Debian Wi-Fi hotspot using CoovaChilli, FreeRadius, MySQL and daloRADIUS

Debian Wi-Fi hotspot using CoovaChilli, FreeRadius, MySQL and daloRADIUS June 6th, 2010

I decide to create hotspot from my server to allow other connect to Internet for free. I used “Captive portal” solution based on these applications:

When somebody wants to connect to Internet using my wifi, the first page he can see is the register/login page (whatever page he wants to visit).
After registration/login he is able to connect to Internet.

So let’s see how I did it.

Let’s have one server with two network interfaces – first (eth0) goes to Internet, the second one (eth1) is the wifi for “unknown” clients.

Intermet —eth0-dhcp-Hot Spot Server-eth1-192.168.10.1———((((- ))))———–Client

Install basic software:

aptitude install mysql-server phpmyadmin freeradius freeradius-utils freeradius-mysql apache2 php-pear php-db
a2enmod ssl
a2ensite default-ssl
service apache2 restart
cd /tmp && wget 'http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius-0.9-8/daloradius-0.9-8.tar.gz'
tar xvzf daloradius-0.9-8.tar.gz
mv /tmp/daloradius-0.9-8 /var/www/daloradius
chown -R www-data:www-data /var/www/daloradius
cp -r /var/www/daloradius/contrib/chilli/portal2/* /var/www/
rm /var/www/index.html

Because my machine is 64 bit I need to build CoovaChilli package myself:

aptitude --assume-yes install dpkg-dev debhelper libssl-dev
cd /tmp
wget -c http://ap.coova.org/chilli/coova-chilli-1.2.2.tar.gz
tar xzf coova-chilli*.tar.gz
cd coova-chilli*
dpkg-buildpackage -rfakeroot

Install CoovaChilli:

cd ..
dpkg -i coova-chilli_*_amd64.deb

Configure FreeRadius

Change /etc/freeradius/clients.conf:

client 127.0.0.1 {
 secret     = mysecret
}

Change /etc/freeradius/sql.conf:

        server = "localhost"
        login = "root"
        password = "xxxx"

Uncomment in /etc/freeradius/sites-available/default:

authorize {
          sql
}
 
accounting {
         sql
}

Uncomment in /etc/freeradius/radiusd.conf:

       $INCLUDE sql.conf

Configure MySQL database for FreeRadius

mysql -u root --password=xxxx
mysql> CREATE DATABASE radius;
mysql> exit
 
mysql -u root --password=xxxx radius < /var/www/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql

daloRADIUS configuration

Modify this file /var/www/daloradius/library/daloradius.conf.php

$configValues['CONFIG_DB_PASS'] = 'xxxx';
$configValues['CONFIG_MAINT_TEST_USER_RADIUSSECRET'] = 'mysecret';
$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';

You also need to modify following configuration files to setup sign in web pages /var/www/signup-*/library/daloradius.conf.php:

$configValues['CONFIG_DB_PASS'] = 'xxxx';
$configValues['CONFIG_DB_NAME'] = 'radius';
$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';
$configValues['CONFIG_SIGNUP_SUCCESS_MSG_LOGIN_LINK'] = "<br />Click <b>here</b>".
                                        " to return to the Login page and start your surfing<br /><br />";

Chnage lines in /var/www/signup*/index.php to (changed ‘User-Password’ -> ‘Cleartext-Password’ and ‘==’ -> ‘:=’):

  $sql = "INSERT INTO ".$configValues['CONFIG_DB_TBL_RADCHECK']." (id, Username, Attribute, op, Value) ".
                                        " VALUES (0, '$username', 'Cleartext-Password', ':=', '$password')";

Another file need to be modified to communicate with CoovaChilli is /var/www/hotspotlogin/hotspotlogin.php

$uamsecret = "uamsecret";

Now you should be able to reach daloRADIUS installation on http://127.0.0.1/daloradius/

username: administrator
password: radius

Routing

We should not forget to enable packet forwarding and setup NAT:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
sed --in-place=.old 's/^#\(net.ipv4.ip_forward=1\)/\1/' /etc/sysctl.conf
sysctl -p

