WiFi: HotSpot - CoovaChilli Instalasi Radius Server
Instalasi Radius Server dan Database
sudo apt-get install freeradius freeradius-mysql
Buat database untuk menyimpan username dan password
mysql -u root -p Enter password: CREATE DATABASE radius; quit
Asumsi password root mysql adalah 123456. Lanjutkan dengan perintah
sudo su - mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/schema.sql mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/nas.sql
Asumsi password user radius untuk akses database radius adalah radius, maka perintahnya adalah
mysql -u root -p Enter password: GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius'; GRANT ALL PRIVILEGES ON radius.* TO 'radius' IDENTIFIED BY 'radius'; FLUSH PRIVILEGES; quit
Set supaya FreeRadius dapat mengakses database
vi /etc/freeradius/sql.conf
server = "localhost" login = "radius" password = "radius" radius_db = "radius"
Set FreeRadius server client password
vi /etc/freeradius/clients.conf
client 127.0.0.1 { secret = tesing123 }
Test Setup
Testing default file setup
The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users. We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).
Add username an password to our user "file". edit "John Doe"
nano -w /etc/freeradius/users
uncomment
"John Doe" Auth-Type := Local, User-Password == "hello"
Reply-Message = "Hello, %u"
At this point you need to reboot your ubuntu box
reboot
Check FreeRadius config files.
sudo /etc/init.d/freeradius stop sudo freeradius -XXX
If all goes well the last line should display
Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.
Ctrl+C to exit.
Start FreeRadius again
sudo /etc/init.d/freeradius start
Test password authorization to "file"
sudo radtest "John Doe" hello 127.0.0.1 0 radiussecret
If all goes well you should get a reply
Sending Access-Request of id 136 to 127.0.0.1 port 1812 User-Name = "John Doe" User-Password = "hello" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37 Reply-Message = "Hello, John Doe"
change authorization to sql
If the above tests worked we can now change authorization from "file" to "sql" nano -w /etc/freeradius/radiusd.conf Change:
files
to
- files
- sql
to
sql
note for freeradius2: nano -w /etc/freeradius/sites-available/default
Note: You can only use one authorisation method at a time, not both. Therefore "files" section needs to be commented out otherwise free radius will still try to authorize with /etc/freeradius/users "file" instead of "sql" SQL Logging
If you want to use software packages like ezRADIUS or Dialup Admin you need to enable logging to sql
nano -w /etc/freeradius/sql.conf
sql {
driver = "rlm_sql_mysql" server = "localhost" login = "radius" password = "mysqlsecret" radius_db = "radius" [...] # Set to 'yes' to read radius clients from the database ('nas' table) readclient = yes ###change manually
}
nano -w /etc/freeradius/radiusd.conf
note for freeradius2: for the line $INCLUDE... -> /etc/freeradius/radiusd.conf nano -w /etc/freeradius/sites-available/default
$INCLUDE ${confdir}/sql.conf
authorize {
preprocess chap suffix eap #files sql
} authenticate {
Auth-Type PAP { pap } Auth-Type CHAP { chap } eap
} accounting {
detail radutmp sql ###change manually
} session {
sql ###change manually
}
Add users
echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('mysqltest', 'Password', 'testsecret');" | mysql -u radius -p radius Enter password:mysqlsecret
coovachilli uses the username 'chillispot' with the password 'chillispot' for logging into the radius by default. Add this user in the table radcheck too.
its defined in the default config file /etc/chilli/config
HS_ADMUSR=chillispot HS_ADMPWD=chillispot
echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u radius -p radius Enter password:mysqlsecret
Restart Radius
sudo /etc/init.d/freeradius restart
Test link
sudo radtest mysqltest testsecret 127.0.0.1 0 radiussecret sudo radtest chillispot chillispot 127.0.0.1 0 radiussecret
If all goes well you should receive an Access-Accept response like this:
Sending Access-Request of id 180 to 127.0.0.1 port 1812
User-Name = "mysqltest" User-Password = "testsecret" NAS-IP-Address = 255.255.255.255 NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=180, length=20
Referensi
- http://www.untruth.org/~josh/security/radius/radius-auth.html - Analisa Authentikasi RADIUS
Pranala Menarik
- WiFi: HotSpot - CoovaChilli Pendahuluan
- WiFi: HotSpot - CoovaChilli Kebutuhan Hardware dan Software
- WiFi: HotSpot - CoovaChilli Instalasi Radius Server
- WiFi: HotSpot - Instalasi CoovaChilli
- WiFi: HotSpot - CoovaChilli Instalasi Firewall
- WiFi: HotSpot - CoovaChilli Instalasi Apache dan SSL
- WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan
- WiFi: HotSpot