Date: Sat, 2 Jan 2010 13:53:19 GMT From: Sevan Janiyan <venture37@geeklan.co.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/142241: [patch] net-mgmt/chillispot add installguide to SUBFILES= Message-ID: <201001021353.o02DrJtV054054@www.freebsd.org> Resent-Message-ID: <201001021400.o02E0D3j028501@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 142241
>Category: ports
>Synopsis: [patch] net-mgmt/chillispot add installguide to SUBFILES=
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 02 14:00:13 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Sevan Janiyan
>Release:
>Organization:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -urN chillispot.orig/Makefile chillispot/Makefile
--- chillispot.orig/Makefile 2010-01-02 13:36:00.000000000 +0000
+++ chillispot/Makefile 2010-01-02 13:41:04.000000000 +0000
@@ -21,7 +21,7 @@
GNU_CONFIGURE= yes
CONFIGURE_ARGS=-sysconfdir=${PREFIX}/etc
USE_RC_SUBR= chillispot
-SUB_FILES= pkg-message
+SUB_FILES= pkg-message installguide.txt
MAN8= chilli.8
OPTIONS= RAW "Latest Release Of Apache & mySQL" Off \
@@ -56,7 +56,7 @@
${INSTALL_MAN} ${WRKSRC}/doc/dictionary.chillispot ${DATADIR}
${INSTALL_MAN} ${WRKSRC}/doc/freeradius.users ${DATADIR}
${INSTALL_MAN} ${WRKSRC}/doc/hotspotlogin.cgi ${DATADIR}
- ${INSTALL_MAN} ${FILESDIR}/installguide.txt ${DATADIR}
+ ${INSTALL_MAN} ${WRKDIR}/installguide.txt ${DATADIR}
${INSTALL_MAN} ${FILESDIR}/pf.conf.sample ${DATADIR}
${INSTALL_MAN} ${FILESDIR}/ipfw-config.sample ${DATADIR}
.endif
diff -urN chillispot.orig/files/installguide.txt chillispot/files/installguide.txt
--- chillispot.orig/files/installguide.txt 2010-01-02 13:36:00.000000000 +0000
+++ chillispot/files/installguide.txt 1970-01-01 01:00:00.000000000 +0100
@@ -1,453 +0,0 @@
- Installing Chillispot on FreeBSD
- By Venture37
- www.geeklan.co.uk
- venture37@geekla.co.uk
-
-
-This guide will cover how to get a basic Chillispot installation going with Apache 1.3 + mod_ssl, mySQL 4.1, freeRADIUS & OpenBSD's Packet Filter PF
-
-1) Update your ports tree!!!!
-Instructions on how to do so are included in the HandBook under the Using CVSup section:
-http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
-
-2) Once the update is complete goto {PORTSDIR}/net-mgmt/chillispot & run make install, you'll be presented with a menu, select:
-MATURE Stable Releases of Apache with mod_ssl & mySQL
-&
-FREE freeRADIUS
-& choose Ok
-
-During the build process you'll be asked what flavour of freeRADIUS you'd like to build,
-choose MYSQL With MySQL user database
-
-3) When the build & install process is complete go back to the apache directory,
-regenerate & install some new certs & optionally remove the preinstalled snakeoil test ones.
-goto {PORTSDIR}/www/apache13-modssl
-& run make certificate TYPE=custom
-Answer the questions in each step & when you're finished you'll be given a summary of files & their functions
-Now copy those files from the summary by going to work/apache_1.X.XX/conf & copy the certs to your apache config directory
-(replace X.XX with the relevant version number)
-cp work/apache_1.X.XX/conf/ssl.key/ca.key {PREFIX}/etc/apache/ssl.key/
-cp work/apache_1.XXX/conf/ssl.key/server.key {PREFIX}/etc/apache/ssl.key/
-cp work/apache_1.XXX/conf/ssl.crt/ca.crt {PREFIX}/etc/apache/ssl.crt/
-cp work/apache_1.XXX/conf/ssl.crt/server.crt {PREFIX}/etc/apache/ssl.crt/
-chmod 400 {PREFIX}/etc/apache/ssl.key/ca.key
-chmod 400 {PREFIX}/etc/apache/ssl.crt/ca.crt
-
-Optional:
-rm {PREFIX}/etc/apache/ssl.key/snakeoil-*
-rm {PREFIX}/etc/apache/ssl.crt/snakeoil-*
-then goto {PREFIX}/etc/apache/ssl.crt/ & delete the bunch of alphanumeric filenamed symbolic links
-
-4) Put Chillispots files into place:
-copy hotspotlogin.cgi from {PREFIX}/share/chillispot/ to {PREFIX}/www/cgi/
-& make it executable:
-chmod 555 {PREFIX}/www/cgi-bin/hotspotlogin.cgi
-
-put chillispot.conf file into place
-cp {PREFIX}/share/chillispot/chilli.conf.sample {PREFIX}/etc/chilli.conf
-
-freeRADIUS related files
-cp {PREFIX}/share/chillispot/dictionary.chillispot {PREFIX}/etc/raddb/
-cp {PREFIX}/share/chillispot/freeradius.users {PREFIX}/etc/raddb/
-
-PF Config file
-cp {PREFIX}/share/chillispot/pf.conf.sample /etc/pf.conf
-
-5) Setup MySQL
-run ./mysql_install_db
-& follow the onscreen instructions provided to set a new root password
-
-6) Create a Database for freeRADIUS
