Jumat, 22 Juni 2012
Install EasyHotspot di Server ClearOS 5.2
Hardware Requirements:
1. PC with at least 2 NICs ( I used 3 NICs on mine)
i. eth0: Internet
ii. eth1: Hotspot LAN
iii. eth2: Admin (optional)
2. Access Point
Software Requirements:
1. ClearOS 5.2 Enterprise (http://www.clearfoundation.com/Software/downloads)
2. FreeRadius2
3. Coova-Chilli (http://www.clearcenter.com/media/dev/coova-chilli-1.2.5-1.i386.rpm)
4. Easyhotspot-web_only_0.2 (http://sourceforge.net/projects/easyhotspot/)
Install ClearOS
- Install ClearOS as a Gateway i.e. choose Gateway mode on system mode
- Select software modules
- Graphical Console
- DHCP and Local DNS Servers
- Mail Server
- Web Server
- Database Server / MySQL
- Optional modules (Web Proxy, Antimalware, Antispam, Bandwidth Manager, Intrusion Protection, Protocol filter)
- Follow on-screen instructions to complete installation and reboot the system. The system reboots into a GUI screen. Login using root and password you set during installation and Complete Installation wizard tasks
Firewall Settings
Go to Firewall by clicking the Firewall link at the end of the installation wizard. Add firewall rules to allow SSH and HTTP
IP Settings
Go to Network>IP Settings and make sure eth0 is configured for Internet Access and eth1 is set on something line Hot LAN or LAN and on DHCP. If you are using 3 NICs like I did, set eth2 with static/dhcp LAN IP address. Ensure the links are up.
Check Internet connectivity by open a second terminal (CTRL+F2). Login and trying pinging a web address. This verifies that Internet and DNS are working well. If successful, proceed to install FreeRadius2 otherwise check your connections.
Install/Setup FreeRadius2
(http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap)
For ClearOS 5.2, run your updates. For older versions, you must upgrade to 5.2 before you can use this module.
# yum update
Install the FreeRadius service by running the following from command line:
# yum --enablerepo=base-plus install app-freeradius
# service syswatch restart
In Webconfig, click on the RADIUS server link under Network » Settings » RADIUS Server
To start the service, click Start. To make the service start automatically on each reboot, click To Auto
You may assign a group to authenticate through your RADIUS server. Select a group and click Update.
To allow a remote device to use the RADIUS server, give the client remote device(s) a nickname without spaces. Insert an IP address or CIDR. Select a password to be used by these client devices (e.g. testing123 from HS_RADSECRET=testing123) and click Add.
NOTE: You can follow the complete HOWTO (http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap) if you want to use LDAP authentication.
Configure FreeRadius2 to use SQL
Install freeRadius2-mysql
# yum install freeradius2-mysql
Edit radius.conf file
To do this, edit /etc/raddb/radiusd.conf and pretty much ignore everything except around about line 640 in the modules section uncomment or make sure that you have,
$INCLUDE sql.conf
and then further down make sure you have,
$INCLUDE sql/mysql/counter.conf
Then further around line 710 in the instantiate section make sure you have,
chillispot_max_bytes
noresetcounter
which are our counters which we define in the next section. Then in /etc/raddb/sites-enabled/default, in the authorise section after it has the "Look in an SQL database..." it has an "sql" entry that may be commented out so uncomment it and add the new counters so that it is now,
sql
chillispot_max_bytes
noresetcounter
and then later in /etc/raddb/sites-enabled/default in the accounting section uncomment the sql about line 343,
sql
and then later in /etc/raddb/sites-enabled/default in the session section uncomment the sql about line 370,
sql
and then finally in /etc/raddb/sites-enabled/default in the post-auth section uncomment the sql about line 370,
sql
That should be it. Now update the counter.conf in the next section.
