Thursday, July 04, 2013

YFI Hotspot Manager on Fedora 18 / 19 and Centos 6.4

Logo YFI hotspot manager
Ok. Back to my experiment. I have spent many days to set up YFI Hotspot Manager, using Fedora 18 64bit, Fedora 19 64bit and Centos 6.4 64bit. If you are using 32 bit, it should be no problem. I didn’t use Ubuntu, because it’s often used. I do not want to be called just copy the post. Although this post reference to posts that already exist.
As usually, I assume a computer already installed, one of these operating systems, Fedora 18 / 19 or Centos 6.4, with a minimum packet. After configuration ethernet, and internet is ok, then continue to the next step.

Install php mysql httpd/apache & file requirement.
Start with installation the file / package necessary. I didn't install all the file / package, so as not to burden the server.
yum update.
yum install wget mc vim unzip zip gcc gcc-c++ make git svn nano tar patch mod_ssl dnsmasq  net-tools

Then install the main files (php mysql httpd / apache) to build a server,
yum install mysql-server php httpd php-mysql php-xml php-gd php-pear php-pdo  php-devel php-common ImageMagick

Setup the firewall
For firewall, I just need iptables. In Fedora 18 / 19, before using iptables, first stop or turn off and disable firewalld.
systemctl stop firewalld
systemctl disable firewalld

and then continue to install iptables and system config firewall
yum  install iptables-services iptables-utils system-config-firewall-tui system-config-firewall

configure the firewall so that some services (eg http service) can be accessed from other computers.
system-config-firewall wizard will appear. Then select customize, with press tab. Then press enter.
firewall configuration
Next, in trusted services section, select some service that to be accessed. For example www (http) and ssh.

trusterd services
Next, select close, then press enter. Automatically, file /etc/sysconfig/iptables will created. If you want to change service port (trusted services), edit the file (vim /etc/sysconfig/iptables).

Enable service, to be run automatically at startup.
In fedora 18 / 19
systemctl enable iptables
systemctl enable mysqld
systemctl enable httpd
systemctl enable dnsmasq
In centos 6.4
[root@localhost ~]# chkconfig --level 235 mysqld on
[root@localhost ~]# chkconfig --level 235 httpd on
[root@localhost ~]# chkconfig --level 235 postfix off
[root@localhost ~]# chkconfig --level 235 dnsmasq on
[root@localhost ~]# chkconfig --level 235 ip6tables off

Edit httpd.conf
Edit file /etc/httpd/conf/httpd.conf, and in the end of line, add some line configuration below.
## -- YFi begin
<Directory  /var/www/html/c2>
    AllowOverride All
#-------COMPRESS CONTENT-----------
# place filter 'DEFLATE' on all outgoing content
SetOutputFilter DEFLATE
# exclude uncompressible content via file type
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|jpg|png|pdf|zip|bz2|sit|rar)$ no-gzip
# Keep a log of compression ratio on each request
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
CustomLog /var/log/httpd/deflate.log deflate
# Properly handle old browsers that do not support compression
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

#------ADD EXPIRY DATE-------------
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
    Header set Expires "Thu, 15 Apr 2012 20:00:00 GMT"

#--------Remove ETags --------------------
FileETag none
## -- YFi end

Ensure the following modules are enabled in Apache (the /etc/httpd/conf/httpd.conf file)
LoadModule rewrite_module modules/
LoadModule deflate_module modules/
LoadModule headers_module modules/
Edit /etc/php.ini
mcedit /etc/php.ini
short_open_tag = On
date.timezone = Asia / Jakarta  --->Change this to your timezone
Then restart service web/apache
service httpd restart

Download cakephp, yfi_cake and yfi viewer.
Download cakephp and install
mv 1.2.12.tar.gz /var/www/html/
cd  /var/www/html/
tar zxvf 1.2.12.tar.gz
ln -s /var/www/html/cakephp-1.2.12  /var/www/html/c2
ln -s /var/www/html/cakephp-1.2.12  /var/www/c2

Next. Download yfi_cake. Remember this. If you are using PHP 5.3, use version 5 yfi cake. If you are using php 5.4 or latest, use the svn version yfi_cake. In this experiment, php version is 5.4.16, so use yfi_cake svn version.
cd /usr/local
mkdir yfi_svn
cd yfi_svn
svn checkout svn:// yfi
svn checkout svn:// yfi_cake
mv yfi_cake /var/www/c2/
mv yfi /var/www/html/
chown -R apache. /var/www/html/c2/yfi_cake/tmp
chown -R apache. /var/www/html/c2/yfi_cake/webroot/img/graphics

Create database.
Just for make sure, mysql running.
service mysqld restart
For security, make password for root user.
mysqladmin -u root password yourpasswordmysql
Then create database for yfi hotspot manager.
mysql -u root -p
create database yfi;
GRANT ALL PRIVILEGES ON yfi.* to 'yfi'@'localhost' IDENTIFIED BY 'yfi';