-at the mysql prompt issue the following:
-create database mydbname;
-grant all privileges on mydbname.* to 'dbusername'@'localhost' identified by 'mypass';
-flush privileges;
-quit;
-
-7) Import the freeRADIUS MySQL DB Schema
-by running the following:
-mysql -u dbusrname -p mydbname < {PREFIX}/share/doc/freeradius/examples/mysql.sql
-
-8) Configure freeRADIUS
-goto {PREFIX}/etc/raddb
-trim .sample from the end of the filenames off the following files:
-acct_users
-certs
-clients.conf
-dictionary , then edit if & add $INCLUDE dictionary.chillispot
-
-eap.conf
-hints
-huntgroups
-preproxy_users
-proxy.conf
-radiusd.conf
-snmp.conf
-sql.conf
-users
-
-9) Before going ahead & configuring freeRADIUS to use MySQL
-setup a basic account using the existing flatfiles to make sure everything is working so far
-edit {PREFIX}/etc/raddb/clients.conf
-& change the secret entry e.g:
-secret = s3cr3t
-
-then add the sample chillispot user by copying the contents of freeradius.users to users
-
-then run adduser to create a user which radiusd will run under
-#adduser
-Username: radiusd
-Full name: freeRADIUS
-Uid (Leave empty for default):
-Login group [radiusd]:
-Login group is radiusd. Invite radiusd into other groups? []:
-Login class [default]:
-Shell (sh csh tcsh nologin) [sh]: nologin
-Home directory [/home/radiusd]: /nonexistent
-Use password-based authentication? [yes]:
-Use an empty password? (yes/no) [no]:
-Use a random password? (yes/no) [no]: y
-Lock out the account after creation? [no]: y
-Username : radiusd
-Password : <random>
-Full Name : freeRADIUS
-Uid : 1002
-Class :
-Groups : radiusd
-Home : /nonexistent
-Shell : /usr/sbin/nologin
-Locked : yes
-OK? (yes/no): y
-adduser: INFO: Successfully added (radiusd) to the user database.
-adduser: INFO: Password for (radiusd) is: blablabla123
-adduser: INFO: Account (radiusd) is locked.
-
-now edit {PREFIX}/etc/raddb/radiusd.conf
-uncomment & change the user & group entries from
-#user = nobody to user = radiusd
-#group = nobody to group = radiusd
- & change
-proxy_requests = yes to no
-
-now create the log files freeRADIUS will use in /var/log
-mkdir /var/log/radacct
-touch /var/log/radius.log
-touch /var/log/radutmp
-touch /var/log/radwtmp
-
-assign them right permissions
-chmod 700 /var/log/radacct
-chmod 644 /var/log/radius.log
-chmod 600 /var/log/radutmp
-chmod 644 /var/log/radwtmp
-
-then change their ownership
-chown radiusd:radiusd /var/log/radacct
-chown radiusd:radiusd /var/log/radius.log
-chown radiusd:radiusd /var/log/radutmp
-chown radiusd:radiusd /var/log/radwtmp
-
-10) Now fireup freeRADIUS in debug mode
- by issuing {PREFIX}/sbin/radiusd -X
-& using the radtest tool query freeRADIUS
-radtest steve testing localhost 1812 s3cr3t
-
-you should get the following output back:
-Sending Access-Request of id 57 to 127.0.0.1 port 1812
- User-Name = "steve"
- User-Password = "testing"
- NAS-IP-Address = 255.255.255.255
- NAS-Port = 1812
-rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=57, length=74
- Class = 0x30373032333435363738
- Session-Timeout = 3600
- Idle-Timeout = 600
- Acct-Interim-Interval = 60
- WISPr-Bandwidth-Max-Up = 128000
- WISPr-Bandwidth-Max-Down = 512000
-
-if you're not sure if freeRADIUS is listening on port 1812/udp or 1645/udp check your /etc/services file
-$ cat /etc/services | grep radius
-# IMPORTANT NOTE: Ports 1645/1646 are the traditional radius ports used by
-#radius 1645/udp #RADIUS authentication protocol (old)
-radius 1812/udp #RADIUS authentication protocol (IANA sanctioned)
-
-If everything went along ok without any errors edit users & remove the entries you added from chillispots freeradius.users files.
-
-11) Configuring freeRADIUS to use MySQL instead of flat files
-edit {PREFIX}/etc/raddb/sql.conf &
-change the login, password & radius_db entries to those used in step 6
-then uncomment
- #sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
-& comment out sql_user_name = "%{User-Name}"
-if you'd like to use shortames (username minus realm) aswell as user@realm.f00 & :-DEFAULT
-then uncomment simul_count_query
-
-edit {PREFIX}/etc/raddb/radiusd.conf
-then uncomment sql in the Authorize {
-comment out unix in Authenticate {
-comment out files in preacct {
-uncomment sql in accounting {
-comment radutmp & uncomment sql in session {
-
-freeRADIUS is now setup to use MySQL.
