Difference between revisions of "WiFi: HotSpot - CoovaChilli Instalasi Radius Server"

From OnnoWiki
Jump to navigation Jump to search
Line 44: Line 44:
 
==Test Setup==
 
==Test Setup==
  
Testing default file setup
+
Username & password user Radius dapat dilihat di /etc/freeradius/users. Kita perlu mentest apakah setup FreeRadius berjalan dengan baik sebelum kita mengubah link dari "file" ke "sql".
  
The default FreeRadius setup authorize's usernames and passwords from a "file" found in /etc/freeradius/users. We should test the default FreeRadius setup before we change the authorization link from "file" to "sql" (mysql).
+
Tambahkan username & password ke "file". masukan "John Doe"
  
Add username an password to our user "file". edit "John Doe"
+
vi /etc/freeradius/users
  
nano -w /etc/freeradius/users
+
uncomment
  
uncomment
+
"John Doe"      Cleartext-Password := "hello"
 +
                Reply-Message = "Hello, %{User-Name}"
  
"John Doe"    Auth-Type := Local, User-Password == "hello"
+
atau
              Reply-Message = "Hello, %u"
 
  
At this point you need to reboot your ubuntu box
+
"John Doe"    Auth-Type := Local, User-Password == "hello"
 +
                Reply-Message = "Hello, %u"
  
reboot
+
Sampai titik ini sebaiknya anda me-reboot [[Server]] [[Ubuntu]]
  
Check FreeRadius config files.
+
sudo reboot
  
sudo /etc/init.d/freeradius stop
+
Check file konfigurasi melalui
sudo freeradius -XXX
 
  
If all goes well the last line should display
+
sudo /etc/init.d/freeradius stop
 +
sudo freeradius -XXX
  
Mon Jun 29 15:24:34 2009 : Debug: Ready to process requests.
+
Jika semua berjalan dengan baik maka akan tampil
  
Ctrl+C to exit.
+
Wed Apr  7 11:33:51 2010 : Debug: Ready to process requests.
  
Start FreeRadius again
+
Tekan tombol Ctrl+C untuk exit. Restart FreeRadius
  
sudo /etc/init.d/freeradius start
+
sudo /etc/init.d/freeradius start
  
 
Test password authorization to "file"
 
Test password authorization to "file"
  
  sudo radtest "John Doe" hello 127.0.0.1 0 radiussecret
+
  sudo radtest "John Doe" hello 127.0.0.1 0 testing123
 +
 
 +
Jika semua berjalan dengan baik kita akan memperoleh jawaban
  
If all goes well you should get a reply
+
Sending Access-Request of id 182 to 127.0.0.1 port 1812
 +
User-Name = "John Doe"
 +
User-Password = "hello"
 +
NAS-IP-Address = 127.0.1.1
 +
NAS-Port = 0
 +
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=182, length=37
 +
Reply-Message = "Hello, John Doe"
  
Sending Access-Request of id 136 to 127.0.0.1 port 1812
 
        User-Name = "John Doe"
 
        User-Password = "hello"
 
        NAS-IP-Address = 255.255.255.255
 
        NAS-Port = 0
 
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=136, length=37
 
        Reply-Message = "Hello, John Doe"
 
  
change authorization to sql
+
==Ubah Authorisasi ke SQL==
  
 
If the above tests worked we can now change authorization from "file" to "sql" nano -w /etc/freeradius/radiusd.conf Change:
 
If the above tests worked we can now change authorization from "file" to "sql" nano -w /etc/freeradius/radiusd.conf Change:

Revision as of 11:37, 7 April 2010

Instalasi Radius Server dan Database 

sudo apt-get install freeradius freeradius-mysql

Buat database untuk menyimpan username dan password 

mysql -u root -p
Enter password:
CREATE DATABASE radius;
quit

Asumsi password root mysql adalah 123456. Lanjutkan dengan perintah 

sudo su -
mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/schema.sql
mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/nas.sql

Asumsi password user radius untuk akses database radius adalah radius, maka perintahnya adalah 

mysql -u root -p
Enter password:
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius';
GRANT ALL PRIVILEGES ON radius.* TO 'radius' IDENTIFIED BY 'radius';
FLUSH PRIVILEGES;
quit

Set supaya FreeRadius dapat mengakses database 

vi /etc/freeradius/sql.conf

server = "localhost"
login  = "radius"
password = "radius"
radius_db = "radius"

Set FreeRadius server client password 

vi /etc/freeradius/clients.conf

client 127.0.0.1 {
    secret = tesing123
}

Test Setup

Username & password user Radius dapat dilihat di /etc/freeradius/users. Kita perlu mentest apakah setup FreeRadius berjalan dengan baik sebelum kita mengubah link dari "file" ke "sql".

