Translated version of installationFreeRadius.

pdf Page 1 SMS Hotspot Project II Annex 1 Installation FreeRadius MySQL Directors: Gregory Brtschi and Mercier Day Constituents: Delley Meuwly Julien Laurent - Accessible Leaders: Buntschu Franois and Jean-Roland Schuler May 10, 2012 Page 2 TABLE OF CONTENTS 1 Introduction 3 1.1 Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Installation and Configuration 4 2.1 Installing FreeRadius - MySQL. . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Configuring FreeRadius - MySQL. . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.1 Configuring MySQL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.2 Configuring FreeRadius. . . . . . . . . . . . . . . . . . . . . . . . . . . .

5 2.2.3 Function test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.3 Configuring the Hotspot own SMS project. . . . . . . . . . . . . . . . . . . . . . . 8 2.3.1 Configuring FreeRadius. . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3.2 Configuring the database. . . . . . . . . . . . . . . . . . . . . . . . 9 2 Page 3 CHAPTER 1 INTRODUCTION This document contains step by step, all the operations to be performed to establish Radius authentication server, FreeRadius. FreeRadius is coupled with a database MySQL for authentication of the user. The installation of this server will have two byparts: Generic Server Installation and specific configuration Hotspot SMS project. Before can begin the installation, it is necessary to have some prerequisites. These prerequisites are described in Section 1.1. Prerequisites. 1.1 Prerequisites The authentication server is a machine of its own, it requires preRequired: 1. Functional machine with a Linux distribution 2. Specific Hotspot SMS project

a) IP address range (of) portal (s) captive (s) on client sites. Once the prerequisites are available, the system itself can begin. In this paper, the IP address range of captive portals is as follows IP address: 192.168.0.0 / 16 Note 3 Page 4 CHAPTER 2 INSTALLATION AND SETUP This chapter contains all the information necessary for handling and installation and the configuration of the authentication server FreeRadius with MySQL. FreeRadius with MySQL requires not only installation but also a FreeRadius MySQL server. This installation guide is therefore broken down as follows: 1. Installing FreeRadius - MySQL 2. Configuring FreeRadius - MySQL 3. Function test Freeradius - MySQL 4. Configuring FreeRadius to own Hotspot SMS project 2.1 Installing FreeRadius - MySQL This installation is strongly inspired tutorial-Pervasive Network: http://www.pervasive-network.org/SPIP/Installation-de-freeradius-2-4 Although this tutorial is based on FreeRadius 2.0.4, it applies perfectly to new versions of FreeRadius. Note The first operation was carried out is to install FreeRadius and MySQL services (server and

client). FreeRadius Installation # Apt-get install freeradius freeradius-utils # Apt-get install freeradius-mysql Installing MySQL # Apt-get install mysql-server # Apt-get install mysql-client Services necessary for the operation of the authentication server are now installed so you have to configure. 4 Page 5 CHAPTER 2. INSTALLATION AND SETUP Brtschi - Mercier 2.2 Configuring FreeRadius - MySQL The server configuration is separated into two steps: 1. Configuring MySQL 2. Configuring FreeRadius 2.2.1 Configuring MySQL Before you can run the server, it is necessary to install a MySQL database which will only be used by FreeRadius. The following operations are used to do this: # Echo "create database radius;" | mysql-u root-p # Echo "grant all on radius * radius to @ '%' identified by 'Bonjour1.'; flush privileges; "| mysql-u root-p # Mysql-uroot-p radius </ etc / freeradius / sql / mysql / schema.sql # Mysql-uroot-p radius </ etc / freeradius / sql / mysql / nas.sql

The database therefore contains the following information: - Database name: radius - Username: radius - Password: Bonjour1 It is interesting to add a test user to control the operation of FreeRadius when the configuration is complete: # Echo "INSERT INTO radcheck (UserName, Attribute, op, Value) VALUES ('Thus0', 'Cleartext-Password', ': =', 'testpass') "| mysql-u root-p radius The user has the following information: Username: Thus0 and Password: testpass. The database is now configured and ready to work with FreeRadius. Nevertheless FreeRadius therefore still be configured. 2.2.2 Configuring FreeRadius It is first necessary to configure the SQL part of FreeRadius. The configuration is in the file / etc / freeradius / sql.conf. Should be checked the following and adapt to need: sql { database = "mysql" driver = "$ {database} rlm_sql_" server = "localhost" login = "radius" password = "Bonjour1" radius_db = "radius" acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth"

authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" Installation FreeRadius - MySQL -5/9May 10, 2012 Page 6 CHAPTER 2. INSTALLATION AND SETUP Brtschi - Mercier usergroup_table = "radusergroup" deletestalesessions = yes sqltrace = no sqltracefile = $ {logdir} / sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 readclients = yes nas_table = "nas" $ INCLUDE sql / $ {database} / dialup.conf } The password field is the password for the database. Configuring SQL for Freeradius is complete, we must now enable authentication tion by sql for the radius, and that several files are to be modified: You must modify the file / etc / freeradius / radiusd.conf to uncomment the following lines: $ INCLUDE sql.conf