FreeRadius SQL counter.conf settings needed
To match the radcheck and radgroupchecks we use then you also need to add two matching counter.conf checks as follows. Edit the /etc/radddb/sql/mysql/counter.conf file (unless the counter is already defined in that), add the following at the end,
sqlcounter noresetcounter {
counter-name = Session-Timeout
check-name = Session-Timeout
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE serName='%{%k}'"
}
sqlcounter chillispot_max_bytes {
counter-name = ChilliSpot-Max-Total-Octets
check-name = ChilliSpot-Max-Total-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='%{%k}'"
}
IMPORTANT: Make sure you comment out all occurrences ldap and files in /etc/raddb/sites-enabled/default
Setup easyhotspot database to be used by FreeRadius
Go to Webconfig>Server>MySQL and set MySQL to Auto start On Boot and start the Service. You will be required to supply a password for MySQL (if you have not set one already)
On the terminal:
#mysql –u root –p
mysql> create database easyhotspot_opensource;
mysql>CREATE USER 'easyhotspot'@'localhost';
mysql>SET PASSWORD FOR 'easyhotspot'@'localhost' = PASSWORD('easyhotspot');
mysql>GRANT ALL ON easyhotspot_opensource.* to 'easyhotspot'@'localhost';
mysql> quit
Easyhotspot Database Setup
Download easyhotspot from here 2 http://sourceforge.net/projects/easyhotspot/
Recommended: Download the modified and ‘tested as working’ easyhotspot here http://www.prandah.com/wp-content/uploads/2011/11/easyhotspot.sql_.gz
NOTED: rename the file and change file extension from odt to sql
# mysql –u root –p easyhotspot_opensource < easyhotspot_opensource_2011-08-22.sql
Setup Easyhotspot
Preparation
#yum install php php-mysql php-gd php-pear php-db
# wget http://pear.php.net/go-pear.phar
# php go-pear.phar
# pear install DB
Restart Apache1
#Service httpd restart
Copy the easyhotspot folder to /opt
Create a soft link in /var/www/html for easyhotspot/htdocs
# cd /var/www/html/
# ln –s /opt/easyhotspot/htdocs easyhotspot
Setup Raddb To Use Easyhotspot_Opensource Database
Edit /etc/raddb/sql.conf and set the following:-
# vi /etc/raddb/sql.conf
# Connection info:
server = "localhost"
#port = 3306
login = " easyhotspot "
password = " easyhotspot "
# Database table configuration for everything except Oracle
radius_db = " easyhotspot _opensource"
Install/Setup Captive Portal
(http://www.clearfoundation.com/docs/howtos/captive_portal)
Preparation
You will need the working RADIUS server to get this going. Be sure to do the 'Additional setup' items at the bottom so that PAP is working.
You will need to set up localhost as an authorized client of the RADIUS server.
Create a user called coovachilli with mail only and make a group called chilli.
Get the code.
wget http://www.clearcenter.com/media/dev/coova-chilli-1.2.5-1.i386.rpm
wget http://www.clearcenter.com/media/dev/haserl
cp haserl /usr/sbin/
chmod +x /usr/sbin/haserl
Install the code
rpm -Uvh coova-chilli-1.2.5-1.i386.rpm
Configure Coovachilli
/etc/chilli/defaults
Set the following values: HS_LANIF, change this value if it is wrong (ie. HS_LANIF=eth2).
HS_NETWORK, set this to the values of your network (ie. HS_NETWORK=192.168.1.0).
HS_NETMASK, change this value if it is wrong (ie. HS_NETMASK=255.255.255.128).
HS_UAMLISTEN, set this to the IP of your server (ie. HS_UAMLISTEN=192.168.1.1).
HS_DNS1 and HS_DNS1, set these to the IP address of your local DNS server, in this case your server (ie. HS_DNS1=192.168.1.1 and HS_DNS2=192.168.1.1).
HS_RADSECRET, set this to the secret password that you placed in the RADIUS configuration for the localhost entry in Webconfig (ie. HS_RADSECRET=mysecretpassword).
HS_RAD_PROTO=mschapv2, set this so the program knows to use the NT-Password infrastructure of LDAP described in the PAP section of the FreeRADIUS 2 Howto. This value does NOT exist and you must define it (set this to HS_RAD_PROTO=mschapv2).
HS_UAMDOMAINS, set all the domains that you want for your 'walled garden. These sites will work even if users don't authenticate via your captive portal:
HS_UAMDOMAINS=".clearcenter.com,.clearfoundation.com"
Start Coova Chilli
#service chilli start
Testing
Connect a client to network (or Wireless Network). This is where eth1 on your clearOS server is connected.
-The client should receive an IP address of say 10.1.0.x
If so, open a web browser on the client. You should get a redirection to the coova login page.
http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,26/func,view/id,28581/
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar