configure DDWRT Chillispot Apache2 FreeRadius freeradiusdialupadmin and MySQL on Debian 40.docx

1、configure DDWRT Chillispot Apache2 FreeRadius freeradiusdialupadmin and MySQL on Debian 40How To Configure DD-WRT, Chillispot, Apache2, FreeRadius, Freeradius-Dialupadmin, And MySQL On Debian 4.0How to configure DD-WRT, Chillispot, Apache2, FreeRadius, freeradius-dialupadmin, and MySQL on Debian 4.0

2、This will show how to configure the above apps in order to create a hotspot. Also, I will go over some attributes to control bandwidth. I am not an expert with any of these apps, but I got it working. If anyone has any suggestion, please do not hesitate on commenting. Requirements (most of these are

3、 in Debians Synaptic Package Manager) Apache2 MySQL Server PHP4 freeradius freeradius-dialupadmin php4-mysql openssl freeradius-mysql php4-cgi Download chillispot-1.1.0 (do not install) Download MySQL Quick Admin Configuring DD-WRT. I am using firmware v24 RC41. Make sure your wireless router has In

4、ternet access.2. Open your Internet browser to “http:/192.168.1.1”3. Click “Administration” and make sure you change your routers username and password.4. Click on “Setup”, under “Basic Setup”. In the DHCP setting, deselect “DHCP-Authoritative”. Click the “Apply Settings” button at the bottom.5. Cli

5、ck “Wireless” and in the “Wireless Network Name (SSID)” textbox type the name of the hotspot. For this how to, we will use the fancy name “HotSpot”. Click the “Apply Settings” button at the bottom.6. Click “Services” and then “Hotspot”7. Enable Chillispot. Insert these settings:(On my Debian machine

6、, I assigned a static ip address of 192.168.1.2)Primary Radius Server IP/DNS: 192.168.1.2 Primary Radius Server IP/DNS: 192.168.1.2 Backup Radius Server IP/DNS: 192.168.1.2 DNS IP:“this is your ISP DNS server” Remote Network: “use the default” Redirect URL: “https:/192.168.1.2/cgi-bin/hotspotlogin.c

7、gi/” Shared Key: testing123 DHCP Interface: WLAN Radius NAS ID: ID_HotSpot UAM Secret: testing1238. leave the rest at their default settings9. Click “Apply Settings” and reboot router.Switch over to the machine with Debian (192.168.1.2). Make sure you have install all packages required. Configuring

8、freeradiusI like to use Nautilus to navigate as root. To do this, open a “Root Terminal”. Type the following: nautilus -no-desktop browser.1. Navigate to /etc/freeradius2. Edit “radiusd.conf” Line 428: change “proxy-requests” to “no” goto “authorize “, Line 1773 Line 1844: uncomment “sql” goto “acco

9、unting “, Line 1973 Line 2001: uncomment “sql” goto “session “, Line 2018 Line 2023: uncomment “sql”3. Save and close the file.4. Lets create a user and test freeradius.5. Edit “user” in /etc/freeradius6. On line 53, insert the following: test1 User-Password = “password1” DEFAULT Auth-Type := chap F

10、all-Through:= 13. Save and close the file.4. Edit “clients.conf” in /etc/freeradius Line 35: change the “secret” to the one you used in DD-WRT configuration (testing123)3. Save and close the file.4. Goto you “Root Terminal” and restart freeradius /etc/init.d/freeradius restart11. Test user radtest t

11、est1 password1 127.0.0.1 0 testing123(If you get “re-sending” continuously, check your setting again. If you get something like this “rad-recv: Access-Reject”, then we know freeradius is working and we can move on. Also you might want to delete the test user out of “clients.conf”.) Configuring MySQL

12、1. This how-to is a fresh installation of Debian, so I will have to set the password for the root of MySQL.2. Open “Root Terminal” and type the following: mysql -u root -p*Press enter when it asks for the password (there is no password) set password for rootlocalhost=password(root_password); quit;3.

13、 Create the radius database and create a new MySql user to access database. On the “Root Terminal”, type: mysql -u root -p*Enter the new password (root_password). create database db_radius; grant all privileges on db_radius.* to user_radiuslocalhost identified by user_radius_password; flush privileg

14、es; quit;4. Import MySql statement to the db_radius. Download and extract “http:/www.freeradius.org/download.html” This will download to your desktop. Type the following in “Root Terminal”: cd /home/username/Desktop/freeradius-1.1.7/doc/examples/ mysql -u user_radius -p db_radius mysql.sql5. Let see

15、 if the database and information is there. Type the following in “Root Terminal”: mysql -u user_radius -p show databases; use db_radius; show tables; *You should see the following tables: nas, radacct, radcheck, radgroupcheck, radgroupreply, radippool, radpostauth, radreply, and usergroup. quit; Con

16、figure freeradius to use MySQL1. Using Nautilus, navigate to /etc/freeradius and edit sql.conf Line 22: change to “user_radius” Line 23: change to “user_radius_password” Line 26: change to “db_radius” save and close the file.2. Lets create a test user for MySQL. Open “Root Terminal”. And type the fo

17、llowing: mysql -u user_radius -p db_radius insert into radcheck (Username, Attribute, Value) VALUES (testsql, Password, passwordsql); select * from radcheck;(*this will show the information you just typed) quit;3. Restart freeradius. Using “Root Terminal”, type: /etc/init.d/freeradius restart4. Test

18、 the account. Using “Root Terminal”, type: radtest testsql passwordsql 127.0.0.1 0 testing123 Configuring SSL certificate1. Open a terminal. I open a terminal as root. Goto the top-left, click “Applications”, “Accessories” and then “Root Terminal”2. change directory to apache2 cd /etc/apache23. crea

19、te a new directory called “ssl” mkdir ssl4. change directory to the new folder cd ssl5. Type the following commands to create the certificate: openssl genrsa -out hotspot.DomainN.key 1024 openssl req -new -key hotspot.DomainN.key -out hotspot.DomainN.csr(fill in the appropriate information, when “Co

20、mmon Name” comes up use the name of the web site, hotspot.DomainN) openssl x509 -req -days 730 -in hotspot.DomainN.csr -signkey hotspot.DomainN.key -out hotspot.DomainN.crtThe certificate has been created. Now we will move on to freeradius. Configuring Apache21. Using Nautilus, navigate to “/etc/apa

21、che2” and edit “ports.conf”. Add this line after “Listen 80” Listen 4432. Enable ssl modules. With “Nautilus, navigate to “cd /etc/apache2/mods-available. Right-click “ssl.conf” and “ssl.load” and select “Make Link”. This will make to links, “link to ssl.conf” and “link to ssl.load” Cut and paste th

22、ese two files to “/etc/apache2/mods-enabled” Rename each file by removing “link to”. They should look like “ssl.conf” and “ssl.load” with an arrow2. Navigate to “/etc/apache2/sites-available” and edit “default” Line 1: remove “NameVirtualHost *” and add “ServerName hotspot.DomainN” Line 2: change to

23、 “ Line 17: comment out “RedirectMatch /$ /apache2-default/”*Right before , type: SSLEngine on SSLCertificateFile /etc/apache2/ssl/.crt SSLCertificateKeyFile /etc/apache2/ssl/.key4. Save and close the file. Restart apache2 in “Root Terminal” apache2 -k restart5. Open an Internet browser and in the a

24、ddress bar type: “https:/localhost/”*Your Internet browser should ask you to accept the certificate that was created. Install and configure “hotspotlogin.cgi”1. Download and extracthttp:/www.chillispot.info/download.html2. Dont install chillispot. Navigate to “/home/username/Desktop/chillispot-1.1.0

25、/doc” with Nautilus3. Copy “hotspotlogin.cgi” to “/usr/lib/cgi-bin”4. Edit “hotspotlogin.cgi” Line 27: uncomment “$uamsecret” insert your secret (testing123)5. Using Nautilus, navigate to “/etc/freeradius” and edit “clients.conf” Line 27: change “client 127.0.0.1” to “client 192.168.1.1”* this shoul

26、d be the ip address of your DD-WRT6. Save and close the file. Now restart freeradius. Open “Root Terminal” and type: /etc/init.d/freeradius restart7. Grab a laptop and turn it on. Check to see if you got the right ip address (should be something like, 192.168.182.X)8. Open an Internet browser. The p

27、age should be redirected and a pop-up about accepting a certificate should come up. Accept it and you should see the “hotspotlogin.cgi” asking for a username and password. Enter the sql test user (testsql passwordsql). You should now be logged in and able to surf the web.*If you get a blank screen,

28、check your permissions on “hotspotlogin.cgi” file. Other should have “execute” checked. Configure freeradius-dialupadmin1. Create a folder and a link. Open a “Root Terminal” and type: cd /var/www mkdir dialup ln -s /usr/share/freeradius-dialupadmin/htdocs /var/www/dialup2. There is no username/passw

29、ord for freeradius-dialupadmin, so we will create one. With Nautilus, navigate to “/etc/apache2” and edit “httpd.conf”. Add the following: DocumentRoot /var/www/dialup AuthName Restricted Area AuthType Basic AuthUserFile /var/www/.htaccess require valid-user Options Indexes FollowSymLinks MultiViews

30、 AllowOverride None Order allow,deny allow from all 3. Create .htacces file for the directory. Open a “Root Terminal” and type: htpasswd -cm /var/www/.htaccess dialup-user*After you hit enter, it will ask for the new password (dialup-password). Restart apache2 with “Root Terminal” apache2 -k restart4. Test it out by open an internet browser and going to “http:/localhost/htdocs”5. When it ask for the username/password, enter the ones you created for dialupadmin (dialup-user/dialup-password).6. Edit /usr/share/freeradius-dailupadmi