WiFi: HotSpot - CoovaChilli Instalasi Radius Server

From OnnoWiki
Revision as of 11:21, 7 April 2010 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

Instalasi Radius Server dan Database

sudo apt-get install freeradius freeradius-mysql

Buat database untuk menyimpan username dan password

mysql -u root -p
Enter password:
CREATE DATABASE radius;
quit  

Asumsi password root mysql adalah 123456. Lanjutkan dengan perintah

sudo su -
mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/schema.sql
mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/nas.sql

Asumsi password user radius untuk akses database radius adalah radius, maka perintahnya adalah

mysql -u root -p
Enter password:
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius';
GRANT ALL PRIVILEGES ON radius.* TO 'radius' IDENTIFIED BY 'radius';
FLUSH PRIVILEGES;
quit

Set supaya FreeRadius dapat mengakses database

vi /etc/freeradius/sql.conf
server = "localhost"
login  = "radius"
password = "radius"
radius_db = "radius"

Set FreeRadius server client password

vi /etc/freeradius/clients.conf
client 127.0.0.1 {
    secret = tesing123
}

Test Setup

Testing default file setup

The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users. We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).

Add username an password to our user "file". edit "John Doe"

nano -w /etc/freeradius/users

uncomment

"John Doe" Auth-Type := Local, User-Password == "hello"

              Reply-Message = "Hello, %u"

At this point you need to reboot your ubuntu box

reboot

Check FreeRadius config files.

sudo /etc/init.d/freeradius stop sudo freeradius -XXX

If all goes well the last line should display

Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.

Ctrl+C to exit.

Start FreeRadius again

sudo /etc/init.d/freeradius start

Test password authorization to "file"

sudo radtest "John Doe" hello 127.0.0.1 0 radiussecret

If all goes well you should get a reply

Sending Access-Request of id 136 to 127.0.0.1 port 1812
        User-Name = "John Doe"
        User-Password = "hello"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
        Reply-Message = "Hello, John Doe"

change authorization to sql

If the above tests worked we can now change authorization from "file" to "sql" nano -w /etc/freeradius/radiusd.conf Change:

files


to


  1. files
  1. sql


to


sql

note for freeradius2: nano -w /etc/freeradius/sites-available/default

Note: You can only use one authorisation method at a time, not both. Therefore "files" section needs to be commented out otherwise free radius will still try to authorize with /etc/freeradius/users "file" instead of "sql" SQL Logging

If you want to use software packages like ezRADIUS or Dialup Admin you need to enable logging to sql

nano -w /etc/freeradius/sql.conf

sql {

       driver = "rlm_sql_mysql"
       server = "localhost"
       login = "radius"
       password = "mysqlsecret"
       radius_db = "radius"
       [...]
       # Set to 'yes' to read radius clients from the database ('nas' table)
       readclient = yes ###change manually

}

nano -w /etc/freeradius/radiusd.conf

note for freeradius2: for the line $INCLUDE... -> /etc/freeradius/radiusd.conf nano -w /etc/freeradius/sites-available/default

       $INCLUDE ${confdir}/sql.conf

authorize {

       preprocess
       chap
       suffix
       eap
       #files
       sql

} authenticate {

       Auth-Type PAP {
         pap
       }
       Auth-Type CHAP {
         chap
       }
       eap

} accounting {

       detail
       radutmp
       sql ###change manually

} session {

       sql ###change manually

}

Add users

echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('mysqltest', 'Password', 'testsecret');" | mysql -u radius -p radius Enter password:mysqlsecret

coovachilli uses the username 'chillispot' with the password 'chillispot' for logging into the radius by default. Add this user in the table radcheck too.

its defined in the default config file /etc/chilli/config

HS_ADMUSR=chillispot HS_ADMPWD=chillispot

echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u radius -p radius Enter password:mysqlsecret

Restart Radius

sudo /etc/init.d/freeradius restart

Test link

sudo radtest mysqltest testsecret 127.0.0.1 0 radiussecret sudo radtest chillispot chillispot 127.0.0.1 0 radiussecret

If all goes well you should receive an Access-Accept response like this:

Sending Access-Request of id 180 to 127.0.0.1 port 1812

       User-Name = "mysqltest"
       User-Password = "testsecret"
       NAS-IP-Address = 255.255.255.255
       NAS-Port = 0

rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=180, length=20


Referensi


Pranala Menarik