Debian Wi-Fi hotspot using CoovaChilli, FreeRadius, MySQL and daloRADIUS
I decide to create hotspot from my server to allow other connect to Internet for free. I used “Captive portal” solution based on these applications:
When somebody wants to connect to Internet using my wifi, the first page he can see is the register/login page (whatever page he wants to visit).
After registration/login he is able to connect to Internet.
So let’s see how I did it.
Let’s have one server with two network interfaces – first (eth0) goes to Internet, the second one (eth1) is the wifi for “unknown” clients.
Install basic software:
a2enmod ssl
a2ensite default-ssl
service apache2 restart
cd /tmp && wget 'http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius-0.9-8/daloradius-0.9-8.tar.gz'
tar xvzf daloradius-0.9-8.tar.gz
mv /tmp/daloradius-0.9-8 /var/www/daloradius
chown -R www-data:www-data /var/www/daloradius
cp -r /var/www/daloradius/contrib/chilli/portal2/* /var/www/
rm /var/www/index.html
Because my machine is 64 bit I need to build CoovaChilli package myself:
cd /tmp
wget -c http://ap.coova.org/chilli/coova-chilli-1.2.2.tar.gz
tar xzf coova-chilli*.tar.gz
cd coova-chilli*
dpkg-buildpackage -rfakeroot
Install CoovaChilli:
dpkg -i coova-chilli_*_amd64.deb
Configure FreeRadius
Change /etc/freeradius/clients.conf:
secret = mysecret
}
Change /etc/freeradius/sql.conf:
login = "root"
password = "xxxx"
Uncomment in /etc/freeradius/sites-available/default:
sql
}
accounting {
sql
}
Uncomment in /etc/freeradius/radiusd.conf:
Configure MySQL database for FreeRadius
mysql> CREATE DATABASE radius;
mysql> exit
mysql -u root --password=xxxx radius < /var/www/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
daloRADIUS configuration
Modify this file /var/www/daloradius/library/daloradius.conf.php
[/cc]
$configValues['CONFIG_MAINT_TEST_USER_RADIUSSECRET'] = 'mysecret';
$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';
You also need to modify following configuration files to setup sign in web pages /var/www/signup-*/library/daloradius.conf.php:
$configValues['CONFIG_DB_NAME'] = 'radius';
$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';
$configValues['CONFIG_SIGNUP_SUCCESS_MSG_LOGIN_LINK'] = "<br />Click <b>here</b>".
" to return to the Login page and start your surfing<br /><br />";
Chnage lines in /var/www/signup*/index.php to (changed ‘User-Password’ -> ‘Cleartext-Password’ and ‘==’ -> ‘:=’):
" VALUES (0, '$username', 'Cleartext-Password', ':=', '$password')";
Another file need to be modified to communicate with CoovaChilli is /var/www/hotspotlogin/hotspotlogin.php
Now you should be able to reach daloRADIUS installation on http://127.0.0.1/daloradius/
password: radius
Routing
We should not forget to enable packet forwarding and setup NAT:
echo 1 > /proc/sys/net/ipv4/ip_forward
sed --in-place=.old 's/^#\(net.ipv4.ip_forward=1\)/\1/' /etc/sysctl.conf
sysctl -p
CoovaChilli configuration
Let’s start with /etc/chilli/defaults:
HS_UAMLISTEN=192.168.10.1
HS_RADSECRET=mysecret
HS_UAMSECRET=uamsecret
HS_UAMFORMAT=https://\$HS_UAMLISTEN/hotspotlogin/hotspotlogin.php
HS_UAMHOMEPAGE=https://\$HS_UAMLISTEN
Then don’t forget to enable CoovaChilli to start in /etc/default/chilli
Maybe you need to execute chilli and radius server with some debug options to see “errors” during client connection:
freeradius -X
Few links we created:
- http://192.168.10.1/signup-free/ – sign up page (if you don’t have username/password)
- http://192.168.10.1:3990/prelogin – use for login to your portal
- http://192.168.10.1/daloradius/ – daloradius admin page
- http://192.168.10.1/phpmyadmin/ – phpmyadmin page (useful for sql database)
This how-to describe simple configuration of CoovaChilli so there are many things to configure. I didn’t mentioned anything about security – so it’s up to you to tweak it yourself.
