Menu

yfi_setup_centos_FreeRADIUS

Anonymous

Configuring FreeRADIUS

Introduction

  • FreeRADIUS is the world's most popular RADIUS server. It features various back-ends. Some include LDAP and SQL.
  • FreeRADIUS is in version 2.x as of this writing.
  • YFi Hotspot Manager is a front-end to the MySQL database used by FreeRADIUS.
  • FreeRADIUS has a feature to use custom modules. We use a custom Perl module specifically written for the YFi Hotspot Manager.
  • FreeRADIUS supply Authentication, Authorization and Accounting services. The Perl module does the Authentication and Authorization.
  • The Accounting is done by the SQL module.

Building a FreeRADIUS RPM

  • With CentOS we will building our own rpm package from the FreeRADIUS source.

  • Before you can build the rpm package from the souce code of FreeRADIUS, ensure the following package is installed: 

    yum install libtool-ltdl-devel mysql-devel perl-XML-Simple perl-XML-LibXML perl-suidperl perl-libxml-perl

  • Download FreeRADIUS source code. Download FreeRADIUS

  • Build the rpm package. 

    cp /root/freeradius-server-2.1.7.tar.gz /usr/src/redhat/SOURCES
cd /usr/src/redhat/SOURCES
tar -xzvf freeradius-server-2.1.7.tar.gz
cd freeradius-server-2.1.7/redhat
cp freeradius.spec /usr/src/redhat/SPECS
cd /usr/src/redhat/SPECS
rpmbuild -bb freeradius.spec

  • Finally it is time to install the FreeRADIUS server, simply use rpm to install the package 

    rprpm -ivh /usr/src/redhat/RPMS/i386/freeradius-server-2.1.7-0.i386.rpm
ldconfig

  • The FreeRADIUS rpm package which I build and installed created their own 'radiusd' user, but the files under /etc/raddb were owned by root, causing start-up problems. YMMW but for safety issue the following command: 

    chown -R radiusd. /etc/raddb

  • You can test to see if Free Radius works by issuing the following command: 

    radiusd -X

This will start Free Radius in debug mode ( To stop it -> Ctrl+c).

Setup FreeRADIUS

  • The following commands will set-up FreeRADIUS to work together with YFi Hotspot Manager. 

    mv /etc/raddb /etc/raddb.orig
cp /var/www/html/c2/yfi_cake/setup/radius/raddb.tar.gz /etc/
cd /etc/
tar -xzvf raddb.tar.gz
chown -R radiusd. /etc/raddb
chown radiusd.apache /etc/raddb/proxy.conf
chmod 664 /etc/raddb/proxy.conf
chmod 644 /etc/raddb/dictionary
ldconfig

CentOS specific tweaks

Because the original YFi Hostpot Manager was designed on Ubuntu - we also need to do the following changes:

  • Use the paths specified in /etc/raddb.orig/radiusd.conf 

     cp /etc/raddb.orig/radiusd.conf /etc/raddb

  • Edit the 'new' (original) /etc/raddb/radiusd.conf file by un-commenting the following line: 

    $INCLUDE sql.conf

  • Create a bash script ('/root/yfi_ubuntu_to_centos.sh) with the following content: 

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
    #!/bin/bash

#-------------------------------------------
#---- Script to change Ubuntu specifics ----
#---- to CentOS specifics ------------------
#-------------------------------------------

function usr_local_etc_to_etc(){
        echo "Change /usr/local/etc to /etc for" $1
        sed 's|/usr/local/etc|/etc|g' $1 > $1.tmp;mv $1.tmp $1;
}

function usr_local_share_to_usr_share(){
        echo "Change /usr/local/share to /usr/share for" $1
        sed 's|/usr/local/share|/usr/share|g' $1 > $1.tmp;mv $1.tmp $1;