-
-12) You now need to setup some users for your wireless clients to use
-12.1: login to the mysql console:
-mysql -u dbusername -p
-
-12.2: choose the database you created for freeRADIUS to work on
-mysql> use mydbname;
-
-12.3: lets see what in here:
-mysql> show tables;
-+----------------------+
-| Tables_in_mydbname |
-+----------------------+
-| nas |
-| radacct |
-| radcheck |
-| radgroupcheck |
-| radgroupreply |
-| radpostauth |
-| radreply |
-| usergroup |
-+----------------------+
-8 rows in set (0.00 sec)
-
-12.4: to see what fields you need to fill in isse:
-mysql> show columns from radcheck;
-+-----------+------------------+------+-----+---------+----------------+
-| Field | Type | Null | Key | Default | Extra |
-+-----------+------------------+------+-----+---------+----------------+
-| id | int(11) unsigned | | PRI | NULL | auto_increment |
-| UserName | varchar(64) | | MUL | | |
-| Attribute | varchar(32) | | | | |
-| op | char(2) | | | == | |
-| Value | varchar(253) | | | | |
-+-----------+------------------+------+-----+---------+----------------+
-5 rows in set (0.01 sec)
-
-12.5: lets add our first username:
-mysql> insert into radcheck (Username, Attribute, Value) VALUES ('fry', 'Password', 'walkingonsunshine');
-Query OK, 1 row affected (0.00 sec)
-
-12.6: is it there?
-mysql> select * from radcheck;
-+----+----------+-----------+----+-------------------+
-| id | UserName | Attribute | op | Value |
-+----+----------+-----------+----+-------------------+
-| 1 | fry | Password | == | walkingonsunshine |
-+----+----------+-----------+----+-------------------+
-1 row in set (0.00 sec)
-
-12.7: assign the user to a group:
-mysql> show columns from usergroup;
-+-----------+-------------+------+-----+---------+-------+
-| Field | Type | Null | Key | Default | Extra |
-+-----------+-------------+------+-----+---------+-------+
-| UserName | varchar(64) | | MUL | | |
-| GroupName | varchar(64) | | | | |
-| priority | int(11) | | | 1 | |
-+-----------+-------------+------+-----+---------+-------+
-3 rows in set (0.01 sec)
-
-mysql> insert into usergroup (UserName, GroupName, Priority) VALUES ('fry', 'dynamic', 1);
-Query OK, 1 row affected (0.00 sec)
-
-mysql> select * from usergroup;
-+----------+-----------+----------+
-| UserName | GroupName | priority |
-+----------+-----------+----------+
-| fry | dynamic | 1 |
-+----------+-----------+----------+
-1 row in set (0.01 sec)
-
-12.8) Authorization Type:
-mysql> show columns from radgroupcheck;
-+-----------+------------------+------+-----+---------+----------------+
-| Field | Type | Null | Key | Default | Extra |
-+-----------+------------------+------+-----+---------+----------------+
-| id | int(11) unsigned | | PRI | NULL | auto_increment |
-| GroupName | varchar(64) | | MUL | | |
-| Attribute | varchar(32) | | | | |
-| op | char(2) | | | == | |
-| Value | varchar(253) | | | | |
-+-----------+------------------+------+-----+---------+----------------+
-5 rows in set (0.00 sec)
-
-mysql> insert into radgroupcheck (GroupName, Attribute, Value) VALUES ('dynamic', 'Auth-Type', 'Local');
-Query OK, 1 row affected (0.00 sec)
-
-mysql> select * from radgroupcheck;
-+----+-----------+-----------+----+-------+
-| id | GroupName | Attribute | op | Value |
-+----+-----------+-----------+----+-------+
-| 1 | dynamic | Auth-Type | == | Local |
-+----+-----------+-----------+----+-------+
-1 row in set (0.00 sec)
-
-
-mysql> show columns from radgroupcheck;
-+-----------+------------------+------+-----+---------+----------------+
-| Field | Type | Null | Key | Default | Extra |
-+-----------+------------------+------+-----+---------+----------------+
-| id | int(11) unsigned | | PRI | NULL | auto_increment |
-| GroupName | varchar(64) | | MUL | | |
-| Attribute | varchar(32) | | | | |
-| op | char(2) | | | == | |
-| Value | varchar(253) | | | | |
-+-----------+------------------+------+-----+---------+----------------+
-5 rows in set (0.00 sec)
-
-12.9) User & Group Attribute settings
-User specific attributes:
-mysql> show columns from radreply;
-+-----------+------------------+------+-----+---------+----------------+
-| Field | Type | Null | Key | Default | Extra |
-+-----------+------------------+------+-----+---------+----------------+
-| id | int(11) unsigned | | PRI | NULL | auto_increment |
-| UserName | varchar(64) | | MUL | | |
-| Attribute | varchar(32) | | | | |
-| op | char(2) | | | = | |
-| Value | varchar(253) | | | | |
-+-----------+------------------+------+-----+---------+----------------+
-5 rows in set (0.00 sec)
-