You can find additional info on this web page:
https://help.ubuntu.com/community/WifiDocs/CoovaChilli
Engoy… 
Loading ...
hi,
I get the error
redir.c: 1121: 98 (Address already in use) IP: 192.168.10.1 Port: 3990 – Waiting for retry.
in chilli and
Failed binding to socket: Address already in use
/etc/freeradius/radiusd.conf[236]: Error binding to port for 0.0.0.0 port 1812
in radius
please help
Thank you very much for your time.
It looks like some process is using port 3990 and 1812.
Try netstat (netstat -onatpe) to see what is the process pid and kill it.
Then it should be fine…
Me too… the same message.
redir.c: 1121: 98 (Address already in use) IP: 192.168.10.1 Port: 3990 – Waiting for retry.
The process its ok…
what happens?
Same error here too:
redir.c: 1121: 98 (Address already in use) IP: 10.0.7.1 Port: 3990 – Waiting for retry.
Dear all..
i install and configure using your steps properly .lastly i try to open web browser using: http://127.0.0.1/daloradius/ but i am not get any pages and username&
password just going to this page http://127.0.0.1/daloradius/login.php but its blank page please guide me any one .i dont know where i made mistake
Thanks much for your documentation! Coova-Chilli has so little documentation. This is a great help.
I notice that you have your wireless described as ‘eth1′? Is your “eth1″ an ethernet adapter (with an external wireless bridge connected) or is it an actual wireless adapter in your Debian box? I can’t tell if your diagram is showing the Hotspot_Server’s eth1 *as* a wireless device, or *connected to* a wireless device.
In my Debian box, the wireless adapter shows up as ath0 and it needs to be configured to work in AP mode (wlanconfig ath0 create wlandev wifi0 wlanmode ap; iwconfig ath0 essid MYNETWORK) before Coova-chilli can even start to see clients. What sort of interfaces and interface setup does your server have? If eth1 is indeed a wireless card, did you have to do anything to set it up (e.g. iwconfig wlan0 essid MYNETWORK; iwconfig wlan0 mode ap)?
Also, your diagram shows the WiFi_Client as having address (eth0)192.168.10.1, which is the same address as the Hotspot_Server (eth1)192.168.10.1. Should the client have perhaps 192.168.10.2?
Thanks again.
Hi.
In the examples above I used VirtualBox with emulated network cards. I used it because it doesn’t matter if you will use wifi card or network card connected to switch with computers.
In the real (wifi) situation I’m using wlan0 and program hostapd on my server. Hostapd is creating AP with WPA2 from my wireless card. You can also use iwconfig to set up ap mode – usually depends on the wireless card you are using, but you can’t setup WPA with it.
Thank you for letting me know about the picture – it’s mistake there – I’ll fix it asap
See you
PetrR
Hello,
I recently followed your tutorial and I am running into an odd issue.. When I try to fire up chilli with the debug command. I get this outpout constantly..
coova-chilli: Error opening configuration file '/etc/chilli/hs.conf'
coova-chilli: Error opening configuration file '/etc/chilli/local.conf'
coova-chilli[21354]: options.c: 174: could not generate configuration (/tmp/chilli-21354/config.bin), sleeping one second
Any idea what I might have missed that can be causing this?
@Jim P
Nevermind!
starting chilli via the init.d directory seemed to have resolved that issue.
I had a similar problem. In order to get the debug/foreground options (–fg –debug) I had to add them the start block of the chilli script in init.d.
It came in handy too because when I switched from the instructions here (for eth0) to my wireless (ath0), the default MTU was too large for Coova Chilli and the debug output showed the problem for me to fix (with ifconfig ath0 mtu xxxx).
same problem here, any one help what i made mistake , and also notice “http://192.168.10.1:3990/prelogin – use for login to your portal” following links are not working i dont know where i made mistake
coova-chilli: Error opening configuration file ‘/etc/chilli/main.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/hs.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/local.conf’
coova-chilli[14423]: options.c: 174: could not generate configuration (/tmp/chilli-14423/config.bin), sleeping one second
Please guide me anyone for this issue
For user having “could not generate config” error , create a fullpath folders to your scriot. ex: if the error is could not generate /tmp/chilli-14423/config.bin , so create the folders needed with mkdir -p /tmp/chilli-14423 and restart your service. This is necessary when your chilli try to create configs in some folder that not exist.
After some errors I make it working well.
