WiFi: HotSpot - CoovaChilli Instalasi Radius Server

From OnnoWiki
Revision as of 11:37, 7 April 2010 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

Instalasi Radius Server dan Database

sudo apt-get install freeradius freeradius-mysql

Buat database untuk menyimpan username dan password

mysql -u root -p
Enter password:
CREATE DATABASE radius;
quit  

Asumsi password root mysql adalah 123456. Lanjutkan dengan perintah

sudo su -
mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/schema.sql
mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/nas.sql

Asumsi password user radius untuk akses database radius adalah radius, maka perintahnya adalah

mysql -u root -p
Enter password:
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius';
GRANT ALL PRIVILEGES ON radius.* TO 'radius' IDENTIFIED BY 'radius';
FLUSH PRIVILEGES;
quit

Set supaya FreeRadius dapat mengakses database

vi /etc/freeradius/sql.conf
server = "localhost"
login  = "radius"
password = "radius"
radius_db = "radius"

Set FreeRadius server client password

vi /etc/freeradius/clients.conf
client 127.0.0.1 {
    secret = tesing123
}

Test Setup

Username & password user Radius dapat dilihat di /etc/freeradius/users. Kita perlu mentest apakah setup FreeRadius berjalan dengan baik sebelum kita mengubah link dari "file" ke "sql".

Tambahkan username & password ke "file". masukan "John Doe"

vi /etc/freeradius/users

uncomment

"John Doe"      Cleartext-Password := "hello"
                Reply-Message = "Hello, %{User-Name}"

atau

"John Doe"     Auth-Type := Local, User-Password == "hello"
               Reply-Message = "Hello, %u"

Sampai titik ini sebaiknya anda me-reboot Server Ubuntu

sudo reboot

Check file konfigurasi melalui

sudo /etc/init.d/freeradius stop
sudo freeradius -XXX

Jika semua berjalan dengan baik maka akan tampil

Wed Apr  7 11:33:51 2010 : Debug: Ready to process requests.

Tekan tombol Ctrl+C untuk exit. Restart FreeRadius

sudo /etc/init.d/freeradius start

Test password authorization to "file"

sudo radtest "John Doe" hello 127.0.0.1 0 testing123

Jika semua berjalan dengan baik kita akan memperoleh jawaban

Sending Access-Request of id 182 to 127.0.0.1 port 1812 
	User-Name = "John Doe" 
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=182, length=37
	Reply-Message = "Hello, John Doe"


Ubah Authorisasi ke SQL

If the above tests worked we can now change authorization from "file" to "sql" nano -w /etc/freeradius/radiusd.conf Change:

files


to


  1. files
  1. sql


to


sql

note for freeradius2: nano -w /etc/freeradius/sites-available/default

Note: You can only use one authorisation method at a time, not both. Therefore "files" section needs to be commented out otherwise free radius will still try to authorize with /etc/freeradius/users "file" instead of "sql" SQL Logging

If you want to use software packages like ezRADIUS or Dialup Admin you need to enable logging to sql

nano -w /etc/freeradius/sql.conf

sql {

       driver = "rlm_sql_mysql"
       server = "localhost"
       login = "radius"
       password = "mysqlsecret"
       radius_db = "radius"
       [...]
       # Set to 'yes' to read radius clients from the database ('nas' table)
       readclient = yes ###change manually

}

nano -w /etc/freeradius/radiusd.conf

note for freeradius2: for the line $INCLUDE... -> /etc/freeradius/radiusd.conf nano -w /etc/freeradius/sites-available/default

       $INCLUDE ${confdir}/sql.conf

authorize {

       preprocess
       chap
       suffix
       eap
       #files
       sql

} authenticate {

       Auth-Type PAP {
         pap
       }
       Auth-Type CHAP {
         chap
       }
       eap

} accounting {

       detail
       radutmp
       sql ###change manually

} session {

       sql ###change manually

}

Add users

echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('mysqltest', 'Password', 'testsecret');" | mysql -u radius -p radius Enter password:mysqlsecret

coovachilli uses the username 'chillispot' with the password 'chillispot' for logging into the radius by default. Add this user in the table radcheck too.

its defined in the default config file /etc/chilli/config

HS_ADMUSR=chillispot HS_ADMPWD=chillispot

echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u radius -p radius Enter password:mysqlsecret

Restart Radius

sudo /etc/init.d/freeradius restart

Test link

sudo radtest mysqltest testsecret 127.0.0.1 0 radiussecret sudo radtest chillispot chillispot 127.0.0.1 0 radiussecret

If all goes well you should receive an Access-Accept response like this:

Sending Access-Request of id 180 to 127.0.0.1 port 1812

       User-Name = "mysqltest"
       User-Password = "testsecret"
       NAS-IP-Address = 255.255.255.255
       NAS-Port = 0

rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=180, length=20


Referensi


Pranala Menarik