Thursday, October 28, 2010

Ubuntu Server + Freeradius 2.0.x + Coovachilli + Daloradius

Form danielbenny2910       KIOS

Tutorial install Ubuntu server nya :

- Ubuntu Server 8.04.3 server (paket yang di install)
- LAMP Server
- DNS Server
- OpenSSH Server
- Print Server
- Samba File Server
- Webmin (untuk hapus database di mysql jika salah isi databasenya tongue)

Putty dan winscp di client untuk remote server dari client dan file transfer.

Topologi:

Internet ---- Modem -------- Ubuntu Server ------- Switch ------- AP dan/atau LAN.

* Jangan lupa update dan upgrade ubuntu servernya!


Edit file /etc/sysctl.conf untuk forwarding paketnya

Code:
#net.ipv4.ip_forward=1
ganti jadi:
net.ipv4.ip_forward=1






Kutip:
Klik untuk menampilkan... (Proses installasi ini berpedoman pada blognya orang Thailand:)


1. Install Freeradius 2.x dari source

Code:
apt-get install freeradius freeradius-mysql
(proses installasi akan menanyakan paket pendukung, saya yes aja:D)


Stop Freeradiusnya

Code:
/etc/init.d/freeradius stop

Jalankan dalam mode debug

Code:
freeradius -X
(jika tidak ada error tekan ctrl+c untuk stop debug dan di lanjut)


Masukkan database ke mysql

Code:
mysql -u root -p
masukkan passwordnya: password root mysql anda
CREATE DATABASE radius;
GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radiussecret';
FLUSH PRIVILEGES;
quit


Masukkan skema contoh dari freeradius

Code:
mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
masukkan password root mysql anda
mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql
masukkan password root mysql anda


Sinkronkan freeradius dengan Database nya

Code:
nano /etc/freeradius/sql.conf
cari baris dibawah ini jika tidak sama di ganti
server = "localhost"
login  = "radius"
password = "radiussecret"

Kemudian masih dalam file ini, hapus tanda pound pada baris:
# readclient = yes
menjadi
readclient = yes

Setup freeradius server client password nya

Code:
nano /etc/freeradius/clients.conf
cari baris 
secret = testing123
ganti menjadi 
secret = radiussecret


Ganti autorisasi freeradius ke sql

Code:
nano /etc/freeradius/sites-available/default

pada section authorize, cari baris 
files tambahkan tanda # menjadi 
# files

cari baris 
# sql, hapus tanda commentnya menjadi
sql

cari lagi baris sql pada section accounting dan session, jika ada tanda comment (#) hilangkan
save dan exit

Tes freeradiusnya dgn memasukkan username dan password

Code:
mysql -u root -p
masukkan password root dari mysql anda
use radius;
INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('guest', 'password', 'guest')
select * from radcheck where UserName='guest';
exit


Restart freeradiusnya

Code:
/etc/init.d/freeradius restart

ketik pada console
radtest guest guest localhost 0 radiussecret

jika berhasil akan keluar result seperti ini;
rad_recv: Access-Accept packet from host localhost port 1812, id=234, length=20


========== Setup Freeradius selesai smile ==============


2. Install Coovachilli

Download coova-chilli

Code:
wget http://ap.coova.org/chilli/coova-chilli_1.0.13-1_i386.deb


Install coova-chilli

Code:
dpkg -i coova-chilli_1.0.13-1_i386.deb


Copy default konfigurasi chilli agar bisa di custom

Code:
cp /etc/chilli/default /etc/chilli/config


Buat folder hotspot

Code:
mkdir /var/www/hotspot
cd /var/www/hotspot
cp /etc/chilli/www/* /var/www/hotspot
mkdir /var/www/hotspot/images
cp /var/www/hotspot/coova.jpg /var/www/hotspot/images/


Buat Folder uam

Code:
mkdir /var/www/hotspot/uam
cd /var/www/hotspot/uam
wget http://ap.coova.org/uam/
wget http://ap.coova.org/js/chilli.js


Ganti host address local

Code:
sed -i 's/ap.coova.org\/js\/chilli.js/192.168.0.1\/uam\/chilli.js/g' /var/www/hotspot/uam/index.html


Edit library dari chilli untuk menggunakan ip tadi

Code:
sed -i 's/192.168.182.1/192.168.0.1/g' /etc/chilli/www/ChilliLibrary.js
sed -i 's/192.168.182.1/192.168.0.1/g' /var/www/hotspot/ChilliLibrary.js


Untuk mengaktifkan coovachilli edit: START_CHILLI menjadi 1

Code:
nano /etc/default/chilli
START_CHILLI=1
CONFFILE="/etc/chilli.conf"


Edit file configurasi chilli

Code:
nano /etc/chilli/config


Edit parameter (kurang lebih)seperti dibawah ini):

Code:
HS_LANIF=eth1 # Subscriber Interface for client devices
HS_NETWORK=192.168.0.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=192.168.0.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot Port (on subscriber network)

HS_NASID=nas01
HS_UAMSECRET=uamsecret
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_RADSECRET=radiussecret
HS_UAMALLOW=www.google.com,192.168.0.0/24

HS_UAMSERVER=192.168.0.1
HS_UAMFORMAT=http://\$HS_UAMSERVER/uam/index.php
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
HS_UAMSERVICE=https://192.168.0.1/cgi-bin/hotspotlogin.cgi


Edit firewall chilli

Code:
nano /etc/chilli/up.sh
tambahkan di baris paling bawah;
# may not have been populated the first time; run again
[ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null
# force-add the final rule necessary to fix routing tables
iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE


=========== Coovachilli selesai smile =====================

3. Install SSL

Code:
apt-get install libapache2-mod-auth-mysql


Buat folder ssl

Code:
mkdir /etc/apache2/ssl


Install certificate

Code:
apt-get install ssl-cert


Lihat nama host untuk di masukkan nanti pada saat pembuatan certificate

Code:
hostname -f


Generate ssl-cert nya

Code:
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem


Edit hosts nya

Code:
nano /etc/hosts
127.0.0.1 localhost
192.168.0.1 ## your hostname


Enable module ssl

Code:
a2ensite ssl
/etc/init.d/apache2 force-reload


Create Virtual host untuk hotspot

Code:
nano /etc/apache2/sites-available/hotspot


Isinya kurang lebih seperti ini :

Code:
NameVirtualHost 192.168.0.1:443

    ServerAdmin webmaster@domain.org
    DocumentRoot "/var/www/hotspot"
    ServerName "192.168.0.1"
    
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    

    Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"
    
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    

    
        AllowOverride None
        Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    

    ErrorLog /var/log/apache2/hotspot-error.log

    LogLevel warn

    CustomLog /var/log/apache2/hotspot-access.log combined

    ServerSignature On
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/apache.pem


Enable virtual hostnya

Code:
a2ensite hotspot
Posted by at

1 comment:

Tux Admirer said...

Keren gan bisa di jadikan bahan praktek ..

June 30, 2012 at 9:42 AM

Post a Comment

Subscribe to: Post Comments (Atom)