Sorry by poor english.
dear …
please guide me …
Not working this link: other links are working fine
http://192.168.10.1:3990/prelogin – use for login to your portal
what reason i don know any one help me
hi..
i type the following command as root user i get the message : please tell how to solve this:
radiusd: #### Opening IP addresses and Ports ####
listen {
type = “auth”
ipaddr = *
port = 0
Failed binding to authentication address * port 1812: Address already in use
/etc/freeradius/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812
hi,
i have followed all the steps you have given, i got success running everything locally on the Linux-PC and it is also leasing IP to client, but i am not able to access any link i.e. prelogin, daloradius etc.., also not able to ping to the server (i.e. Chillispot PC)
i have already seen that you told that there is need to tweak security settings, please give settings for the allowing access from client PC
Thanks
You mentioned you created a few links. Where did you create the links? I assume they were on the Wireless Router and not the server??
hello …
Any one help me .same problem here
joseph
August 5th, 2010 at 12:13
Reply | Quote | #13
dear …
please guide me …
Not working this link: other links are working fine
http://192.168.10.1:3990/prelogin – use for login to your portal
what reason i don know any one help me
@joseph
Same problem here help me any one
Any one tell me ? what is this my problem?
chilli status
coova-chilli: Error opening configuration file ‘/etc/chilli/main.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/hs.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/local.conf’
coova-chilli[9345]: options.c: 164: could not generate configuration (/var/run/chilli.9345.cfg.bin), sleeping one second
coova-chilli: Error opening configuration file ‘/etc/chilli/main.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/hs.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/local.conf’
coova-chilli[9345]: options.c: 164: could not generate configuration (/var/run/chilli.9345.cfg.bin), sleeping one second
coova-chilli: Error opening configuration file ‘/etc/chilli/main.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/hs.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/local.conf’
coova-chilli[9345]: options.c: 164: could not generate configuration (/var/run/chilli.9345.cfg.bin), sleeping one second
coova-chilli: Error opening configuration file ‘/etc/chilli/main.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/hs.conf’
coova-chilli: Error opening configuration file ‘/etc/chilli/local.conf’
coova-chilli[9345]: options.c: 164: could not generate configuration (/var/run/chilli.9345.cfg.bin), sleeping one second
Hello guys.
I’m glad this “how-to” brings many interest to CoovaChilli. Unfortunately I’m no longer using it and I’m not able to help you. As I wrote before – this is not step by step how-to for beginners. It’s just few notes I write when I configured/used it.
Good luck…
PetrR
This tutorial is fine..
but i cant understant whay you use both (chilli & dalo) at a time..?
i think one is sufficient.
http://ciitix.ciit.net.pk/index.php/ciitix-wifi-documentation
Regards:
.
Kashif Aziz Awan
Hello.
As far as I know daloRADIUS is just webgui, where you can see your users, their accesses, date/times. CoovaChilli is Captive Portal solution. These two are separate projects and can be used standalone. They are doing different jobs too…
@Admin
Have you used “sudo”
yes i am in super user(root)@aku82
Hello guy !
(sorry for the english, i’m french)
i have followed step by step you howto, but i have this message :
“Enginx hotspot Login Failed”
no pop-up, however the login/pwd is in the daloradius database
can you help me ?
thx a lot
it’s for my internship (?)
Can someone please help me understand how i can do this on Centos 5? I need to create a server with freeradius that also has the login page for wifi users to get authenticated (like a paid hotspot)
Hi,
First (answer to Flo), I should mention that in “CoovaChilli configuration” part,
instead of
HS_UAMHOMEPAGE=https://$HS_UAMLISTEN
should be
HS_UAMHOMEPAGE=http://$HS_UAMLISTEN:$HS_UAMPORT/prelogin
—-
but after performing all above operations, there is only one point left! When I enter my username/password in hotspotlogin page (from client machine), I see below result in freeradius debug output (from server machine):
[sql] expand: %{User-Name} -> dashti
[sql] sql_set_user escaped user –> ‘dashti’
…
[pap] login attempt with password “�?c�??B_?�I?�?Z�”
[pap] Using CRYPT encryption.
[pap] Passwords don’t match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type Reject
+- entering group REJECT {…}
[attr_filter.access_reject] expand: %{User-Name} -> dashti
I also rechecked all secret words in mentioned configuration files.
Any solution?
For anyone having trouble with this. I started a project awhile ago that creates deb packages (debian/ubuntu) that do all the hard work for you. It also includes a GUI for managing users. It still uses Coova Chilli, FreeRadius, MySQL, but does the hard work of integrating them for you.
See http://sourceforge.net/projects/grase/ for details. There is a single deb to download that installs the repository, then you pull in the components you need and it sets it up accordingly. Please contact me if you are using it so I can keep you updated.
Tim
@Mohammad Dashti
you might want to check the sql.conf where user name and password for database is. make sure it match the user name of the database you created. Example user:root password:yourdatabasepassword
@Tim
does the captive portal look the same or you made any change ?
@Flo
you need to do this before it works
sudo apt-get update
then apt-get install upgrade
take a walk comebvack like half an our then reboot and check it out
@edwin
sorry apt-get upgrade
I have a client that is interested in setting up hotspots in 150 locations.
It will be free access and the only thing that have found is the monthly payment services.
I would like to set up my own system, Do you have the know how to do this and would you be available to work on this, if so please contact me.
guys i just installed free rad using some of the above instrauctions thos is what i get , i am no also sure how the 192.168.10.1/.. pages are supposed to come up i mean do they just pop up or do i have to connect the AP..Im a newbee please explain:
address: localhost! [Success]
coova-chilli[18841]: options.c: 181: could not generate configuration (/usr/local/var/run/chilli.18841.cfg.bin), sleeping one second
main-opt.c: 523: 0 (Debug) DHCP Listen: 10.1.0.1
main-opt.c: 524: 0 (Debug) UAM Listen: 10.1.0.1
garden.c: 143: 0 (Debug) Uamallowed http://www.coova.org
garden.c: 124: 0 (Debug) Uamallowed IP address #0:128: proto=0 host=174.129.195.118 port=0
garden.c: 143: 0 (Debug) Uamallowed 10.1.0.1
garden.c: 124: 0 (Debug) Uamallowed IP address #1:128: proto=0 host=10.1.0.1 port=0
garden.c: 143: 0 (Debug) Uamallowed
garden.c: 207: 0 (Debug) Invalid uamallowed domain or address: !
garden.c: 143: 0 (Debug) Uamallowed http://www.coova.org
garden.c: 96: 0 (Debug) Uamallowed already exists #0:128: proto=0 host=174.129.195.118 port=0
hey sure I do email me a edwinosantos@gmail.com hope its no too late@Joah Santos
edwinosantos@gmail.com
Install “haserl” for coovachilli
Hi, I’ve gone through this walkthrough and I’m unable to authenticate clients and what not through the system. Getting the server to pass traffic from one interface to the other was challenging, but I’ve finally gotten data to be able to pass through the box and to the internet. Any help would be much appriciated. I know this appears to be a dead thread, but here is my email in case anyone wants to try and help me out.
kyle_hoehn@hotmail.com
Hi, this is my first foray into a hotspot/radius though I’m “reasonable” with linux (been a unix/linux admin for longer than I care to remember 8-).
Having a problem with the radius server… daloradius is telling me that radius is disabled and the radius log file is showing: -
Sun Feb 26 19:49:16 2012 : Info: Loaded virtual server inner-tunnel
Sun Feb 26 19:49:16 2012 : Info: Loaded virtual server
Sun Feb 26 19:49:16 2012 : Info: Ready to process requests.
Sun Feb 26 19:49:17 2012 : Info: Received HUP signal.
Sun Feb 26 19:49:17 2012 : Info: HUP – Re-reading configuration files
Sun Feb 26 19:49:17 2012 : Info: HUP – loading modules
Sun Feb 26 19:49:17 2012 : Info: Module: Reloaded module “files”
Sun Feb 26 19:49:17 2012 : Info: Module: Reloaded module “suffix”
Sun Feb 26 19:49:17 2012 : Info: Module: Reloaded module “detail”
Sun Feb 26 19:49:17 2012 : Info: Module: Reloaded module “pap”
Sun Feb 26 19:49:17 2012 : Info: Module: Reloaded module “radutmp”
Sun Feb 26 19:49:17 2012 : Info: Module: Reloaded module “attr_filter.access_reject”
Sun Feb 26 19:49:17 2012 : Info: Module: Reloaded module “attr_filter.accounting_response”
Sun Feb 26 19:49:17 2012 : Info: Loaded virtual server inner-tunnel
Sun Feb 26 19:49:17 2012 : Info: Loaded virtual server
Sun Feb 26 21:03:26 2012 : Info: Exiting normally.
Sun Feb 26 21:04:50 2012 : Error: Failed to add duplicate client 127.0.0.1
Sun Feb 26 21:04:50 2012 : Error: /etc/freeradius/clients.conf[235]: Failed to add client 127.0.0.1
I can’t for the life of me spot what’s causing the errors – any ideas?
Thanks!
Andy B.
hello!
Can we make some MAC who that they will not have to log in and as soon as the connect will have immediate access?