Difference between revisions of "WiFi: HotSpot - CoovaChilli Instalasi Radius Server"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 98: | Line 98: | ||
vi /etc/freeradius/radiusd.conf | vi /etc/freeradius/radiusd.conf | ||
| − | + | $INCLUDE ${confdir}/sql.conf | |
| − | + | Edit | |
| − | + | vi /etc/freeradius/sites-available/default | |
| − | # files | + | authorize { |
| − | # sql | + | preprocess |
| − | + | chap | |
| − | + | suffix | |
| + | eap | ||
| + | #files | ||
| + | sql | ||
| + | } | ||
| + | authenticate { | ||
| + | Auth-Type PAP { | ||
| + | pap | ||
| + | } | ||
| + | Auth-Type CHAP { | ||
| + | chap | ||
| + | } | ||
| + | eap | ||
| + | } | ||
| + | accounting { | ||
| + | detail | ||
| + | radutmp | ||
| + | sql ### tambahkan manual | ||
| + | } | ||
| + | session { | ||
| + | sql ### tambahkan manual | ||
| + | } | ||
| − | + | ==Menambahkan User= | |
| − | + | Perintah untuk menambahkan user ke [[database]] | |
| − | |||
| − | + | echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('mysqltest', 'Password', 'testsecret');" | mysql -u radius -p radius | |
| − | + | Enter password:mysqlsecret | |
| − | + | Default CoovaChilli menggunakan username 'chillispot' dan password 'chillispot' untuk login ke Radius. Hal ini di definisikan di file konfigurasi /etc/chilli/config | |
| − | + | HS_ADMUSR=chillispot | |
| + | HS_ADMPWD=chillispot | ||
| − | + | Tambahkan user tersebut di tabel radcheck melalui perintah | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u radius -p radius | |
| − | + | Enter password:mysqlsecret | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u radius -p radius | ||
| − | Enter password:mysqlsecret | ||
Restart Radius | Restart Radius | ||
| − | sudo /etc/init.d/freeradius restart | + | sudo /etc/init.d/freeradius restart |
| − | + | test sambungan ke Radius asumsinya password Radius Server "testing123" | |
| − | sudo radtest mysqltest testsecret 127.0.0.1 0 | + | sudo radtest mysqltest testsecret 127.0.0.1 0 testing123 |
| − | sudo radtest chillispot chillispot 127.0.0.1 0 | + | sudo radtest chillispot chillispot 127.0.0.1 0 testing123 |
If all goes well you should receive an Access-Accept response like this: | If all goes well you should receive an Access-Accept response like this: | ||
| − | Sending Access-Request of id 180 to 127.0.0.1 port 1812 | + | Sending Access-Request of id 180 to 127.0.0.1 port 1812 |
| − | + | User-Name = "mysqltest" | |
| − | + | User-Password = "testsecret" | |
| − | + | NAS-IP-Address = 255.255.255.255 | |
| − | + | NAS-Port = 0 | |
| − | rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=180, length=20 | + | rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=180, length=20 |
| − | |||
| − | |||
==Referensi== | ==Referensi== | ||
* http://www.untruth.org/~josh/security/radius/radius-auth.html - Analisa Authentikasi RADIUS | * http://www.untruth.org/~josh/security/radius/radius-auth.html - Analisa Authentikasi RADIUS | ||
| − | |||
==Pranala Menarik== | ==Pranala Menarik== | ||
Revision as of 13:10, 7 April 2010
Instalasi Radius Server dan Database
sudo apt-get install freeradius freeradius-mysql
Buat database untuk menyimpan username dan password
mysql -u root -p Enter password: CREATE DATABASE radius; quit
Asumsi password root mysql adalah 123456. Lanjutkan dengan perintah
sudo su - mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/schema.sql mysql -u root -p123456 radius < /etc/freeradius/sql/mysql/nas.sql
Asumsi password user radius untuk akses database radius adalah radius, maka perintahnya adalah
mysql -u root -p Enter password: GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius'; GRANT ALL PRIVILEGES ON radius.* TO 'radius' IDENTIFIED BY 'radius'; FLUSH PRIVILEGES; quit
Set supaya FreeRadius dapat mengakses database
vi /etc/freeradius/sql.conf
server = "localhost" login = "radius" password = "radius" radius_db = "radius"
Set FreeRadius server client password
vi /etc/freeradius/clients.conf
client 127.0.0.1 {
secret = tesing123
}
Test Setup
Username & password user Radius dapat dilihat di /etc/freeradius/users. Kita perlu mentest apakah setup FreeRadius berjalan dengan baik sebelum kita mengubah link dari "file" ke "sql".
