HowTo-Setup Coovachilli+Freeradius2+Easyhotspot-Web

Brian Home | My Opensource Projects | OER Content Contributions | UpComing Projects | My Faith | Contact Details | About Me

HowTo - Step-By-Step Install and Setup Coovachilli+Freeradius2+Easyhotspot-Web_Only [Updated]

Hardware Requirements:

1. PC with at least 2 NICs ( I used 3 NICs on mine)

i. eth0: Internet

ii. eth1: Hotspot LAN

iii. eth2: Admin (optional)

2. Access Point

Software Requirements:

1. ClearOS 5.2 Enterprise (http://www.clearfoundation.com/Software/downloads)

2. FreeRadius2

3. Coova-Chilli (http://www.clearcenter.com/media/dev/coova-chilli-1.2.5-1.i386.rpm)

4. Easyhotspot-web_only_0.2 (http://sourceforge.net/projects/easyhotspot/)

Install ClearOS

- Install ClearOS as a Gateway i.e. choose Gateway mode on system mode

- Select software modules

- Graphical Console

- DHCP and Local DNS Servers

- Mail Server

- Web Server

- Database Server / MySQL

- Optional modules (Web Proxy, Antimalware, Antispam, Bandwidth Manager, Intrusion Protection, Protocol filter)

- Follow on-screen instructions to complete installation and reboot the system. The system reboots into a GUI screen. Login using root and password you set during installation and Complete Installation wizard tasks

Firewall Settings

Go to Firewall by clicking the Firewall link at the end of the installation wizard. Add firewall rules to allow SSH and HTTP

IP Settings

Go to Network>IP Settings and make sure eth0 is configured for Internet Access and eth1 is set on something line Hot LAN or LAN and on DHCP. If you are using 3 NICs like I did, set eth2 with static/dhcp LAN IP address. Ensure the links are up.

Check Internet connectivity by open a second terminal (CTRL+F2). Login and trying pinging a web address. This verifies that Internet and DNS are working well. If successful, proceed to install FreeRadius2 otherwise check your connections.

Install/Setup FreeRadius2

(http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap)

For ClearOS 5.2, run your updates. For older versions, you must upgrade to 5.2 before you can use this module.

# yum update

Install the FreeRadius service by running the following from command line:

# yum --enablerepo=base-plus install app-freeradius

# service syswatch restart

In Webconfig, click on the RADIUS server link under Network » Settings » RADIUS Server

To start the service, click Start. To make the service start automatically on each reboot, click To Auto

You may assign a group to authenticate through your RADIUS server. Select a group and click Update.

To allow a remote device to use the RADIUS server, give the client remote device(s) a nickname without spaces. Insert an IP address or CIDR. Select a password to be used by these client devices (e.g. testing123 from HS_RADSECRET=testing123) and click Add.

NOTE: You can follow the complete HOWTO (http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap) if you want to use LDAP authentication.

Configure FreeRadius2 to use SQL

Install freeRadius2-mysql

# yum install freeradius2-mysql

Edit radius.conf file

To do this, edit /etc/raddb/radiusd.conf and pretty much ignore everything except around about line 640 in the modules section uncomment or make sure that you have,

$INCLUDE sql.conf

and then further down make sure you have,

$INCLUDE sql/mysql/counter.conf

Then further around line 710 in the instantiate section make sure you have,

chillispot_max_bytes

noresetcounter

which are our counters which we define in the next section. Then in /etc/raddb/sites-enabled/default, in the authorise section after it has the "Look in an SQL database..." it has an "sql" entry that may be commented out so uncomment it and add the new counters so that it is now,

sql

chillispot_max_bytes

noresetcounter

and then later in /etc/raddb/sites-enabled/default in the accounting section uncomment the sql about line 343,

sql

and then later in /etc/raddb/sites-enabled/default in the session section uncomment the sql about line 370,

sql

and then finally in /etc/raddb/sites-enabled/default in the post-auth section uncomment the sql about line 370,

sql

That should be it. Now update the counter.conf in the next section.