Tambahkan username & password ke "file". masukan "John Doe" 

vi /etc/freeradius/users

uncomment 

"John Doe"      Cleartext-Password := "hello"
                Reply-Message = "Hello, %{User-Name}"

atau 

"John Doe"     Auth-Type := Local, User-Password == "hello"
               Reply-Message = "Hello, %u"

Sampai titik ini sebaiknya anda me-reboot Server Ubuntu 

sudo reboot

Check file konfigurasi melalui 

sudo /etc/init.d/freeradius stop
sudo freeradius -XXX

Jika semua berjalan dengan baik maka akan tampil 

Wed Apr  7 11:33:51 2010 : Debug: Ready to process requests.

Tekan tombol Ctrl+C untuk exit. Restart FreeRadius 

sudo /etc/init.d/freeradius start

Test password authorization to "file" 

sudo radtest "John Doe" hello 127.0.0.1 0 testing123

Jika semua berjalan dengan baik kita akan memperoleh jawaban 

Sending Access-Request of id 182 to 127.0.0.1 port 1812 
	User-Name = "John Doe" 
	User-Password = "hello"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=182, length=37
	Reply-Message = "Hello, John Doe"


Ubah Authorisasi ke SQL

If the above tests worked we can now change authorization from "file" to "sql" nano -w /etc/freeradius/radiusd.conf Change:

files


to


  1. files
  1. sql


to


sql

note for freeradius2: nano -w /etc/freeradius/sites-available/default

Note: You can only use one authorisation method at a time, not both. Therefore "files" section needs to be commented out otherwise free radius will still try to authorize with /etc/freeradius/users "file" instead of "sql" SQL Logging

If you want to use software packages like ezRADIUS or Dialup Admin you need to enable logging to sql

nano -w /etc/freeradius/sql.conf

sql { 

       driver = "rlm_sql_mysql"
       server = "localhost"
       login = "radius"
       password = "mysqlsecret"
       radius_db = "radius"
       [...]
       # Set to 'yes' to read radius clients from the database ('nas' table)
       readclient = yes ###change manually

}

nano -w /etc/freeradius/radiusd.conf

note for freeradius2: for the line $INCLUDE... -> /etc/freeradius/radiusd.conf nano -w /etc/freeradius/sites-available/default 

       $INCLUDE ${confdir}/sql.conf

authorize { 

       preprocess
       chap
       suffix
       eap
       #files
       sql

} authenticate { 

       Auth-Type PAP {
         pap
       }
       Auth-Type CHAP {
         chap
       }
       eap

} accounting { 

       detail
       radutmp
       sql ###change manually

} session { 

       sql ###change manually

}

Add users

echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('mysqltest', 'Password', 'testsecret');" | mysql -u radius -p radius Enter password:mysqlsecret

coovachilli uses the username 'chillispot' with the password 'chillispot' for logging into the radius by default. Add this user in the table radcheck too.

its defined in the default config file /etc/chilli/config

HS_ADMUSR=chillispot HS_ADMPWD=chillispot

echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u radius -p radius Enter password:mysqlsecret

Restart Radius

sudo /etc/init.d/freeradius restart

Test link

sudo radtest mysqltest testsecret 127.0.0.1 0 radiussecret sudo radtest chillispot chillispot 127.0.0.1 0 radiussecret

If all goes well you should receive an Access-Accept response like this:

Sending Access-Request of id 180 to 127.0.0.1 port 1812 

       User-Name = "mysqltest"
       User-Password = "testsecret"
       NAS-IP-Address = 255.255.255.255
       NAS-Port = 0

rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=180, length=20


Referensi


Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=WiFi:_HotSpot_-_CoovaChilli_Instalasi_Radius_Server&oldid=17930"