blog visitors

Konfigurasi Linux ClearOS sebagai Hotspot server

Sekedar sharing , tutorial ini langsung saya copas dari artikel aslinya di Forum Clearfoundation dengan harapan rekan-rekan bisa ikut mencoba dan oprek, silahkan di sharing hasil oprekannya di thread ini...

HARDWARE REQUIREMENTS:

1. PC with at least 2 NICs ( I used 3 NICs on mine)
i. eth0: Internet
ii. eth1: Hotspot LAN
iii. eth2: Admin (optional)
2. Access Point

SOFTWARE REQUIREMENTS:

1. ClearOS 5.2 Enterprise (www.clearfoundation.com/Software/downloads)
2. FreeRadius2
3. Coova-Chilli (www.clearcenter.com/media/dev/coova-chi … 1.i386.rpm)
4. Easyhotspot-web_only_0.2 (sourceforge.net/projects/easyhotspot/)

INSTALL ClearOS
- Install ClearOS as a Gateway i.e. choose Gateway mode on system mode
- Select software modules
- Graphical Console
- DHCP and Local DNS Servers
- Mail Server
- Web Server
- Database Server / MySQL
- Optional modules (Web Proxy, Antimalware, Antispam, Bandwidth Manager, Intrusion Protection, Protocol filter)
- Follow on-screen instructions to complete installation and reboot the system. The system reboots into a GUI screen. Login using root and password you set during installation and cComplete Installation wizard tasks

FIREWALL SETTINGS
Go to Firewall by clicking the the Firewall link at the end of the installation wizard. Add firewall rules to allow SSH and HTTP

IP SETTINGS
Go to Network>IP Settings and make sure eth0 is configured for Internet Access and eth1 is set on something line Hot LAN or LAN and on DHCP. If you are using 3 NICs like I did, set eth2 with static/dhcp LAN IP address. Ensure the links are up.1

Check Internet connectivity by open a second terminal (CTRL+F2). Login and trying pinging a web address. This verifies that Internet and DNS are working well. If successful, proceed to install FreeRadius2 otherwise check your connections.

INSTALL/SETUP FreeRadius2
For ClearOS 5.2, run your updates. For older versions, you must upgrade to 5.2 before you can use this module.
Complete howto about this is in http://www.clearfoundation.com/docs/how … o_use_ldap

Code:

# yum update
Install the FreeRadius service by running the following from command line:

Code:

# yum --enablerepo=base-plus install app-freeradius

# service syswatch restart
In Webconfig, click on the RADIUS server link under Network » Settings » RADIUS Server
To start the service, click Start. To make the service start automatically on each reboot, click To Auto
You may assign a group to authenticate through your RADIUS server. Select a group and click Update.

NOTE: You can follow the complete HOWTO (http://www.clearfoundation.com/docs/how … o_use_ldap) if you want to use LDAP authentication.

Configure FreeRadius2 to use SQL

Install freeRadius2-mysql

Code:

# yum install freeradius2-mysql
To do this. Edit /etc/radd/radiusd.conf and pretty much ignore everything except around about line 640 in the modules section uncomment or make sure that you have,

Code:

$INCLUDE sql.conf
and then further down make sure you have,

Code:

$INCLUDE sql/mysql/counter.conf
Then further around line 710 in the instantiate section make sure you have,
chillispot_max_bytes
noresetcounter

which are our counters which we define in the next section. Then in /etc/radd/sites-enabled/default in the authorise section after it has the "Look in an SQL database..." it has an "sql" entry that may be commented out so uncomment it and add the new counters so that it is now,

sql
chillispot_max_bytes
noresetcounter

and then later in /etc/raddb/sites-enabled/default in the accounting section uncomment the sql about line 343,

sql

and then later in /etc/raddb/sites-enabled/default in the session section uncomment the sql about line 370,

sql

and then finally in /etc/raddb/sites-enabled/default in the post-auth section uncomment the sql about line 370,

sql

That should be it. Now update the counter.conf in the next section.

FreeRadius SQL counter.conf settings needed
To match the radcheck and radgroupchecks we use then you also need to add two matching counter.conf checks as follows. Edit the /etc/raddb/sql/mysql/counter.conf file and in that at the end (unless the counter is already defined in that), add the following,

sqlcounter noresetcounter {
counter-name = Session-Timeout
check-name = Session-Timeout
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'"
}
sqlcounter chillispot_max_bytes {
counter-name = ChilliSpot-Max-Total-Octets
check-name = ChilliSpot-Max-Total-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE
UserName='%{%k}'"
}

Make sure that you have set radiusd.conf "instantiate" section the /etc/radd/sitesenabled/ default in the authorise section also has this set right as per the previous section to enable FreeRadius and SQL.