-mysql> insert into radreply (UserName, Attribute, Value) VALUES ('fry', 'Class', '0702345678');
-Query OK, 1 row affected (0.01 sec)
-
-mysql> select * from radreply;
-+----+----------+-----------+----+------------+
-| id | UserName | Attribute | op | Value |
-+----+----------+-----------+----+------------+
-| 1 | fry | Class | = | 0702345678 |
-+----+----------+-----------+----+------------+
-1 row in set (0.00 sec)
-
-Group specific settings:
-mysql> show columns from radgroupreply;
-+-----------+------------------+------+-----+---------+----------------+
-| Field | Type | Null | Key | Default | Extra |
-+-----------+------------------+------+-----+---------+----------------+
-| id | int(11) unsigned | | PRI | NULL | auto_increment |
-| GroupName | varchar(64) | | MUL | | |
-| Attribute | varchar(32) | | | | |
-| op | char(2) | | | = | |
-| Value | varchar(253) | | | | |
-+-----------+------------------+------+-----+---------+----------------+
-5 rows in set (0.00 sec)
-
-mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'Session-Timeout', '3600');
-Query OK, 1 row affected (0.00 sec)
-
-mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'Idle-Timeout', '600');
-Query OK, 1 row affected (0.00 sec)
-
-mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'Acct-Interim-Interval', '60');
-Query OK, 1 row affected (0.01 sec)
-
-mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'WISPr-Redirection-URL', 'http://www.geeklan.co.uk');
-Query OK, 1 row affected (0.00 sec)
-
-mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'WISPr-Bandwidth-Max-Up', '128000');
-Query OK, 1 row affected (0.01 sec)
-
-mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'WISPr-Bandwidth-Max-Down', '512000');
-Query OK, 1 row affected (0.01 sec)
-
-mysql> select * from radgroupreply;
-+----+-----------+--------------------------+----+--------------------------+
-| id | GroupName | Attribute | op | Value |
-+----+-----------+--------------------------+----+--------------------------+
-| 1 | dynamic | Session-Timeout | = | 3600 |
-| 2 | dynamic | Idle-Timeout | = | 600 |
-| 3 | dynamic | Acct-Interim-Interval | = | 60 |
-| 4 | dynamic | WISPr-Redirection-URL | = | http://www.geeklan.co.uk |
-| 5 | dynamic | WISPr-Bandwidth-Max-Up | = | 128000 |
-| 6 | dynamic | WISPr-Bandwidth-Max-Down | = | 512000 |
-+----+-----------+--------------------------+----+--------------------------+
-6 rows in set (0.00 sec)
-
-Test:
-{PREFIX}/bin/radtest fry walkingonsunshine localhost 1812 s3cr3t
-Sending Access-Request of id 250 to 127.0.0.1 port 1812
- User-Name = "fry"
- User-Password = "walkingonsunshine"
- NAS-IP-Address = 255.255.255.255
- NAS-Port = 1812
-rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=250, length=106
- Class = 0x30373032333435363738
- Session-Timeout = 3600
- Idle-Timeout = 600
- Acct-Interim-Interval = 60
- WISPr-Redirection-URL = "http://www.geeklan.co.uk"
- WISPr-Bandwidth-Max-Up = 128000
- WISPr-Bandwidth-Max-Down = 512000
-
-13) Nearly There
-edit {PREFIX}/etc/chilli.conf
-& change the dns1 & dns2 entries to your dns servers
-(note, if you're not running a dns server locally you'll need to uncomment uamanydns)
-change radiusserver1 & radiusserver2 to localhost
-set radiussecret to whatever you selected in step 9
-e.g s3cr3t
-set dhcpif to your wifi card e.g ral0
-change uamserver to https://192.168.182.1/cgi-bin/hotspotlogin.cgi
-(if you're not running a dns server locally, if you are use the fqdn)
-change the uamsecret to another value, then edit {PREFIX}/www/cgi-bin/hotspotlogin.cgi & add the same value to $uamsecret
-
-14) Finishing Stage
-Edit /etc/pf.conf & make sure the $ext_if & $int_if are correct
-Edit /etc/rc.conf & add the following:
-chillispot_enable="YES"
-apache_enable="YES"
-radiusd_enale="YES"
-mysql_enable="YES"
-pf_enable="YES" # Enable PF (load module if required)
-pf_rules="/etc/pf.conf" # rules definition file for pf
-pf_flags="" # additional flags for pfctl startup
-pflog_enable="YES" # start pflogd(8)
-pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
-pflog_flags="" # additional flags for pflogd startup
-gateway_enable="YES"
-
-& remove any IP addresses assigned to your wifi card
-this is enough for chilli to work:
-ifconfig_ral0="ssid chilli mediaopt hostap mode 11b"
-
-save & reboot or quit to back to the shell & run the following to get everything started
-{PREFIX}/etc/rc.d/chillispot start
-{PREFIX}/etc/rc.d/apache.sh start you'll be asked for the password that you assigned whilst generating the certs in the step 3
-{PREFIX}/etc/rc.d/mysql-server start
-{PREFIX}/etc/rc.d/radiusd start
-pfctl -e
-pfctl -f /etc/pf.conf
-
-
-
-THE END!!!
