Home | Software | Blog |

Very Rough Notes: Freeradius mysql MAC authentication using m0n0wall as NAS.

Work in progress

Requirements:

1. Linux installed PC (with mysql installed).
2. Freeradius sofware.
3. phpmyadmin (for administration of mysql).
4. WinSCP for transfering files between you windows pc and the Freeradius server.
5. physdiskwrite for m0n0wall installation
6. M0n0wall - this will be our NAS
7. Putty - nice windows ssh utility

SSh into your linux server

mkdir /downloads/; cd /downloads;
#Download and install freeradius: http://freeradius.org/download.html (In my case I got version 2.1.10.)
tar -zxvf freeradius-server-2.1.10.tar.gz;
cd freeradius-server-2.1.10;
./configure;
make;
make install;

Default radiusd location is: /usr/local/sbin/radiusd. Use 'whereis radiusd' to locate it.

M0n0wall installation

1. Download m0n0wall
2. Download image writting utility: http://m0n0.ch/wall/physdiskwrite.php (take the one without GUI - it will simplify your life! )

M0n0wall installation procedure is the same as Zeroshell Installation.

Phpmyadmin installation

PHPmyadmin: download and install it . It will help in mysql db management here
mkdir /downloads/;
cd /downloads;
wget http://nchc.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.3.10/phpMyAdmin-3.3.10-english.tar.gz;
tar -zxvf phpMyAdmin-3.3.10-english.tar.gz;
mv phpMyAdmin-3.3.10-english /var/www/html/radiusadmin;

Putting all stuff together

How to:

1. launch phpmyadmin and login into mysql
2. create a new database called 'radius'
3. Using WinSCP log into your freeradius server and pull the database schema (schema.sql) at : /etc/raddb/sql/mysql in phpmyadmin go to import under the database 'radius' and browse for the schema.sql . You should see about 7 tables created.
4. ssh into your linux using putty and continue with the following steps
5. create link (only to make life easy.); ln -s edit /etc/raddb/clients.conf and add the following at the end:

   client MYNAS {
   ipaddr = 10.250.0.0
   netmask = 16
   secret = siriyangu
   shortname = jinafupi
   nastype = other
   }

6. Edit /etc/raddb/sql.conf and enter your mysql login information.

   database = "mysql"
   # # Which FreeRADIUS driver to use.
   # driver = "rlm_sql_${database}"
   # Connection info:
   server = "localhost"
   #port = 3306
   login = " password = ""
   

7. Edit /etc/raddb/radiusd.conf . Find and uncomment the these lines:

   #uncomment this for mysql to work
   $INCLUDE sql.conf
   # for accounting purposes
   $INCLUDE sql/mysql/counter.conf
   

8. Edit /etc/raddb/sites-enabled/default . Under "authorize " uncomment 'sql' at the end of the section add:

   volumelimitcounter
   Under "accounting ", uncomment 'sql'. under "session " , uncomment 'sql' . For post auth logging you can uncomment 'sql' under "post-auth " .

9. Copy dictionary file (dictionary.chillispot) from: here and paste it in a new blank at /etc/raddb/dictionary.chillispot .
10. (should come before and in no. 5). Edit /etc/raddb/dictionary and add :

    $INCLUDE dictionary.chillispot # my chilli dictionary.
    # just below
    $INCLUDE /usr/local/share/freeradius/dictionary
    

11. Edit counter.conf and add:

    sqlcounter volumelimitcounter {
    counter-name = Total-Max-Octets
    check-name = Max-Octets
    reply-name = ChilliSpot-Max-Total-Octets
    sqlmod-inst = sql
    key = User-Name
    reset = never
    error-msg = "Sorry, your bandwidth has exceed the provided limit"
    query = "SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct where UserName='%{%k}'" }
    
    

12. Enter records into DataBase using your phpmyadmin Max-Octets := xxxxxx is in bytes

M0n0wall Captive Portal configuration

Sorry: this M0n0wall captive portal part is under construction - pls come again soon.

Make it better !

Now, to make your life easier, you can install & configure 'Dialup Admin Web Administration Interface'

Common Freeradius Configuration Problems :

1. You get the error show below:

   /usr/local/etc/raddb/modules/counter[71]: Failed to link to module 'rlm_counter': rlm_counter.so: cannot open shared object file: No such file or directory
   /usr/local/etc/raddb/sites-enabled/default[174]: Failed to load module "daily".
   /usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.
   

   A. You have refered to a module that does not exist. I uncommented 'daily' under authorization and I got the error. Commenting it back to the way it was solved the problem.
   
2. You get error: rlm_sql: Failed to create the pair: Invalid octet string "value" for attribute name "Max-Octets"
   A. See if you included "volumelimitcounter" in the authorize section of your '/etc/raddb/sites-enambled/default' file

Resources:

1. http://forum.m0n0.ch/index.php?topic=681.0
2. http://freeradius.1045715.n5.nabble.com/FreeRadius-MySQL-MAC-Authentication-w-Dynamic-VLAN-td2774888.html
3. http://www.chillispot.info/chilliforum/viewtopic.php?id=107
4. http://wiki.freeradius.org/Dialup_admin
5. http://www.opensource.apple.com/source/freeradi us/freeradius-25/freeradius/share/dictionary.chillispot
6. http://www.warungdigital.com/freeradius-bandwidth-limit-for-network-users.htm
7. http://computing-tips.net/M0n0wall_Captive_Portal_Logout_URL/
8. http://wiki.freeradius.org/Mac%20Auth#Mac-Auth+authorisation+by+SSID+SQL

Reader Comments

No Comments

Post your Comments

Your Name:
Email Address:
Comment:
Bot Check:	Enter the word on image above