Tambahkan username & password ke "file". masukan "John Doe"
vi /etc/freeradius/users
uncomment
"John Doe" Cleartext-Password := "hello"
Reply-Message = "Hello, %{User-Name}"
atau
"John Doe" Auth-Type := Local, User-Password == "hello"
Reply-Message = "Hello, %u"
Sampai titik ini sebaiknya anda me-reboot Server Ubuntu
sudo reboot
Check file konfigurasi melalui
sudo /etc/init.d/freeradius stop sudo freeradius -XXX
Jika semua berjalan dengan baik maka akan tampil
Wed Apr 7 11:33:51 2010 : Debug: Ready to process requests.
Tekan tombol Ctrl+C untuk exit. Restart FreeRadius
sudo /etc/init.d/freeradius start
Test password authorization to "file"
sudo radtest "John Doe" hello 127.0.0.1 0 testing123
Jika semua berjalan dengan baik kita akan memperoleh jawaban
Sending Access-Request of id 182 to 127.0.0.1 port 1812 User-Name = "John Doe" User-Password = "hello" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=182, length=37 Reply-Message = "Hello, John Doe"
Ubah Authorisasi ke SQL
Jika percobaan di atas berhasil dengan baik kita dapat mulai mengubah konfigurasi authorisasi dari "file" ke "sql". Edit file
vi /etc/freeradius/radiusd.conf
$INCLUDE ${confdir}/sql.conf
Edit
vi /etc/freeradius/sites-available/default
authorize {
preprocess
chap
suffix
eap
#files
sql
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
eap
}
accounting {
detail
radutmp
sql ### tambahkan manual
}
session {
sql ### tambahkan manual
}
=Menambahkan User
Perintah untuk menambahkan user ke database
echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('mysqltest', 'Password', 'testsecret');" | mysql -u radius -p radius
Enter password:mysqlsecret
Default CoovaChilli menggunakan username 'chillispot' dan password 'chillispot' untuk login ke Radius. Hal ini di definisikan di file konfigurasi /etc/chilli/config
HS_ADMUSR=chillispot HS_ADMPWD=chillispot
Tambahkan user tersebut di tabel radcheck melalui perintah
echo "INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('chillispot', 'Password', 'chillispot');" | mysql -u radius -p radius
Enter password:mysqlsecret
Restart Radius
sudo /etc/init.d/freeradius restart
test sambungan ke Radius asumsinya password Radius Server "testing123"
sudo radtest mysqltest testsecret 127.0.0.1 0 testing123 sudo radtest chillispot chillispot 127.0.0.1 0 testing123
If all goes well you should receive an Access-Accept response like this:
Sending Access-Request of id 180 to 127.0.0.1 port 1812
User-Name = "mysqltest"
User-Password = "testsecret"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=180, length=20
Referensi
- http://www.untruth.org/~josh/security/radius/radius-auth.html - Analisa Authentikasi RADIUS
Pranala Menarik
- WiFi: HotSpot - CoovaChilli Pendahuluan
- WiFi: HotSpot - CoovaChilli Kebutuhan Hardware dan Software
- WiFi: HotSpot - CoovaChilli Instalasi Radius Server
- WiFi: HotSpot - Instalasi CoovaChilli
- WiFi: HotSpot - CoovaChilli Instalasi Firewall
- WiFi: HotSpot - CoovaChilli Instalasi Apache dan SSL
- WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan
- WiFi: HotSpot