kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/net-mgmt/chillispot/files/installguide.txt.in
Philip M. Gollucci 779a6d7a10 - use SUB_FILES for installguide.txt too 
PR:             ports/142241
Submitted by:   maintainer
2010-01-04 01:58:40 +00:00

453 lines
18 KiB
Text
Raw Blame History

Installing Chillispot on FreeBSD
By Sevan Janiyan
www.geeklan.co.uk
venture37@geeklan.co.uk
This guide will cover how to get a basic Chillispot installation going with Apache 1.3 + mod_ssl, mySQL 4.1, freeRADIUS & OpenBSD's Packet Filter PF
1) Update your ports tree!!!!
Instructions on how to do so are included in the HandBook under the Using CVSup section:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
2) Once the update is complete goto {PORTSDIR}/net-mgmt/chillispot & run make install, you'll be presented with a menu, select:
MATURE Stable Releases of Apache with mod_ssl & mySQL
&
FREE freeRADIUS
& choose Ok
During the build process you'll be asked what flavour of freeRADIUS you'd like to build,
choose MYSQL With MySQL user database
3) When the build & install process is complete go back to the apache directory,
regenerate & install some new certs & optionally remove the preinstalled snakeoil test ones.
goto {PORTSDIR}/www/apache13-modssl
& run make certificate TYPE=custom
Answer the questions in each step & when you're finished you'll be given a summary of files & their functions
Now copy those files from the summary by going to work/apache_1.X.XX/conf & copy the certs to your apache config directory
(replace X.XX with the relevant version number)
cp work/apache_1.X.XX/conf/ssl.key/ca.key %%PREFIX%%/etc/apache/ssl.key/
cp work/apache_1.XXX/conf/ssl.key/server.key %%PREFIX%%/etc/apache/ssl.key/
cp work/apache_1.XXX/conf/ssl.crt/ca.crt %%PREFIX%%/etc/apache/ssl.crt/
cp work/apache_1.XXX/conf/ssl.crt/server.crt %%PREFIX%%/etc/apache/ssl.crt/
chmod 400 %%PREFIX%%/etc/apache/ssl.key/ca.key
chmod 400 %%PREFIX%%/etc/apache/ssl.crt/ca.crt
Optional:
rm %%PREFIX%%/etc/apache/ssl.key/snakeoil-*
rm %%PREFIX%%/etc/apache/ssl.crt/snakeoil-*
then goto %%PREFIX%%/etc/apache/ssl.crt/ & delete the bunch of alphanumeric filenamed symbolic links
4) Put Chillispots files into place:
copy hotspotlogin.cgi from %%PREFIX%%/share/chillispot/ to %%PREFIX%%/www/cgi/
& make it executable:
chmod 555 %%PREFIX%%/www/cgi-bin/hotspotlogin.cgi
put chillispot.conf file into place
cp %%PREFIX%%/share/chillispot/chilli.conf.sample %%PREFIX%%/etc/chilli.conf
freeRADIUS related files
cp %%PREFIX%%/share/chillispot/dictionary.chillispot %%PREFIX%%/etc/raddb/
cp %%PREFIX%%/share/chillispot/freeradius.users %%PREFIX%%/etc/raddb/
PF Config file
cp %%PREFIX%%/share/chillispot/pf.conf.sample /etc/pf.conf
5) Setup MySQL
run ./mysql_install_db
& follow the onscreen instructions provided to set a new root password
6) Create a Database for freeRADIUS
at the mysql prompt issue the following:
create database mydbname;
grant all privileges on mydbname.* to 'dbusername'@'localhost' identified by 'mypass';
flush privileges;
quit;
7) Import the freeRADIUS MySQL DB Schema
by running the following:
mysql -u dbusrname -p mydbname < %%PREFIX%%/share/doc/freeradius/examples/mysql.sql
8) Configure freeRADIUS
goto %%PREFIX%%/etc/raddb
trim .sample from the end of the filenames off the following files:
acct_users
certs
clients.conf
dictionary , then edit if & add $INCLUDE dictionary.chillispot
eap.conf
hints
huntgroups
preproxy_users
proxy.conf
radiusd.conf
snmp.conf
sql.conf
users
9) Before going ahead & configuring freeRADIUS to use MySQL
setup a basic account using the existing flatfiles to make sure everything is working so far
edit %%PREFIX%%/etc/raddb/clients.conf
& change the secret entry e.g:
secret = s3cr3t
then add the sample chillispot user by copying the contents of freeradius.users to users
then run adduser to create a user which radiusd will run under
#adduser
Username: radiusd
Full name: freeRADIUS
Uid (Leave empty for default):
Login group [radiusd]:
Login group is radiusd. Invite radiusd into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]: nologin
Home directory [/home/radiusd]: /nonexistent
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]: y
Lock out the account after creation? [no]: y
Username : radiusd
Password : <random>
Full Name : freeRADIUS
Uid : 1002
Class :
Groups : radiusd
Home : /nonexistent
Shell : /usr/sbin/nologin
Locked : yes
OK? (yes/no): y
adduser: INFO: Successfully added (radiusd) to the user database.
