Speaker: Chia-Wei Chang Date: 2015/3/25 · 電腦. A • Apache Http Server • RADIUS server •...
Transcript of Speaker: Chia-Wei Chang Date: 2015/3/25 · 電腦. A • Apache Http Server • RADIUS server •...
Speaker: Chia-Wei ChangDate: 2015/3/25
一台筆記型電腦(電腦A)• 具有無線網卡• 具有有線網卡一台筆記型電腦或個人電腦(電腦B)一條網路線
2
Computer B Computer A
Network to InternetPublic IP addr.
AP
TCP
IP
L2
L1
AP
TCP
IP
L2
L1
AP
TCP
IP
L2
L1
AAA ServerChillispot
3
電腦A• Apache Http Server• RADIUS server• MySQL(Maria) database• CoovaChilli (or Chillispot)• Web Easyhotspot (Optional)電腦B• Enable wireless card
4
環境架設的指令會跟不同的作業系統以及系統版本有關,僅供參考。
助教的電腦環境• Virtual Machine : Parallel Desktop 10 for mac • Operating System : CentOS 7
5
安裝 Apache Server• yum install httpd –y安裝 MariaDB• yum install mariadb-server mariadb安裝 PHP• yum install php php-pear php-mysql
安裝完PHP請重新啟動Apache httpd service
6
MariaDB• % registrar mariadb service• sudo /bin/systemctl enable mariadb.service• % start mariadb• sudo /bin/systemctl mariadb.service• % initialize mariadb• sudo /usr/bin/mysql_secure_installation
7
安裝 FreeRADIUS• % main functions• yum install freeradius• % other functions• yum install freeradius-mysql freeradius-utils –y
8
匯入RADIUS資料庫架構到MariaDB• % sql files located on • % /etc/raddb/mods-config/sql/main/mysql• mysql -u root -p radius < schema.sql由於RADIUS 是AAA Server,所以要開啟Authorize, Authenticate 以及accounting的SQL功能
9
於/etc/raddb/sites-avalible/目錄下編輯default• 設定radius server listen port
- type=auth => port=1812- type=acct =>port=1813
• 開啟Authorize. Authenticate, Accounting 的sql功能- post-auth { 拿掉sql的註解}- accounting { 拿掉sql的註解}- session{ 拿掉sql的註解}
10
於/etc/raddb 目錄下編輯radiusd.conf• modules { 加上 $INCLUDE mods-available/sql}• modules { 加上 $INCLUDE mods-enabled/}於/etc/raddb/mods-available目錄下編輯sql• 在sql section 適當設定:
- login- Password- radius 讀取使用者資料的database
於/etc/raddb 目錄下編輯 clients.conf• 在 client localhost section 設定secret = easyhotspot
11
建立群組資料• insert into radgroupreply (groupname,attribute,op,value)
values ('user','Auth-Type',':=','CHAP'); • insert into radgroupreply (groupname,attribute,op,value)
values ('user','Service-Type',':=','Framed-User'); 加入測試帳號• insert into radcheck (username,attribute,op,value) values
('ta',‘Cleartext-Password',':=','tatest'); • insert into radusergroup (username,groupname) values
('ta','user');
12
測試 Freeradius• radtest ta tatest localhost 1 easyhotspot• 成功會顯示request accept
13
上網找 coova-chilli的 source壓縮檔解壓 coova-chilli的 source壓縮檔Build from source• cd coova-chilli-%version%• ./configure• remove –Werror in Makefile, Makefile.in and
Makefile.am• make; make install
14
ln -s /usr/local/etc/chilli /etc/ln -s /usr/local/etc/chilli.conf /etc/ln -s /usr/local/etc/init.d/chilli /etc/init.d/ln -s /usr/local/sbin/chilli /sbin/ln -s /usr/local/sbin/chilli_opt /sbin/ln -s /usr/local/sbin/chilli_query /sbin/ln -s /usr/local/sbin/chilli_radconfig /sbin/ln -s /usr/local/sbin/chilli_response /sbin/ln -s /var /usr/local/
15
於 /etc/chilli目錄下編輯 config• HS_WANIF=對外網卡編號• HS_LANIF=對內網卡編號• HS_NETWORK=HotSpot network• HS_NETMASK=255.255.255.0• HS_UAMLISTEN=HotSpot Listen IP• HS_UAMPORT=3990• HS_UAMUIPORT=4990• HS_DNS1=8.8.4.4• HS_DNS2=8.8.8.8
16
• HS_RADIUS=localhost• HS_RADIUS2=localhost• HS_RADSECRET=easyhotspot # RADIUS shared secret• HS_UAMSECRET=easyhotspot # UAM secret• HS_UAMFORMAT=
- https://192.168.182.1/cgi-bin/hotspotlogin.cgi• HS_UAMHOMEPAGE=
- http://192.168.182.1:3990/prelogin• HS_TCP_PORTS="80 443"
17
Web EasyHotSpot 提供使用者認證頁面,也可以自己撰寫,頁面位置設定在上ㄧ頁投影片的• HS_UAMHOMEPAGE• HS_UAMFORMAT
下載EasyHotSpot• yum install git –y• cd /opt• git clone https://github.com/rafeequl/EasyHotspot• ln -s /opt/EasyHotspot/htdocs /var/www/html/easyhotspot
18
No start-stop-daemon• 這個問題是因為CentOS本身採用RPM管理套件,而start-stop-daemon在dpkg套件中,見下面比較表
• 解決方法:1. 編輯 /etc/init.d/chilli 刪除判斷start-stop daemon 的
statement2. 強制安裝dpkg內的start-stop-daemon
RPM DPKGrpm,rpmbuild dpkgyum apt-get
19
上網下載dpkg source壓縮檔安裝start-stop-daemon• tar -xf dpkg_1.17.6.tar.xz• cd dpkg-1.17.6• sudo yum install ncurses-devel ncurses• ./configure• make• cd utils• sudo cp start-stop-daemon /usr/local/bin
20
FreeRADIUS• http://ppt.cc/OWYw
Coovachilli• http://ppt.cc/hb8u
Easyhotspot in Centos• http://ppt.cc/EhEZ
CoovaChilli in Centos• http://ppt.cc/DUfX
Using start-stop-daemon on CentOS• http://ppt.cc/fXk5
21