Difference between revisions of "WiFi: HotSpot - CoovaChilli Instalasi Radius Server"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | + | Instalasi Radius Server dan Database | |
| − | sudo apt-get install freeradius freeradius-mysql | + | sudo apt-get install freeradius freeradius-mysql |
| − | + | Buat [[database]] untuk menyimpan username dan password | |
| − | mysql -u root -p | + | mysql -u root -p |
| − | Enter password: | + | Enter password: |
| − | + | CREATE DATABASE radius; | |
| − | + | quit | |
| − | + | Asumsi password root mysql adalah 123456. Lanjutkan dengan perintah | |
| − | + | sudo su - | |
| − | + | mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/schema.sql | |
| + | mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/nas.sql | ||
| − | + | Asumsi password user radius untuk akses [[database]] radius adalah radius, maka perintahnya adalah | |
| − | |||
| − | |||
| − | mysql -u root -p | + | mysql -u root -p |
| − | Enter password: | + | Enter password: |
| − | + | GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius'; | |
| − | + | GRANT ALL PRIVILEGES ON radius.* TO 'radius' IDENTIFIED BY 'radius'; | |
| − | + | FLUSH PRIVILEGES; | |
| + | quit | ||
| − | + | Set supaya FreeRadius dapat mengakses [[database]] | |
| − | + | vi /etc/freeradius/sql.conf | |
| − | server = "localhost" | + | server = "localhost" |
| − | login = "radius" | + | login = "radius" |
| − | password = " | + | password = "radius" |
| + | radius_db = "radius" | ||
Set FreeRadius server client password | Set FreeRadius server client password | ||
| − | + | vi /etc/freeradius/clients.conf | |
| − | client 127.0.0.1 { | + | client 127.0.0.1 { |
| − | + | secret = tesing123 | |
| − | } | + | } |
| + | |||
| + | ==Test Setup== | ||
Testing default file setup | Testing default file setup | ||
| Line 75: | Line 78: | ||
Test password authorization to "file" | Test password authorization to "file" | ||
| − | sudo radtest "John Doe" hello 127.0.0.1 0 radiussecret | + | sudo radtest "John Doe" hello 127.0.0.1 0 radiussecret |
If all goes well you should get a reply | If all goes well you should get a reply | ||
| − | Sending Access-Request of id 136 to 127.0.0.1 port 1812 | + | Sending Access-Request of id 136 to 127.0.0.1 port 1812 |
| − | + | User-Name = "John Doe" | |
| − | + | User-Password = "hello" | |
| − | + | NAS-IP-Address = 255.255.255.255 | |
| − | + | NAS-Port = 0 | |
| − | rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37 | + | rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37 |
| − | + | Reply-Message = "Hello, John Doe" | |
change authorization to sql | change authorization to sql | ||
Revision as of 11:21, 7 April 2010
Instalasi Radius Server dan Database
sudo apt-get install freeradius freeradius-mysql
Buat database untuk menyimpan username dan password
mysql -u root -p Enter password: CREATE DATABASE radius; quit
Asumsi password root mysql adalah 123456. Lanjutkan dengan perintah
sudo su - mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/schema.sql mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/nas.sql
Asumsi password user radius untuk akses database radius adalah radius, maka perintahnya adalah
mysql -u root -p Enter password: GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius'; GRANT ALL PRIVILEGES ON radius.* TO 'radius' IDENTIFIED BY 'radius'; FLUSH PRIVILEGES; quit
Set supaya FreeRadius dapat mengakses database
vi /etc/freeradius/sql.conf
server = "localhost" login = "radius" password = "radius" radius_db = "radius"
Set FreeRadius server client password
vi /etc/freeradius/clients.conf
client 127.0.0.1 {
secret = tesing123
}
Test Setup
Testing default file setup
The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users. We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).
Add username an password to our user "file". edit "John Doe"
nano -w /etc/freeradius/users
uncomment
"John Doe" Auth-Type := Local, User-Password == "hello"
Reply-Message = "Hello, %u"
At this point you need to reboot your ubuntu box
reboot
Check FreeRadius config files.
sudo /etc/init.d/freeradius stop sudo freeradius -XXX
If all goes well the last line should display
Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.
Ctrl+C to exit.
Start FreeRadius again
sudo /etc/init.d/freeradius start
Test password authorization to "file"
sudo radtest "John Doe" hello 127.0.0.1 0 radiussecret
If all goes well you should get a reply
Sending Access-Request of id 136 to 127.0.0.1 port 1812
User-Name = "John Doe"
User-Password = "hello"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
Reply-Message = "Hello, John Doe"
change authorization to sql
If the above tests worked we can now change authorization from "file" to "sql" nano -w /etc/freeradius/radiusd.conf Change:
files
to
- files
- sql
to
sql
note for freeradius2: nano -w /etc/freeradius/sites-available/default
Note: You can only use one authorisation method at a time, not both. Therefore "files" section needs to be commented out otherwise free radius will still try to authorize with /etc/freeradius/users "file" instead of "sql" SQL Logging
If you want to use software packages like ezRADIUS or Dialup Admin you need to enable logging to sql
nano -w /etc/freeradius/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
login = "radius"
password = "mysqlsecret"
radius_db = "radius"
[...]
# Set to 'yes' to read radius clients from the database ('nas' table)
readclient = yes ###change manually
}
nano -w /etc/freeradius/radiusd.conf
note for freeradius2: for the line $INCLUDE... -> /etc/freeradius/radiusd.conf nano -w /etc/freeradius/sites-available/default
$INCLUDE ${confdir}/sql.conf
authorize {
preprocess
chap
suffix
eap
#files
sql
} authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
eap
} accounting {
detail
radutmp
sql ###change manually
} session {
sql ###change manually
}
Add users
echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('mysqltest', 'Password', 'testsecret');" | mysql -u radius -p radius Enter password:mysqlsecret
coovachilli uses the username 'chillispot' with the password 'chillispot' for logging into the radius by default. Add this user in the table radcheck too.
its defined in the default config file /etc/chilli/config
HS_ADMUSR=chillispot HS_ADMPWD=chillispot
echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u radius -p radius Enter password:mysqlsecret
Restart Radius
sudo /etc/init.d/freeradius restart
Test link
sudo radtest mysqltest testsecret 127.0.0.1 0 radiussecret sudo radtest chillispot chillispot 127.0.0.1 0 radiussecret
If all goes well you should receive an Access-Accept response like this:
Sending Access-Request of id 180 to 127.0.0.1 port 1812
User-Name = "mysqltest"
User-Password = "testsecret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=180, length=20
Referensi
- http://www.untruth.org/~josh/security/radius/radius-auth.html - Analisa Authentikasi RADIUS
Pranala Menarik
- WiFi: HotSpot - CoovaChilli Pendahuluan
- WiFi: HotSpot - CoovaChilli Kebutuhan Hardware dan Software
- WiFi: HotSpot - CoovaChilli Instalasi Radius Server
- WiFi: HotSpot - Instalasi CoovaChilli
- WiFi: HotSpot - CoovaChilli Instalasi Firewall
- WiFi: HotSpot - CoovaChilli Instalasi Apache dan SSL
- WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan
- WiFi: HotSpot