100% Work!

Ubuntu+Freeradius2+CoovaChilli+Daloradius
eth0 = 11.11.11.2 Internet eth1 = 10.10.10.1 LAN 1. Network Interface Card nano /etc/network/interfaces iface eth0 inet static address 11.11.11.2 netmask 255.255.255.240 gateway 11.11.11.1 auto eth1

**kalo belom bs silahkan memakai webmin..

$ wget http://www.webmin.com/jcameron-key.asc $ sudo apt-key add jcameron-key.asc

Tambahkan di vi /etc/apt/sources.list
deb http://download.webmin.com/download/repository sarge contrib deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
$ apt-get install unzip fakeroot ssh build-essential rrdtool snmp snmpd php5-cli php5-gd php5 php5mysql php5-gmp php-pear php5-snmp php5-adodb php-db make ssl-cert freeradius freeradius-mysql freeradius-utils curl perl openssl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl git-core gcc webmin libssl0.9.8 libapache2-mod-auth-mysql php5-common libapache2-mod-php5 mysql-server apache2

$ sudo apt-get update

Akses webmin dari browser anda https://10.10.10.1:9090 masukan user root dan passwordnya.
2. forward packet nano /etc/sysctl.conf net.ip4.ip_forward=1 3. module tun coova nano /etc/modules modprobe tun restart 4. LAMP Server DNS Server tasksel LAMP Server Openssh-Server 6. radius script tables mysqladmin -ppasswd create radius mysql -u root -ppasswd radius < /etc/freeradius/sql/mysql/schema.sql mysql -u root -ppasswd radius < /etc/freeradius/sql/mysql/nas.sql mysql -u root -ppasswd mysql>GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radius'; mysql>FLUSH PRIVILEGES; mysql>quit

7. sql.conf nano -w /etc/freeradius/sql.conf

sql { database = "mysql" driver = "rlm_sql_${database}" server = "localhost" login = "radius" password = "radius" radius_db = "radius" acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "radusergroup" deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 nas_table = "nas" $INCLUDE sql/${database}/dialup.conf }

nano /etc/freeradius/radiusd.conf
prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius db_dir = ${raddbdir} libdir = /usr/lib/freeradius pidfile = ${run_dir}/freeradius.pid max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = ipaddr port = } listen { ipaddr port = type = }

auth = * 0

= * 0 acct

hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon

stripped_names = no auth = no auth_badpass = no auth_goodpass = no } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ $INCLUDE eap.conf $INCLUDE sql.conf $INCLUDE sql/mysql/counter.conf } instantiate { exec expr expiration max_all_mb noresetcounter logintime } $INCLUDE policy.conf $INCLUDE sites-enabled/

8. client.conf Coova-chilli Daloradius freeradius nano -w /etc/freeradius/clients.conf

client localhost { ipaddr = 127.0.0.1 secret = radius require_message_authenticator = no nastype = other # localhost isn't usually a NAS... }

nano -w /etc/freeradius/sites-available/default
authorize { preprocess chap mschap suffix eap { ok = return } unix files sql

noresetcounter dailycounter monthlycounter expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix } preacct { preprocess acct_unique suffix files } accounting { detail unix radutmp sradutmp sql attr_filter.accounting_response } session { radutmp sql } post-auth { sql exec } pre-proxy { } post-proxy { eap }

Tahap selanjutnya adalah merubah file /etc/freeradius/sql/mysql/counter.conf

sqlcounter dailycounter { counter-name = Daily-Session-Time check-name = Max-Daily-Session reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(acctsessiontime - \ GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \ FROM radacct WHERE username = '%{%k}' AND \ UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(acctsessiontime - \ GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \

FROM radacct WHERE username='%{%k}' AND \ UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'" } sqlcounter noresetcounter { counter-name = Session-Timeout check-name = Session-Timeout reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(Acctsessiontime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter max_all_mb { counter-name = Max-All-MB check-name = Max-All-MB reply-name = ChilliSpot-Max-Total-Octets sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctInputOctets) + SUM(AcctOutputOctets) FROM radacct WHERE UserName='% {%k}'" #query = "SELECT SUM(AcctInputOctets)/(1024*1024) + SUM(AcctOutputOctets)/(1024*1024) FROM radacct WHERE UserName='%{%k}'" } sqlcounter octetslimit { counter-name = Max-All-MB check-name = Max-All-MB reply-name = Chillispot-Max-Total-Octets key = User-Name reset = never query = "SELECT SUM(acctinputoctets+acctoutputoctets) from radacct WHERE UserName='% {%k}'" sqlmod-inst = sql }

Sampai dini, seharusnya freeradius sudah bekerja. Anda bisa memastikan dengan manjalankan freeradius dengan mode debug.
$ /etc/init.d/freeradius stop $ /usr/sbin/freeradius -X $ /usr/sbin/freeradius

10. User Radius restart Freeradius User mysql -u root -ppassword mysql> use radius; mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('guest', 'Password','guest'); /etc/init.d/freeradius restart radtest guest guest 127.0.0.1 0 radius rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=198, length=20

coova-chilli
11. download cd /tmp
$ wget http://ap.coova.org/chilli/coova-chilli_1.2.2_i386.deb Or $ wget http://coova-chilli.s3.amazonaws.com/coova-chilli_1.3.0_i386.deb $ dpkg -i coova-chilli_1.2.2_i386.deb

Secara default, coova chilli di set dalam keadaan tidak aktif, anda harus mengaktifkan dengan cara merubah isi file /etc/default/chilli dan cari
START_CHILLI=0 ubah menjadi START_CHILLI=1

12. coova file config chilli cp /etc/chilli/defaults /etc/chilli/config 13. folder hotspot mkdir /var/www/hotspot && cd /var/www/hotspot cp /etc/chilli/www/* /var/www/hotspot mkdir /var/www/hotspot/images cp /var/www/hotspot/coova.jpg /var/www/hotspot/images 14. folder uam mkdir /var/www/hotspot/uam cd /var/www/hotspot/uam wget http://ap.coova.org/uam/ wget http://ap.coova.org/js/chilli.js 15. Host Address $ sed -i 's/ap.coova.org\/js\/chilli.js/192.168.0.1\/uam\/chilli.js/g' /var/www/hotspot/uam/index.html $ sed -i 's/192.168.182.1/10.10.10.1/g' /etc/chilli/www/ChilliLibrary.js $ sed -i 's/192.168.182.1/10.10.10.1/g' /var/www/hotspot/ChilliLibrary.js 30. login Hotspot cd /var/www/hotspot/ wget http://www.truesoft.co.th/wifi/uam.tgz tar -xzvf uam.tgz cd uam mv index.html index.html-o mv chilli.js chilli.js-o 17. file /etc/chilli/config nano /etc/chilli/config
HS_WANIF=ppp0 HS_LANIF=eth0 HS_NETWORK=10.10.10.0 HS_NETMASK=255.255.255.0 HS_UAMLISTEN=10.10.10.1 HS_UAMPORT=3990 HS_UAMUIPORT=4990 # DNS Nawala Servers HS_DNS1=180.131.144.144 HS_DNS2=180.131.145.145 # HotSpot settings for simple Captive Portal HS_NASID=nas01 HS_RADIUS=localhost HS_RADIUS2=localhost HS_UAMALLOW=10.10.10.1,192.168.1.4,192.168.1.226,192.168.1.254,newmed.ac.id,www.google.com,www.yaho o.com HS_RADSECRET=radius # sesuai yang kita isikan di /etc/freeradius/clients.conf HS_UAMSECRET=uamsecret HS_RADIUS=localhost HS_RADIUS2=localhost HS_UAMALIASNAME=chilli HS_UAMSERVER=10.10.10.1 HS_UAMFORMAT=https://\$HS_UAMSERVER/uam/ HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html HS_UAMSERVICE=https://10.10.10.1/cgi-bin/hotspotlogin.cgi HS_TCP_PORTS="22 80 443 10000" # # # # # # # WAN Interface toward the Internet Subscriber Interface for client devices HotSpot Network (must include HS_UAMLISTEN) HotSpot Network Netmask HotSpot IP Address (on subscriber network) HotSpot UAM Port (on subscriber network) HotSpot UAM "UI" Port (on subscriber network, for embedded portal)