}

function var_www_c2_to_var_www_html_c2(){
        echo "Change /var/www/c2 to /var/www/html for" $1
        sed 's|/var/www/c2|/var/www/html/c2|g' $1 > $1.tmp;mv $1.tmp $1;
}

function radclient_fix(){
        echo "Change /usr/local/bin/radclient to /usr/bin/radclient for" $1
        sed 's|/usr/local/bin/radclient|/usr/bin/radclient|g' $1 > $1.tmp;mv $1.tmp $1;
}

file_list[0]="/var/www/html/c2/yfi_cake/config/yfi.php"
file_list[1]="/etc/raddb/rlm_perl_modules/conf/settings.conf"
file_list[2]="/etc/raddb/rlm_perl_modules/Attributes.pm"
file_list[3]="/etc/raddb/rlm_perl_modules/rlm_perl.pm"
file_list[4]="/etc/raddb/rlm_perl_modules/sqlcounter.conf"
file_list[5]="/etc/raddb/rlm_perl_modules/SQLCounter.pm"
file_list[6]="/etc/raddb/rlm_perl_modules/Telkom.pm"
file_list[7]="/etc/raddb/rlm_perl_modules/User.pm"
file_list[8]="/etc/raddb/rlm_perl_modules/Voucher.pm"
file_list[9]="/etc/raddb/rlm_perl_modules/Devices.pm"
file_list[10]="/etc/raddb/rlm_perl_modules/Nas.pm"
file_list[11]="/etc/raddb/dictionary"
file_list[12]="/var/www/html/c2/yfi_cake/webroot/files/radscenario.pl"

for i in  ${file_list[@]}
do
        usr_local_etc_to_etc $i
        usr_local_share_to_usr_share $i
        var_www_c2_to_var_www_html_c2 $i
        radclient_fix $i
done

  • Run the above script to fix all the paths in various files for CentOS. (You can run it multiple times without harm) 

    chmod 755 /root/yfi_ubuntu_to_centos.sh
/root/yfi_ubuntu_to_centos.sh

  • Beta-3 users should also remove the following line in /etc/raddb/rlm_perl_modules/rlm_perl.pm. (The latest SVN has it fixed) 

    use Telkom;

Activate and change chillispot dictionary

  • FreeRADIUS includes various dictionaries from different vendors.
  • These dictionaries defines attributes for the vendor's NAS devices.
  • Dictionaries can be included or excluded by editing the /usr/share/freeradius/dictionary file.

  • The latest version of FreeRADIUS all ready includes the chillispot dictionary by default.

  • YFi Hotspot Manager defines special Voucher attributes. To enable these, add the following to the /usr/share/freeradius/dictionary.chillispot file. (YFi Specific Attributes and YFi Various Counters) 

    ATTRIBUTE       ChilliSpot-Version                      8       string
ATTRIBUTE       ChilliSpot-OriginalURL                  9       string

#YFi Specific Attributes
ATTRIBUTE       Yfi-Voucher                     40     string
ATTRIBUTE       Yfi-MAC-Reset                   41     string
ATTRIBUTE       Yfi-Data                    42     string
ATTRIBUTE       Yfi-Time                43     string

#YFi Various Counters
ATTRIBUTE       Max-Daily-Session                       50      integer
ATTRIBUTE       Max-Monthly-Session                     51      integer
ATTRIBUTE       Max-Weekly-Session                      52      integer
ATTRIBUTE       Max-All-Session                         53      integer

ATTRIBUTE       ChilliSpot-Max-Daily-Octets             60      integer
ATTRIBUTE       ChilliSpot-Max-Monthly-Octets           61      integer
ATTRIBUTE       ChilliSpot-Max-Weekly-Octets            62      integer
ATTRIBUTE       ChilliSpot-Max-All-Octets               63      integer

# Configuration management parameters (ChilliSpot Only)
ATTRIBUTE       ChilliSpot-UAM-Allowed                  100     string

Additional changes

If you deviated from the standard, the following files may need changes

  • /etc/raddb/sql.conf - This defines the database conection detail.
  • /etc/raddb/rlm_perl_modules/conf/settings.conf - This defines the database settings and counters used by the FreeRADIUS YFi Hotspot Manager Perl module.

Final testing

  • As a final test issue the following command and ensure no errors are present. 

    radiusd -X

  • If there are no errors start the FreeRADIUS service through the startup script and activate the service 

    service radiusd start
chkconfig radiusd on

Next is the pptpd service: pptpd setup

Related

Wiki: Home
Wiki: yfi_setup_centos_pptpd
Wiki: yfi_setup_centos_yfi