The logic is that initially authorisation is done by SQL then chillispot_max_bytes then
noresetcounter in turn. You can this add extra counter checks. Remember that is the user does logon then this check is NEVER done again. If you want a check done on a logged in user then it has to be done at the ChilliSpot which is told what to do in "reply" attributes NOT the check attributes.

IMPORTANT: Make sure you comment out all occurrences ldap and files in /etc/radd/sites-enabled/default


Setup easyhotspot database to be used by FreeRadius

Code:

#mysql –u root –p

Code:

mysql> create database easyhotspot_opensource;
mysql>CREATE USER 'easyhotspot'@'localhost';
mysql>SET PASSWORD FOR 'easyhotspot'@'localhost' = PASSWORD('easyhotspot');
mysql>GRANT ALL ON easyhotspot_opensource.* to 'easyhotspot'@'localhost';
mysql> quit
Easyhotspot Database Setup

Download easyhotspot from here 2 sourceforge.net/projects/easyhotspot/

Code:

# mysql –u root –p easyhotspot_opensource < ehs_withrad_0.p3.sql
You will find the ehs_withrad_0.p3.sql in the install folder of the downloaded easyhotspot web only. You can also use the ehs_sample_development.sql which has sample data.


Setup Easyhotspot

Preparation

Code:

#yum install php php-mysql php-gd php-pear php-db
# wget pear.php.net/go-pear.phar
# php go-pear.phar
# pear install DB
# service httpd restart
- Copy the easyhotspot folder to /opt
- Create a soft link in /var/www/html for easyhotspot/htdocs
- # ln –s /opt/easyhotspot/htdocs easyhotspot

INSTALL/SETUP CAPTIVE PORTAL
(www.clearfoundation.com/docs/howtos/captive_portal)

Preparation

You will need the working RADIUS server to get this going. Click here to set that up first. Be sure to do the 'Additional setup' items at the bottom so that PAP is working.

You will need to set up localhost as an authorized client of the RADIUS server.

Create a user called coovachilli with mail only and make a group called chilli.

Get the code.

Code:

wget www.clearcenter.com/media/dev/coova-chilli-1.2.5-1.i386.rpm
wget www.clearcenter.com/media/dev/haserl
cp haserl /usr/sbin/
chmod +x /usr/sbin/haserl
Install the code

Code:

rpm -Uvh coova-chilli-1.2.5-1.i386.rpm
CONFIGURE COOVACHILLI

/etc/chilli/defaults

Set the following values: HS_LANIF, change this value if it is wrong (ie. HS_LANIF=eth2).

HS_NETWORK, set this to the values of your network (ie. HS_NETWORK=192.168.1.0).

HS_NETMASK, change this value if it is wrong (ie. HS_NETMASK=255.255.255.128).

HS_UAMLISTEN, set this to the IP of your server (ie. HS_UAMLISTEN=192.168.1.1).

HS_DNS1 and HS_DNS1, set these to the IP address of your local DNS server, in this case your server (ie. HS_DNS1=192.168.1.1 and HS_DNS2=192.168.1.1).

HS_RADSECRET, set this to the secret password that you placed in the RADIUS configuration for the localhost entry in Webconfig (ie. HS_RADSECRET=mysecretpassword).

HS_RAD_PROTO=mschapv2, set this so the program knows to use the NT-Password infrastructure of LDAP described in the PAP section of the FreeRADIUS 2 Howto. This value does NOT exist and you must define it (set this to HS_RAD_PROTO=mschapv2).

HS_UAMDOMAINS, set all the domains that you want for your 'walled garden. These sites will work even if users don't authenticate via your captive portal:

HS_UAMDOMAINS=".clearcenter.com,.clearfoundation.com"

Start Coova Chilli

Code:

#service chilli start
TESTING

Connect a computer to the hotspot either wireless through AP or through a switch. It should get an IP address of 10.1.0.x or whatever you specified in chilli/defaults.

Open a browser, you should be redirected to coova-chilli login page.

Navigate to yourserver/easyhotspot
Login with admin/admin123
Create a postpaid account e.g. test/testpwd

Radius Testing

Code:

# Radtest test testpwd localhost 10 testing123
You should get an access-accept message. Otherwise stop radius service and start it in debug mode

Code:

# service radius stop
# radiusd –X –xyz
The debug mode will point exactly where the problem is. If you are lazy to read, probably try something else.

Easyhotspot is easy to manage so no HOWTO on this.

SELAMAT MENCOBA

0 komentar:

Poskan Komentar