HS_MODE=hotspot HS_TYPE=chillispot HS_WWWDIR=/etc/chilli/www HS_WWWBIN=/etc/chilli/wwwsh HS_PROVIDER=NewMed HS_PROVIDER_LINK=http://newmed.ac.id HS_LOC_NAME="Selamat Datang di Kampus New Media"

Selanjutnya adalah download dan install Haserl

$ wget http://sourceforge.net/projects/haserl/files/haserl/0.8.0/haserl-0.8.0.tar.gz $ tar -zxvf haserl-0.8.0.tar.gz $ cd haserl-0.8.0;./configure;make;sudo make install

Kemudian Edit file /etc/chilli/wwwsh cari :

haserl=$(which haserl 2>/dev/null)

ubah menjadi :
haserl=/usr/local/bin/haserl

18. Firewall nano /etc/chilli/up.sh # may not have been populated the first time; run again [ -e "/var/run/chilli.iptables" ] && sh /var/run/chilli.iptables 2>/dev/null # force-add the final rule necessary to fix routing tables iptables -I POSTROUTING -t nat -o $HS_WANIF -j MASQUERADE 21. folder ssl mkdir /etc/apache2/ssl 22. cat /etc/hostname tetsuya.hotspot 23. make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem 24. module ssl a2enmod ssl /etc/init.d/apache2 force-reload 25. hosts nano /etc/hosts 127.0.0.1 localhost.local localhost 127.0.1.1 Authen.local Authen 10.10.10.1 Authen.local Authen 26. hotspot nano -w /etc/apache2/sites-available/hotspot
NameVirtualHost 10.10.10.1:443 <VirtualHost 10.10.10.1:443> ServerAdmin webmaster@domain.org DocumentRoot /var/www/hotspot ServerName "10.10.10.1" <Directory /var/www/hotspot/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory>

Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/" <Directory "/usr/share/freeradius-dialupadmin/htdocs/"> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> <Directory "/var/www/hotspot/cgi-bin/"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/hotspot-error.log LogLevel warn CustomLog /var/log/apache2/hotspot-access.log combined ServerSignature On SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem </VirtualHost>

27. hotspot apache a2ensite hotspot 28. Listen Ports apache nano -w /etc/apache2/ports.conf Listen *:443 Listen *:80 nano -w /etc/apache2/apache2.conf ServerName 10.10.10.1 29. default nano -w /etc/apache2/sites-available/default
NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>

31. restart reboot

32. daloRADIUS cd /tmp wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius-0.98/daloradius-0.9-8.tar.gz or wget http://nchc.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.99/daloradius-0.9-9.tar.gz tar -zxvf daloradius-0.9-9.tar.gz cp -R daloradius-0.9-9/ /var/www/daloradius chown -R www-data:www-data /var/www/daloradius chmod 644 /var/www/daloradius/library/daloradius.conf.php 36. database radius Database script mysql -u root -p radius < /var/www/daloradius/contrib/db/mysql-daloradius.sql 37. nano /var/www/daloradius/library/daloradius.conf.php CONFIG_DB_ENGINE = mysql CONFIG_DB_HOST = 127.0.0.1 CONFIG_DB_USER = root CONFIG_DB_PASS = password Mysql CONFIG_DB_NAME = radius $configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup'; 39. touch permission log mkdir /var/log/freeradius/radacct touch /var/log/freeradius/radacct/sql-relay touch /var/log/freeradius/radutmp touch /var/log/daloradius.log chown 755 /var/log/freeradius chown freerad:freerad /var/log/freeradius/radutmp 40. config http://10.10.10.1/daloradius/login.php Username: administrator Password: radius