adduser: INFO: Password for (radiusd) is: blablabla123
adduser: INFO: Account (radiusd) is locked.
now edit %%PREFIX%%/etc/raddb/radiusd.conf
uncomment & change the user & group entries from
#user = nobody to user = radiusd
#group = nobody to group = radiusd
& change
proxy_requests = yes to no
now create the log files freeRADIUS will use in /var/log
mkdir /var/log/radacct
touch /var/log/radius.log
touch /var/log/radutmp
touch /var/log/radwtmp
assign them right permissions
chmod 700 /var/log/radacct
chmod 644 /var/log/radius.log
chmod 600 /var/log/radutmp
chmod 644 /var/log/radwtmp
then change their ownership
chown radiusd:radiusd /var/log/radacct
chown radiusd:radiusd /var/log/radius.log
chown radiusd:radiusd /var/log/radutmp
chown radiusd:radiusd /var/log/radwtmp
10) Now fireup freeRADIUS in debug mode
by issuing %%PREFIX%%/sbin/radiusd -X
& using the radtest tool query freeRADIUS
radtest steve testing localhost 1812 s3cr3t
you should get the following output back:
Sending Access-Request of id 57 to 127.0.0.1 port 1812
User-Name = "steve"
User-Password = "testing"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=57, length=74
Class = 0x30373032333435363738
Session-Timeout = 3600
Idle-Timeout = 600
Acct-Interim-Interval = 60
WISPr-Bandwidth-Max-Up = 128000
WISPr-Bandwidth-Max-Down = 512000
if you're not sure if freeRADIUS is listening on port 1812/udp or 1645/udp check your /etc/services file
$ cat /etc/services | grep radius
# IMPORTANT NOTE: Ports 1645/1646 are the traditional radius ports used by
#radius 1645/udp #RADIUS authentication protocol (old)
radius 1812/udp #RADIUS authentication protocol (IANA sanctioned)
If everything went along ok without any errors edit users & remove the entries you added from chillispots freeradius.users files.
11) Configuring freeRADIUS to use MySQL instead of flat files
edit %%PREFIX%%/etc/raddb/sql.conf &
change the login, password & radius_db entries to those used in step 6
then uncomment
#sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
& comment out sql_user_name = "%{User-Name}"
if you'd like to use shortames (username minus realm) aswell as user@realm.f00 & :-DEFAULT
then uncomment simul_count_query
edit %%PREFIX%%/etc/raddb/radiusd.conf
then uncomment sql in the Authorize {
comment out unix in Authenticate {
comment out files in preacct {
uncomment sql in accounting {
comment radutmp & uncomment sql in session {
freeRADIUS is now setup to use MySQL.