-
-
-
-Original Sources for info:
-OpenBSD PF FAQ
-http://www.openbsd.org/faq/
-
-The FreeBSD HandBook
-http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html
-
-SB's very rough notes to FreeRadius and MySQL
-http://www.frontios.com/freeradius.html
-
-ONLamp Getting Started with FreeRADIUS
-http://www.onlamp.com/pub/a/onlamp/excerpt/radius_5/index1.html?page=1
-
-
-TAASC MySQL Basics
-http://www.analysisandsolutions.com/code/mybasic.htm
-
-This work is licensed under the Creative Commons Attribution-Share Alike 2.5 License. To view a copy of this license, visit
-http://creativecommons.org/licenses/by-sa/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California,
-94105, USA.
-
diff -urN chillispot.orig/files/installguide.txt.in chillispot/files/installguide.txt.in
--- chillispot.orig/files/installguide.txt.in 1970-01-01 01:00:00.000000000 +0100
+++ chillispot/files/installguide.txt.in 2010-01-02 13:41:04.000000000 +0000
@@ -0,0 +1,453 @@
+ Installing Chillispot on FreeBSD
+ By Sevan Janiyan
+ www.geeklan.co.uk
+ venture37@geeklan.co.uk
+
+
+This guide will cover how to get a basic Chillispot installation going with Apache 1.3 + mod_ssl, mySQL 4.1, freeRADIUS & OpenBSD's Packet Filter PF
+
+1) Update your ports tree!!!!
+Instructions on how to do so are included in the HandBook under the Using CVSup section:
+http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
+
+2) Once the update is complete goto {PORTSDIR}/net-mgmt/chillispot & run make install, you'll be presented with a menu, select:
+MATURE Stable Releases of Apache with mod_ssl & mySQL
+&
+FREE freeRADIUS
+& choose Ok
+
+During the build process you'll be asked what flavour of freeRADIUS you'd like to build,
+choose MYSQL With MySQL user database
+
+3) When the build & install process is complete go back to the apache directory,
+regenerate & install some new certs & optionally remove the preinstalled snakeoil test ones.
+goto {PORTSDIR}/www/apache13-modssl
+& run make certificate TYPE=custom
+Answer the questions in each step & when you're finished you'll be given a summary of files & their functions
+Now copy those files from the summary by going to work/apache_1.X.XX/conf & copy the certs to your apache config directory
+(replace X.XX with the relevant version number)
+cp work/apache_1.X.XX/conf/ssl.key/ca.key %%PREFIX%%/etc/apache/ssl.key/
+cp work/apache_1.XXX/conf/ssl.key/server.key %%PREFIX%%/etc/apache/ssl.key/
+cp work/apache_1.XXX/conf/ssl.crt/ca.crt %%PREFIX%%/etc/apache/ssl.crt/
+cp work/apache_1.XXX/conf/ssl.crt/server.crt %%PREFIX%%/etc/apache/ssl.crt/
+chmod 400 %%PREFIX%%/etc/apache/ssl.key/ca.key
+chmod 400 %%PREFIX%%/etc/apache/ssl.crt/ca.crt
+
+Optional:
+rm %%PREFIX%%/etc/apache/ssl.key/snakeoil-*
+rm %%PREFIX%%/etc/apache/ssl.crt/snakeoil-*
+then goto %%PREFIX%%/etc/apache/ssl.crt/ & delete the bunch of alphanumeric filenamed symbolic links
+
+4) Put Chillispots files into place:
+copy hotspotlogin.cgi from %%PREFIX%%/share/chillispot/ to %%PREFIX%%/www/cgi/
+& make it executable:
+chmod 555 %%PREFIX%%/www/cgi-bin/hotspotlogin.cgi
+
+put chillispot.conf file into place
+cp %%PREFIX%%/share/chillispot/chilli.conf.sample %%PREFIX%%/etc/chilli.conf
+
+freeRADIUS related files
+cp %%PREFIX%%/share/chillispot/dictionary.chillispot %%PREFIX%%/etc/raddb/
+cp %%PREFIX%%/share/chillispot/freeradius.users %%PREFIX%%/etc/raddb/
+
+PF Config file
+cp %%PREFIX%%/share/chillispot/pf.conf.sample /etc/pf.conf
+
+5) Setup MySQL
+run ./mysql_install_db
+& follow the onscreen instructions provided to set a new root password
+
+6) Create a Database for freeRADIUS
+at the mysql prompt issue the following:
+create database mydbname;
+grant all privileges on mydbname.* to 'dbusername'@'localhost' identified by 'mypass';
+flush privileges;
+quit;
+
+7) Import the freeRADIUS MySQL DB Schema
+by running the following:
+mysql -u dbusrname -p mydbname < %%PREFIX%%/share/doc/freeradius/examples/mysql.sql
+
+8) Configure freeRADIUS
+goto %%PREFIX%%/etc/raddb
+trim .sample from the end of the filenames off the following files:
+acct_users
+certs
+clients.conf
+dictionary , then edit if & add $INCLUDE dictionary.chillispot
+
+eap.conf
+hints
+huntgroups
+preproxy_users
+proxy.conf
+radiusd.conf
+snmp.conf
+sql.conf
+users
+
+9) Before going ahead & configuring freeRADIUS to use MySQL
+setup a basic account using the existing flatfiles to make sure everything is working so far
+edit %%PREFIX%%/etc/raddb/clients.conf
+& change the secret entry e.g:
+secret = s3cr3t
+
+then add the sample chillispot user by copying the contents of freeradius.users to users
+
+then run adduser to create a user which radiusd will run under
+#adduser
+Username: radiusd
+Full name: freeRADIUS
+Uid (Leave empty for default):
+Login group [radiusd]:
+Login group is radiusd. Invite radiusd into other groups? []:
+Login class [default]:
+Shell (sh csh tcsh nologin) [sh]: nologin
+Home directory [/home/radiusd]: /nonexistent
+Use password-based authentication? [yes]:
+Use an empty password? (yes/no) [no]:
+Use a random password? (yes/no) [no]: y
+Lock out the account after creation? [no]: y
+Username : radiusd
+Password : <random>
+Full Name : freeRADIUS
+Uid : 1002
+Class :
+Groups : radiusd
+Home : /nonexistent
+Shell : /usr/sbin/nologin
+Locked : yes
+OK? (yes/no): y
+adduser: INFO: Successfully added (radiusd) to the user database.