FreeRadius SQL counter.conf settings needed

To match the radcheck and radgroupchecks we use then you also need to add two matching counter.conf checks as follows. Edit the /etc/radddb/sql/mysql/counter.conf file (unless the counter is already defined in that), add the following at the end,

sqlcounter noresetcounter {

counter-name = Session-Timeout

check-name = Session-Timeout

reply-name = Session-Timeout

sqlmod-inst = sql

key = User-Name

reset = never

query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE serName='%{%k}'"

}

sqlcounter chillispot_max_bytes {

counter-name = ChilliSpot-Max-Total-Octets

check-name = ChilliSpot-Max-Total-Octets

reply-name = ChilliSpot-Max-Total-Octets

sqlmod-inst = sql

key = User-Name

reset = never

query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{%k}'"

}

IMPORTANT: Make sure you comment out all occurrences ldap and files in /etc/raddb/sites-enabled/default

Setup easyhotspot database to be used by FreeRadius

Go to Webconfig>Server>MySQL and set MySQL to Auto start On Boot and start the Service. You will be required to supply a password for MySQL (if you have not set one already)

On the terminal:

#mysql –u root –p

mysql> create database easyhotspot_opensource;

mysql>CREATE USER 'easyhotspot'@'localhost';

mysql>SET PASSWORD FOR 'easyhotspot'@'localhost' = PASSWORD('easyhotspot');

mysql>GRANT ALL ON easyhotspot_opensource.* to 'easyhotspot'@'localhost';

mysql> quit

Easyhotspot Database Setup

Download easyhotspot from here 2 http://sourceforge.net/projects/easyhotspot/

Recommended: [Download the modified and ‘tested as working’ sql DB script easyhotspot here]

NOTE: rename file to extension sql

# mysql –u root –p easyhotspot_opensource < easyhotspot_opensource_2011-08-22.sql

Setup Easyhotspot

Preparation

#yum install php php-mysql php-gd php-pear php-db

# wget http://pear.php.net/go-pear.phar

# php go-pear.phar

# pear install DB

Restart Apache1

#Service httpd restart

Copy the easyhotspot folder to /opt

Create a soft link in /var/www/html for easyhotspot/htdocs

# cd /var/www/html/

# ln –s /opt/easyhotspot/htdocs easyhotspot

Setup Raddb To Use Easyhotspot_Opensource Database

Edit /etc/raddb/sql.conf and set the following:-

# vi /etc/raddb/sql.conf

# Connection info:

server = "localhost"

#port = 3306

login = " easyhotspot "

password = " easyhotspot "

# Database table configuration for everything except Oracle

radius_db = " easyhotspot _opensource"

Install/Setup Captive Portal

(http://www.clearfoundation.com/docs/howtos/captive_portal)

Preparation

You will need the working RADIUS server to get this going. Be sure to do the 'Additional setup' items at the bottom so that PAP is working.

You will need to set up localhost as an authorized client of the RADIUS server.

Create a user called coovachilli with mail only and make a group called chilli.

Get the code.

wget http://www.clearcenter.com/media/dev/coova-chilli-1.2.5-1.i386.rpm

wget http://www.clearcenter.com/media/dev/haserl

cp haserl /usr/sbin/

chmod +x /usr/sbin/haserl

Install the code

rpm -Uvh coova-chilli-1.2.5-1.i386.rpm

Configure Coovachilli

/etc/chilli/defaults

Set the following values: HS_LANIF, change this value if it is wrong (ie. HS_LANIF=eth2).

HS_NETWORK, set this to the values of your network (ie. HS_NETWORK=192.168.1.0).

HS_NETMASK, change this value if it is wrong (ie. HS_NETMASK=255.255.255.128).

HS_UAMLISTEN, set this to the IP of your server (ie. HS_UAMLISTEN=192.168.1.1).

HS_DNS1 and HS_DNS1, set these to the IP address of your local DNS server, in this case your server (ie. HS_DNS1=192.168.1.1 and HS_DNS2=192.168.1.1).

HS_RADSECRET, set this to the secret password that you placed in the RADIUS configuration for the localhost entry in Webconfig (ie. HS_RADSECRET=mysecretpassword).

HS_RAD_PROTO=mschapv2, set this so the program knows to use the NT-Password infrastructure of LDAP described in the PAP section of the FreeRADIUS 2 Howto. This value does NOT exist and you must define it (set this to HS_RAD_PROTO=mschapv2).

HS_UAMDOMAINS, set all the domains that you want for your 'walled garden. These sites will work even if users don't authenticate via your captive portal:

HS_UAMDOMAINS=".clearcenter.com,.clearfoundation.com"

Start Coova Chilli

#service chilli start

Testing

Connect a client to network (or Wireless Network). This is where eth1 on your clearOS server is connected.

-The client should receive an IP address of say 10.1.0.x

If so, open a web browser on the client. You should get a redirection to the coova login page.