12) You now need to setup some users for your wireless clients to use
12.1: login to the mysql console:
mysql -u dbusername -p
12.2: choose the database you created for freeRADIUS to work on
mysql> use mydbname;
12.3: lets see what in here:
mysql> show tables;
+----------------------+
| Tables_in_mydbname |
+----------------------+
| nas |
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| usergroup |
+----------------------+
8 rows in set (0.00 sec)
12.4: to see what fields you need to fill in isse:
mysql> show columns from radcheck;
+-----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+------------------+------+-----+---------+----------------+
| id | int(11) unsigned | | PRI | NULL | auto_increment |
| UserName | varchar(64) | | MUL | | |
| Attribute | varchar(32) | | | | |
| op | char(2) | | | == | |
| Value | varchar(253) | | | | |
+-----------+------------------+------+-----+---------+----------------+
5 rows in set (0.01 sec)
12.5: lets add our first username:
mysql> insert into radcheck (Username, Attribute, Value) VALUES ('fry', 'Password', 'walkingonsunshine');
Query OK, 1 row affected (0.00 sec)
12.6: is it there?
mysql> select * from radcheck;
+----+----------+-----------+----+-------------------+
| id | UserName | Attribute | op | Value |
+----+----------+-----------+----+-------------------+
| 1 | fry | Password | == | walkingonsunshine |
+----+----------+-----------+----+-------------------+
1 row in set (0.00 sec)
12.7: assign the user to a group:
mysql> show columns from usergroup;
+-----------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+-------------+------+-----+---------+-------+
| UserName | varchar(64) | | MUL | | |
| GroupName | varchar(64) | | | | |
| priority | int(11) | | | 1 | |
+-----------+-------------+------+-----+---------+-------+
3 rows in set (0.01 sec)
mysql> insert into usergroup (UserName, GroupName, Priority) VALUES ('fry', 'dynamic', 1);
Query OK, 1 row affected (0.00 sec)
mysql> select * from usergroup;
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| fry | dynamic | 1 |
+----------+-----------+----------+
1 row in set (0.01 sec)
12.8) Authorization Type:
mysql> show columns from radgroupcheck;
+-----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+------------------+------+-----+---------+----------------+
| id | int(11) unsigned | | PRI | NULL | auto_increment |
| GroupName | varchar(64) | | MUL | | |
| Attribute | varchar(32) | | | | |
| op | char(2) | | | == | |
| Value | varchar(253) | | | | |
+-----------+------------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)
mysql> insert into radgroupcheck (GroupName, Attribute, Value) VALUES ('dynamic', 'Auth-Type', 'Local');
Query OK, 1 row affected (0.00 sec)
mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+-------+
| 1 | dynamic | Auth-Type | == | Local |
+----+-----------+-----------+----+-------+
1 row in set (0.00 sec)
mysql> show columns from radgroupcheck;
+-----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+------------------+------+-----+---------+----------------+
| id | int(11) unsigned | | PRI | NULL | auto_increment |
| GroupName | varchar(64) | | MUL | | |
| Attribute | varchar(32) | | | | |
| op | char(2) | | | == | |
| Value | varchar(253) | | | | |
+-----------+------------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)
12.9) User & Group Attribute settings
User specific attributes:
mysql> show columns from radreply;
+-----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+------------------+------+-----+---------+----------------+
| id | int(11) unsigned | | PRI | NULL | auto_increment |
| UserName | varchar(64) | | MUL | | |
| Attribute | varchar(32) | | | | |
| op | char(2) | | | = | |
| Value | varchar(253) | | | | |
+-----------+------------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)
mysql> insert into radreply (UserName, Attribute, Value) VALUES ('fry', 'Class', '0702345678');
Query OK, 1 row affected (0.01 sec)
mysql> select * from radreply;
+----+----------+-----------+----+------------+
| id | UserName | Attribute | op | Value |
+----+----------+-----------+----+------------+
| 1 | fry | Class | = | 0702345678 |
+----+----------+-----------+----+------------+
1 row in set (0.00 sec)
Group specific settings:
mysql> show columns from radgroupreply;
+-----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+------------------+------+-----+---------+----------------+