CoovaChilli configuration

Let’s start with /etc/chilli/defaults:

HS_NETWORK=192.168.10.0
HS_UAMLISTEN=192.168.10.1
 
HS_RADSECRET=mysecret
HS_UAMSECRET=uamsecret
HS_UAMFORMAT=https://\$HS_UAMLISTEN/hotspotlogin/hotspotlogin.php
HS_UAMHOMEPAGE=https://\$HS_UAMLISTEN

Then don’t forget to enable CoovaChilli to start in /etc/default/chilli

START_CHILLI=1

Maybe you need to execute chilli and radius server with some debug options to see “errors” during client connection:

chilli --fg --debug
freeradius -X

Few links we created:

http://192.168.10.1/signup-free/ – sign up page (if you don’t have username/password)
http://192.168.10.1:3990/prelogin – use for login to your portal
http://192.168.10.1/daloradius/ – daloradius admin page
http://192.168.10.1/phpmyadmin/ – phpmyadmin page (useful for sql database)

This how-to describe simple configuration of CoovaChilli so there are many things to configure. I didn’t mentioned anything about security – so it’s up to you to tweak it yourself.

You can find additional info on this web page:

https://help.ubuntu.com/community/WifiDocs/CoovaChilli

Engoy… ;-)

source here

Tags: coovachilli, daloradius, debian, freeradius, hotspot, mysql, nat, network, routing, wi-fi
This entry was posted on Sunday, June 6th, 2010 at 3:34 pm and is filed under databases, debian, mysql, Networking, ubuntu. You can follow any responses to this entry through the RSS 2.0 feed.You can leave a response, or trackback from your own site.

5 Responses

January 19th, 2011 at 6:44 am
Luke Says:

Hey, thanks for this tutorial, i just have a couple questions.. I have done something similar on Centos, install Freeradius with mysql and daloradius.. Do i have to have coova also to give the login page to users when they try and browse? or is that already part of Freeradius or daloradius?

Just not really sure how to get this working thats all.. When i try and add a user in daloradius, i get an error saying:

Database error
Error Message: DB Error: no such field
Debug info: INSERT INTO userinfo (id, username, firstname, lastname, email, department, company, workphone, homephone, mobilephone, address, city, state, zip, notes, changeuserinfo, creationdate, creationby, updatedate, updateby) VALUES (0, ‘test’, ”, ”, ”, ”, ”, ”, ”, ”, ”, ”, ”, ”, ”, ’0′, ’2011-01-18 23:43:06′, ‘administrator’, NULL, NULL) [nativecode=1054 ** Unknown column 'address' in 'field list']

Database error
Error Message: DB Error: no such table
Debug info: SELECT * FROM userbillinfo WHERE username=’test’ [nativecode=1146 ** Table 'radiusdb.userbillinfo' doesn't exist]

Why would this table be missing? shouldnt it be in the standard install if it is part of the software?

Thanks in advance for any assistence

January 19th, 2011 at 12:06 pm
amanat Says:

use phpmyadmin to update the profiles in dolaradius or use webmin

January 22nd, 2011 at 3:19 am
Luke Says:

Thanks, its working now.. Any idea why i now have an error trying to start radius in debugging mode:

Failed binding to authentication address * port 1812: Address already in use
/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812

I get the coova login page but my user and password dont work.. i guess cause freeradius has this error? I have no idea how to fix it

January 22nd, 2011 at 9:24 am
amanat Says:

Make sure Radius is stopped first and then try to check it in debugging mode, after that start it and try again.

For login your Mysql, cova and radius must be started and running. Also confirm username and password.

January 22nd, 2011 at 10:36 am
Luke Says:

Thanks.. i did that and it worked.. must have been running already.. i am certain that the user and pass that i am attempting to login with are there in the freeradius database, but coova says wrong username password.. Also, i have just noticed that i cant connect to the internet anymore when i stop the coova service.. and i cant get to the net cause coova says the user and pass is wrong.. Is there somewhere in some file where i have possibly set some wrong settings for coova to talk to freeradius correctly?