$ INCLUDE sql / mysql / counter.conf FreeRadius works on the principle of customer sites for its authentication, so it is interesting create a clean site for hotspots by copying the default site (here the site is called So radius.hotspot.com and is adaptable if necessary): # Cd / etc / freeradius / sites-available # Cp default radius.hotspot.com # Ln-s / etc / freeradius / sites-available / radius.hotspot.com / Etc / freeradius / sites-enabled / This new file must be adapted to support the connection with SQL. We must change / edit to contain the following (the rest of the file can be left as is): Authorize { preprocess Section suffix sql expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { Section

} Installation FreeRadius - MySQL -6/9May 10, 2012 Page 7 CHAPTER 2. INSTALLATION AND SETUP Brtschi - Mercier eap } preacct { preprocess acct_unique suffix } accounting { detail radutmp sql } session { radutmp sql } post-auth { sql

# sql_log exec Post-Auth-Type REJECT { attr_filter.access_reject } } Installation and basic configuration for FreeRadius - MySQL is completed, it is important to test this system to control its configuration. 2.2.3 Test Run For functional tests it is important to change the NAS client 1 Local him modireliance on shared in the / etc / freeradius / clients.conf (secret here is the secret now secretTresSecret: customer localhost { ipaddr = 127.0.0.1 secret = secretTresSecret nastype = other } FreeRadius can be started (must be the first stop) in console mode to monitor and debug the authentication requests through the command: # / Etc / init.d / freeradius stop # Freeradius-X [...]

Debug: Listening on authentication address * port 1812 Debug: Listening on accounting address * port 1813 1. Installation FreeRadius - MySQL -7/9May 10, 2012 Page 8 CHAPTER 2. INSTALLATION AND SETUP Brtschi - Mercier Debug: Listening on proxy address * port 1814 Debug: Ready to process requests. It is therefore now necessary to open a new console to start the test with the comfollowing control (first line, the following lines appear if the test is successful): $ Radtest Thus0 testpass 127.0.0.1 0 secretTresSecret Sending Access-Request of id 95 to 127.0.0.1:1812 User-Name = "Thus0" User-Password = "testpass" NAS-IP-Address = localhost NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id = 95, length = 20 In the console where FreeRadius is running in debug mode, the Access-Request should appear in the follows: [...] rad_recv: Access-Request packet from host 127.0.0.1 port 2152, id = 165, length = 57 User-Name = "Thus0"

User-Password = "password" NAS-IP-Address = XXX.XXX.XXX.XXX NAS-Port = 0 + - Authorize Entering group + + [Preprocess] returns ok + + [Chap] returns noop rlm_realm: No '@' in User-Name = "Thus0", looking up realm NULL rlm_realm: No such realm "NULL" [...] The connection is correct and the FreeRadius authentication server - MySQL is configured. It remains now to configure specific part Hotspot SMS project. 2.3 Configuring the Hotspot own SMS project To complete the full installation of the authentication server, it is important to set FreeRadius and MySQL correctly so that they are functional with the system of Hotspot project SMS. This step consists of two parts: 1. Configuring FreeRadius 2. Configuring the database The IP address range of captive portals is as follows IP address: 192.168.0.0 / 16 Recall 2.3.1 Configuring FreeRadius For the project Hotspot SMS, the only thing to configure FreeRadius is in / etc / freeradius / clients.conf where it is first necessary to review the test client added in chapter 2.2. 3 Configuration FreeRadius, and add the client to the Hotspot project customer 192.168.0.0 / 16 {

secret = secretchange } Installation FreeRadius - MySQL -8/9May 10, 2012 Page 9 CHAPTER 2. INSTALLATION AND SETUP Brtschi - Mercier Where secretchange is to remember to configure CoovaChilli. It is now correctly configure the database for operation in the project Hotspot SMS. 2.3.2 Configuring the database The database used for the project must contain more fields in the table containing users. In fact, PHP application on the server uses CoovaChilli columns in the database to create the user, basic, do not exist, we must add. That the addition of these columns is simpler, it may be necessary to install the web interface MySQL. # Apt-get install phpmyadmin # Ln-s / usr / share / phpmyadmin / var / www / phpmyadmin From there, using the address http://localhost/phpmyadmin it is possible to access the interface graphic management database. The base radius database contains a table radcheck which itself contains all the information of the user. It is in this table that fautrajouter two columns needed for the proper functioning of the SMS Hotspot project. The application SQL to add these columns is the following: ALTER TABLE 'radcheck' ADD 'ipHotspot' VARCHAR (20) not null,

ADD 'portUdp' INT (10) not null There is still a configuration file change, which will allow to tell mysql to any address should listen for requests, so the IP address of the machine running the MySQL service. This file is as follows: / etc / mysql / my.cnf and must change the bind-address line: bind-address = xx.xx.xx.xx Where xx.xx.xx.xx is the IP address of the machine. It remains to restart the MySQL service the system is complete and functional for Hotspot SMS project # / Etc / init.d / mysql restart The installation and configuration of FreeRadius - MySQL is now completely finished. Installation FreeRadius - MySQL -9/9May 10, 2012