+adduser: INFO: Password for (radiusd) is: blablabla123
+adduser: INFO: Account (radiusd) is locked.
+
+now edit %%PREFIX%%/etc/raddb/radiusd.conf
+uncomment & change the user & group entries from
+#user = nobody to user = radiusd
+#group = nobody to group = radiusd
+ & change
+proxy_requests = yes to no
+
+now create the log files freeRADIUS will use in /var/log
+mkdir /var/log/radacct
+touch /var/log/radius.log
+touch /var/log/radutmp
+touch /var/log/radwtmp
+
+assign them right permissions
+chmod 700 /var/log/radacct
+chmod 644 /var/log/radius.log
+chmod 600 /var/log/radutmp
+chmod 644 /var/log/radwtmp
+
+then change their ownership
+chown radiusd:radiusd /var/log/radacct
+chown radiusd:radiusd /var/log/radius.log
+chown radiusd:radiusd /var/log/radutmp
+chown radiusd:radiusd /var/log/radwtmp
+
+10) Now fireup freeRADIUS in debug mode
+ by issuing %%PREFIX%%/sbin/radiusd -X
+& using the radtest tool query freeRADIUS
+radtest steve testing localhost 1812 s3cr3t
+
+you should get the following output back:
+Sending Access-Request of id 57 to 127.0.0.1 port 1812
+ User-Name = "steve"
+ User-Password = "testing"
+ NAS-IP-Address = 255.255.255.255
+ NAS-Port = 1812
+rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=57, length=74
+ Class = 0x30373032333435363738
+ Session-Timeout = 3600
+ Idle-Timeout = 600
+ Acct-Interim-Interval = 60
+ WISPr-Bandwidth-Max-Up = 128000
+ WISPr-Bandwidth-Max-Down = 512000
+
+if you're not sure if freeRADIUS is listening on port 1812/udp or 1645/udp check your /etc/services file
+$ cat /etc/services | grep radius
+# IMPORTANT NOTE: Ports 1645/1646 are the traditional radius ports used by
+#radius 1645/udp #RADIUS authentication protocol (old)
+radius 1812/udp #RADIUS authentication protocol (IANA sanctioned)
+
+If everything went along ok without any errors edit users & remove the entries you added from chillispots freeradius.users files.
+
+11) Configuring freeRADIUS to use MySQL instead of flat files
+edit %%PREFIX%%/etc/raddb/sql.conf &
+change the login, password & radius_db entries to those used in step 6
+then uncomment
+ #sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
+& comment out sql_user_name = "%{User-Name}"
+if you'd like to use shortames (username minus realm) aswell as user@realm.f00 & :-DEFAULT
+then uncomment simul_count_query
+
+edit %%PREFIX%%/etc/raddb/radiusd.conf
+then uncomment sql in the Authorize {
+comment out unix in Authenticate {
+comment out files in preacct {
+uncomment sql in accounting {
+comment radutmp & uncomment sql in session {
+
+freeRADIUS is now setup to use MySQL.
+
+12) You now need to setup some users for your wireless clients to use
+12.1: login to the mysql console:
+mysql -u dbusername -p
+
+12.2: choose the database you created for freeRADIUS to work on
+mysql> use mydbname;
+
+12.3: lets see what in here:
+mysql> show tables;
++----------------------+
+| Tables_in_mydbname |
++----------------------+
+| nas |
+| radacct |
+| radcheck |
+| radgroupcheck |
+| radgroupreply |
+| radpostauth |
+| radreply |
+| usergroup |
++----------------------+
+8 rows in set (0.00 sec)
+
+12.4: to see what fields you need to fill in isse:
+mysql> show columns from radcheck;
++-----------+------------------+------+-----+---------+----------------+
+| Field | Type | Null | Key | Default | Extra |
++-----------+------------------+------+-----+---------+----------------+
+| id | int(11) unsigned | | PRI | NULL | auto_increment |
+| UserName | varchar(64) | | MUL | | |
+| Attribute | varchar(32) | | | | |
+| op | char(2) | | | == | |
+| Value | varchar(253) | | | | |
++-----------+------------------+------+-----+---------+----------------+
+5 rows in set (0.01 sec)
+
+12.5: lets add our first username:
+mysql> insert into radcheck (Username, Attribute, Value) VALUES ('fry', 'Password', 'walkingonsunshine');
+Query OK, 1 row affected (0.00 sec)
+
+12.6: is it there?