| id | int(11) unsigned | | PRI | NULL | auto_increment |
| GroupName | varchar(64) | | MUL | | |
| Attribute | varchar(32) | | | | |
| op | char(2) | | | = | |
| Value | varchar(253) | | | | |
+-----------+------------------+------+-----+---------+----------------+
5 rows in set (0.00 sec)
mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'Session-Timeout', '3600');
Query OK, 1 row affected (0.00 sec)
mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'Idle-Timeout', '600');
Query OK, 1 row affected (0.00 sec)
mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'Acct-Interim-Interval', '60');
Query OK, 1 row affected (0.01 sec)
mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'WISPr-Redirection-URL', 'http://www.geeklan.co.uk');
Query OK, 1 row affected (0.00 sec)
mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'WISPr-Bandwidth-Max-Up', '128000');
Query OK, 1 row affected (0.01 sec)
mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'WISPr-Bandwidth-Max-Down', '512000');
Query OK, 1 row affected (0.01 sec)
mysql> select * from radgroupreply;
+----+-----------+--------------------------+----+--------------------------+
| id | GroupName | Attribute | op | Value |
+----+-----------+--------------------------+----+--------------------------+
| 1 | dynamic | Session-Timeout | = | 3600 |
| 2 | dynamic | Idle-Timeout | = | 600 |
| 3 | dynamic | Acct-Interim-Interval | = | 60 |
| 4 | dynamic | WISPr-Redirection-URL | = | http://www.geeklan.co.uk |
| 5 | dynamic | WISPr-Bandwidth-Max-Up | = | 128000 |
| 6 | dynamic | WISPr-Bandwidth-Max-Down | = | 512000 |
+----+-----------+--------------------------+----+--------------------------+
6 rows in set (0.00 sec)
Test:
%%PREFIX%%/bin/radtest fry walkingonsunshine localhost 1812 s3cr3t
Sending Access-Request of id 250 to 127.0.0.1 port 1812
User-Name = "fry"
User-Password = "walkingonsunshine"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=250, length=106
Class = 0x30373032333435363738
Session-Timeout = 3600
Idle-Timeout = 600
Acct-Interim-Interval = 60
WISPr-Redirection-URL = "http://www.geeklan.co.uk"
WISPr-Bandwidth-Max-Up = 128000
WISPr-Bandwidth-Max-Down = 512000
13) Nearly There
edit %%PREFIX%%/etc/chilli.conf
& change the dns1 & dns2 entries to your dns servers
(note, if you're not running a dns server locally you'll need to uncomment uamanydns)
change radiusserver1 & radiusserver2 to localhost
set radiussecret to whatever you selected in step 9
e.g s3cr3t
set dhcpif to your wifi card e.g ral0
change uamserver to https://192.168.182.1/cgi-bin/hotspotlogin.cgi
(if you're not running a dns server locally, if you are use the fqdn)
change the uamsecret to another value, then edit %%PREFIX%%/www/cgi-bin/hotspotlogin.cgi & add the same value to $uamsecret
14) Finishing Stage
Edit /etc/pf.conf & make sure the $ext_if & $int_if are correct
Edit /etc/rc.conf & add the following:
chillispot_enable="YES"
apache_enable="YES"
radiusd_enale="YES"
mysql_enable="YES"
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_flags="" # additional flags for pfctl startup
pflog_enable="YES" # start pflogd(8)
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd startup
gateway_enable="YES"
& remove any IP addresses assigned to your wifi card
this is enough for chilli to work:
ifconfig_ral0="ssid chilli mediaopt hostap mode 11b"
save & reboot or quit to back to the shell & run the following to get everything started
%%PREFIX%%/etc/rc.d/chillispot start
%%PREFIX%%/etc/rc.d/apache.sh start you'll be asked for the password that you assigned whilst generating the certs in the step 3
%%PREFIX%%/etc/rc.d/mysql-server start
%%PREFIX%%/etc/rc.d/radiusd start
pfctl -e
pfctl -f /etc/pf.conf
THE END!!!
Original Sources for info:
OpenBSD PF FAQ
http://www.openbsd.org/faq/
The FreeBSD HandBook
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html
SB's very rough notes to FreeRadius and MySQL
http://www.frontios.com/freeradius.html
ONLamp Getting Started with FreeRADIUS
http://www.onlamp.com/pub/a/onlamp/excerpt/radius_5/index1.html?page=1
TAASC MySQL Basics
http://www.analysisandsolutions.com/code/mybasic.htm
This work is licensed under the Creative Commons Attribution-Share Alike 2.5 License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-sa/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California,
94105, USA.
Reference in a new issue View git blame Copy permalink