAMSECRET=uamsecretHS_RADIUS=localhostHS_RADIUS2=localhostHS_UAMALIASNAME=chilliHS_UAMSERVER=10.10.10.1HS_UAMFORMAT=https://\$HS_UAMSERVER/uam/HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.htmlHS_UAMSERVICE=https://10.10.10.1/cgi-bin/hotspotlogin.cgiHS_TCP_PORTS="22 80 443 10000"

http://www.truesoft.co.th/wifi/uam.tgz

http://ap.coova.org/js/chilli.js

http://ap.coova.org/uam/

HS_MODE=hotspotHS_TYPE=chillispotHS_WWWDIR=/etc/chilli/wwwHS_WWWBIN=/etc/chilli/wwwshHS_PROVIDER=NewMedHS_PROVIDER_LINK=http://newmed.ac.idHS_LOC_NAME="Selamat Datang di Kampus New Media"

Selanjutnya adalah download dan install Haserl$ wget http://sourceforge.net/projects/haserl/files/haserl/0.8.0/haserl-0.8.0.tar.gz$ tar -zxvf haserl-0.8.0.tar.gz$ cd haserl-0.8.0;./configure;make;sudo make install

Kemudian Edit file /etc/chilli/wwwshcari :haserl=$(which haserl 2>/dev/null)

ubah menjadi :haserl=/usr/local/bin/haserl

18. Firewallnano /etc/chilli/up.sh# may not have been populated the first time; run again[ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null# force-add the final rule necessary to fix routing tablesiptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE

21. folder ssl mkdir /etc/apache2/ssl

22. cat /etc/hostnametetsuya.hotspot

23. make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

24. module ssl a2enmod ssl/etc/init.d/apache2 force-reload

25. hosts nano /etc/hosts

127.0.0.1 localhost.local localhost127.0.1.1 Authen.local Authen10.10.10.1 Authen.local Authen

26. hotspot nano -w /etc/apache2/sites-available/hotspot

NameVirtualHost 10.10.10.1:443<VirtualHost 10.10.10.1:443>

ServerAdmin [email protected]

DocumentRoot /var/www/hotspotServerName "10.10.10.1"<Directory /var/www/hotspot/>

Options Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,denyallow from all

</Directory>

http://sourceforge.net/projects/haserl/files/haserl/0.8.0/haserl-0.8.0.tar.gz/download

Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"<Directory "/usr/share/freeradius-dialupadmin/htdocs/">


</Directory>

<Directory "/var/www/hotspot/cgi-bin/">AllowOverride NoneOptions ExecCGI -MultiViews +SymLinksIfOwnerMatchOrder allow,denyAllow from all

</Directory>

ErrorLog /var/log/apache2/hotspot-error.logLogLevel warnCustomLog /var/log/apache2/hotspot-access.log combinedServerSignature OnSSLEngine onSSLCertificateFile /etc/apache2/ssl/apache.pem

</VirtualHost>

27. hotspot apachea2ensite hotspot

28. Listen Ports apache nano -w /etc/apache2/ports.conf

Listen *:443Listen *:80

nano -w /etc/apache2/apache2.confServerName 10.10.10.1

29. default nano -w /etc/apache2/sites-available/defaultNameVirtualHost *:80<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot /var/www<Directory />

Options FollowSymLinksAllowOverride None

</Directory><Directory /var/www/>


</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/<Directory "/usr/lib/cgi-bin">

AllowOverride NoneOptions +ExecCGI -MultiViews +SymLinksIfOwnerMatchOrder allow,denyAllow from all

</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory>

</VirtualHost>

31. restart reboot

32. daloRADIUS cd /tmpwget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius-0.9-8/daloradius-0.9-8.tar.gzorwget http://nchc.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gztar -zxvf daloradius-0.9-9.tar.gzcp -R daloradius-0.9-9/ /var/www/daloradiuschown -R www-data:www-data /var/www/daloradiuschmod 644 /var/www/daloradius/library/daloradius.conf.php

36. database radius Database scriptmysql -u root -p radius < /var/www/daloradius/contrib/db/mysql-daloradius.sql

37. nano /var/www/daloradius/library/daloradius.conf.phpCONFIG_DB_ENGINE = mysqlCONFIG_DB_HOST = 127.0.0.1CONFIG_DB_USER = rootCONFIG_DB_PASS = password MysqlCONFIG_DB_NAME = radius$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';

39. touch permission logmkdir /var/log/freeradius/radaccttouch /var/log/freeradius/radacct/sql-relaytouch /var/log/freeradius/radutmptouch /var/log/daloradius.logchown 755 /var/log/freeradiuschown freerad:freerad /var/log/freeradius/radutmp

40. config http://10.10.10.1/daloradius/login.php Username: administratorPassword: radius

http://10.10.10.1/daloradius/login.php

http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius-0.9-8/daloradius-0.9-8.tar.gz

http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius-0.9-8/daloradius-0.9-8.tar.gz

129419573 100 Work Ubuntu Freeradius2 CoovaChilli Daloradius

Documents

Transcript of 129419573 100 Work Ubuntu Freeradius2 CoovaChilli Daloradius