+mysql> select * from radcheck;
++----+----------+-----------+----+-------------------+
+| id | UserName | Attribute | op | Value |
++----+----------+-----------+----+-------------------+
+| 1 | fry | Password | == | walkingonsunshine |
++----+----------+-----------+----+-------------------+
+1 row in set (0.00 sec)
+
+12.7: assign the user to a group:
+mysql> show columns from usergroup;
++-----------+-------------+------+-----+---------+-------+
+| Field | Type | Null | Key | Default | Extra |
++-----------+-------------+------+-----+---------+-------+
+| UserName | varchar(64) | | MUL | | |
+| GroupName | varchar(64) | | | | |
+| priority | int(11) | | | 1 | |
++-----------+-------------+------+-----+---------+-------+
+3 rows in set (0.01 sec)
+
+mysql> insert into usergroup (UserName, GroupName, Priority) VALUES ('fry', 'dynamic', 1);
+Query OK, 1 row affected (0.00 sec)
+
+mysql> select * from usergroup;
++----------+-----------+----------+
+| UserName | GroupName | priority |
++----------+-----------+----------+
+| fry | dynamic | 1 |
++----------+-----------+----------+
+1 row in set (0.01 sec)
+
+12.8) Authorization Type:
+mysql> show columns from radgroupcheck;
++-----------+------------------+------+-----+---------+----------------+
+| Field | Type | Null | Key | Default | Extra |
++-----------+------------------+------+-----+---------+----------------+
+| id | int(11) unsigned | | PRI | NULL | auto_increment |
+| GroupName | varchar(64) | | MUL | | |
+| Attribute | varchar(32) | | | | |
+| op | char(2) | | | == | |
+| Value | varchar(253) | | | | |
++-----------+------------------+------+-----+---------+----------------+
+5 rows in set (0.00 sec)
+
+mysql> insert into radgroupcheck (GroupName, Attribute, Value) VALUES ('dynamic', 'Auth-Type', 'Local');
+Query OK, 1 row affected (0.00 sec)
+
+mysql> select * from radgroupcheck;
++----+-----------+-----------+----+-------+
+| id | GroupName | Attribute | op | Value |
++----+-----------+-----------+----+-------+
+| 1 | dynamic | Auth-Type | == | Local |
++----+-----------+-----------+----+-------+
+1 row in set (0.00 sec)
+
+
+mysql> show columns from radgroupcheck;
++-----------+------------------+------+-----+---------+----------------+
+| Field | Type | Null | Key | Default | Extra |
++-----------+------------------+------+-----+---------+----------------+
+| id | int(11) unsigned | | PRI | NULL | auto_increment |
+| GroupName | varchar(64) | | MUL | | |
+| Attribute | varchar(32) | | | | |
+| op | char(2) | | | == | |
+| Value | varchar(253) | | | | |
++-----------+------------------+------+-----+---------+----------------+
+5 rows in set (0.00 sec)
+
+12.9) User & Group Attribute settings
+User specific attributes:
+mysql> show columns from radreply;
++-----------+------------------+------+-----+---------+----------------+
+| Field | Type | Null | Key | Default | Extra |
++-----------+------------------+------+-----+---------+----------------+
+| id | int(11) unsigned | | PRI | NULL | auto_increment |
+| UserName | varchar(64) | | MUL | | |
+| Attribute | varchar(32) | | | | |
+| op | char(2) | | | = | |
+| Value | varchar(253) | | | | |
++-----------+------------------+------+-----+---------+----------------+
+5 rows in set (0.00 sec)
+
+mysql> insert into radreply (UserName, Attribute, Value) VALUES ('fry', 'Class', '0702345678');
+Query OK, 1 row affected (0.01 sec)
+
+mysql> select * from radreply;
++----+----------+-----------+----+------------+
+| id | UserName | Attribute | op | Value |
++----+----------+-----------+----+------------+
+| 1 | fry | Class | = | 0702345678 |
++----+----------+-----------+----+------------+
+1 row in set (0.00 sec)
+
+Group specific settings:
+mysql> show columns from radgroupreply;
++-----------+------------------+------+-----+---------+----------------+
+| Field | Type | Null | Key | Default | Extra |
++-----------+------------------+------+-----+---------+----------------+
+| id | int(11) unsigned | | PRI | NULL | auto_increment |
+| GroupName | varchar(64) | | MUL | | |
+| Attribute | varchar(32) | | | | |
+| op | char(2) | | | = | |
+| Value | varchar(253) | | | | |
++-----------+------------------+------+-----+---------+----------------+
+5 rows in set (0.00 sec)
+
+mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'Session-Timeout', '3600');
+Query OK, 1 row affected (0.00 sec)
+
+mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'Idle-Timeout', '600');
+Query OK, 1 row affected (0.00 sec)
+
+mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'Acct-Interim-Interval', '60');
+Query OK, 1 row affected (0.01 sec)
+
+mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'WISPr-Redirection-URL', 'http://www.geeklan.co.uk');
+Query OK, 1 row affected (0.00 sec)
+
+mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'WISPr-Bandwidth-Max-Up', '128000');
+Query OK, 1 row affected (0.01 sec)
+
+mysql> insert into radgroupreply (GroupName, Attribute, Value) VALUES ('dynamic', 'WISPr-Bandwidth-Max-Down', '512000');
+Query OK, 1 row affected (0.01 sec)
+
+mysql> select * from radgroupreply;
++----+-----------+--------------------------+----+--------------------------+
+| id | GroupName | Attribute | op | Value |
++----+-----------+--------------------------+----+--------------------------+
+| 1 | dynamic | Session-Timeout | = | 3600 |
+| 2 | dynamic | Idle-Timeout | = | 600 |
+| 3 | dynamic | Acct-Interim-Interval | = | 60 |
+| 4 | dynamic | WISPr-Redirection-URL | = | http://www.geeklan.co.uk |
+| 5 | dynamic | WISPr-Bandwidth-Max-Up | = | 128000 |
+| 6 | dynamic | WISPr-Bandwidth-Max-Down | = | 512000 |
++----+-----------+--------------------------+----+--------------------------+
+6 rows in set (0.00 sec)
+
+Test:
+%%PREFIX%%/bin/radtest fry walkingonsunshine localhost 1812 s3cr3t
+Sending Access-Request of id 250 to 127.0.0.1 port 1812
+ User-Name = "fry"
+ User-Password = "walkingonsunshine"
+ NAS-IP-Address = 255.255.255.255
+ NAS-Port = 1812
+rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=250, length=106
+ Class = 0x30373032333435363738
+ Session-Timeout = 3600
+ Idle-Timeout = 600
+ Acct-Interim-Interval = 60
+ WISPr-Redirection-URL = "http://www.geeklan.co.uk"
+ WISPr-Bandwidth-Max-Up = 128000
+ WISPr-Bandwidth-Max-Down = 512000
+
+13) Nearly There
+edit %%PREFIX%%/etc/chilli.conf
+& change the dns1 & dns2 entries to your dns servers
+(note, if you're not running a dns server locally you'll need to uncomment uamanydns)
+change radiusserver1 & radiusserver2 to localhost
+set radiussecret to whatever you selected in step 9
+e.g s3cr3t
+set dhcpif to your wifi card e.g ral0
+change uamserver to https://192.168.182.1/cgi-bin/hotspotlogin.cgi
+(if you're not running a dns server locally, if you are use the fqdn)
+change the uamsecret to another value, then edit %%PREFIX%%/www/cgi-bin/hotspotlogin.cgi & add the same value to $uamsecret
+
+14) Finishing Stage
+Edit /etc/pf.conf & make sure the $ext_if & $int_if are correct
+Edit /etc/rc.conf & add the following:
+chillispot_enable="YES"
+apache_enable="YES"
+radiusd_enale="YES"
+mysql_enable="YES"
+pf_enable="YES" # Enable PF (load module if required)
+pf_rules="/etc/pf.conf" # rules definition file for pf
+pf_flags="" # additional flags for pfctl startup
+pflog_enable="YES" # start pflogd(8)
+pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
+pflog_flags="" # additional flags for pflogd startup
+gateway_enable="YES"
+
+& remove any IP addresses assigned to your wifi card
+this is enough for chilli to work:
+ifconfig_ral0="ssid chilli mediaopt hostap mode 11b"
+
+save & reboot or quit to back to the shell & run the following to get everything started
+%%PREFIX%%/etc/rc.d/chillispot start
+%%PREFIX%%/etc/rc.d/apache.sh start you'll be asked for the password that you assigned whilst generating the certs in the step 3
+%%PREFIX%%/etc/rc.d/mysql-server start
+%%PREFIX%%/etc/rc.d/radiusd start
+pfctl -e
+pfctl -f /etc/pf.conf
+
+
+
+THE END!!!
+
+
+
+Original Sources for info:
+OpenBSD PF FAQ
+http://www.openbsd.org/faq/
+
+The FreeBSD HandBook
+http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html
+
+SB's very rough notes to FreeRadius and MySQL
+http://www.frontios.com/freeradius.html
+
+ONLamp Getting Started with FreeRADIUS
+http://www.onlamp.com/pub/a/onlamp/excerpt/radius_5/index1.html?page=1
+
+
+TAASC MySQL Basics
+http://www.analysisandsolutions.com/code/mybasic.htm
+
+This work is licensed under the Creative Commons Attribution-Share Alike 2.5 License. To view a copy of this license, visit
+http://creativecommons.org/licenses/by-sa/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California,
+94105, USA.
+
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001021353.o02DrJtV054054>