Dump the sample database in yfi database.
mysql -u root -p yfi < /var/www/html/c2/yfi_cake/setup/db/yfi.sql

You can see the database that you have created in the folder /var/lib/mysql
At last, edit /etc/selinux/config
mcedit /etc/selinux/config

reboot, and let's hope everything goes well…

Test yfi_cake and yfi viewer from browser
Open browser, and go to  http://<your-ip-address>/c2/yfi_cake/users/
yfi cake

Continue testing the viewer component of yfi. Go to http://<your-ip-address>/yfi.
yfi viewer
Try to enter using username and password below.
Access Provider
Permanent User

If everything is ok, continue to next steps.
Note: If you find error when you install yfi hotspot manager, look at How to Fix Problems in Installing "YFI Hotspot Manager" in this blog. may be you will find the error same is like yours, and you can fix it easily.

Configuring Freeradius
Don’t install default freeradius from command yum, because it’s never successful. I don’t know why. If you have the new information about this, please comment.
So, download freeradius 2.2.0, from Before compile freeradius, install file / package necessary.
yum install libtool-ltdl-devel mysql-devel perl-XML-Simple perl-XML-LibXML perl-suidperl perl-libxml-perl   perl-ExtUtils-Embed perl-Time-HiRes
cd /usr/local/
tar zxvf freeradius-server-2.2.0.tar.gz
cd freeradius-server-2.2.0
./configure; make; make install

Setup FreeRadius for working together with YFI Hotspot Manager.
cd /usr/local/etc/
mv raddb/ raddb.orig
cp /var/www/html/c2/yfi_cake/setup/radius/raddb.tar.gz /usr/local/etc/
tar -xzvf raddb.tar.gz
To start automatically, when start-up. Do this command below.
cp /usr/local/sbin/rc.radiusd /etc/init.d/radiusd
When you running command  “chkconfig --add radiusd”, you will get error “service radiusd does not support chkconfig”.
How to fix it. Edit file /etc/init.d/radiusd, and in the top section of file, add some line command below, . So it will be like this.
# chkconfig: 2345 80 30
# description: FreeRadius 2.2.0
# processname: radiusd
# pidfile: $rundir/
Then running command chkconfig to add radiusd service. It should be work well.
chkconfig --add radiusd
chkconfig --level 235 radiusd on

Next. Because I use svn, edit /usr/local/etc/raddb/sites-enabled/default
mcedit /usr/local/etc/raddb/sites-enabled/default
Find authorize { section, and comment perl and sql (perl and sql, usually at below “update control”), so it wil be like this.
update control {
            Auth-Type := perl
Debug the freeradius, with command radiusd -X.
If everything is normal, the results is like below,
... adding new socket proxy address * port 41799
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
Press Ctrl + C, to stop. Continue to the next steps.

Setup pptpd to work with YFi Hotspot Manager

yum install ppp
Go to Look at the file list, select and download according to the linux operating system that you are using.

For Fedora 18 / 19, 32bit
rpm -Uvh
For Fedora 18 / 19, 64bit:
rpm -Uvh
For Centos 6.4, 32bit
rpm -Uvh
For Centos 6.4, 64bit
rpm -Uvh

Edit the pptpd config file ( vim /etc/pptpd.conf) at the end line, add:
Make the chap-secret file be writable. So the client (apache) can access the file.
chown root.apache /etc/ppp/chap-secrets
chmod 664 /etc/ppp/chap-secrets
At last, make pptpd service will be running automatically when startup.
chkconfig --level 235 pptpd on
service pptpd restart

Cron Script
cp /var/www/html/c2/yfi_cake/setup/cron/yfi /etc/cron.d/
Then edit /etc/cron.d/yfi. Find user www-data, and change to be user apache. Then save it. So it will be like this.
*/5 * * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake nasmonitor >> /dev/null 2>&1
*/5 * * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake voucher_cleanup -check_for_used >> /dev/null 2>&1
0 */3 * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake voucher_cleanup -check_for_depleted >> /dev/null 2>&1
*/5 * * * * root /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake restart_checker >> /dev/null 2>&1
*/5 * * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake notify_checker >> /dev/null 2>&1
1 0 * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake month_end -start >> /dev/null 2>&1
50 23 * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake month_end -end >> /dev/null 2>&1
#This is a Work In Progress
#*/5 * * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake client_check >> /dev/null 2>&1
#0 */6 * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake rogue_check >> /dev/null 2>&1

#We can auto clean-up stale entries after the amount of seconds specified in the configuration file:
*/5 * * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake stale_session_cleanup >> /dev/null 2>&1
Note: If you find error when you install yfi hotspot manager, look at How to Fix Problems in Installing "YFI Hotspot Manager" in this blog. may be you will find the error same is like yours, and you can fix it easily.

Captive Portal / Page Login
For this section, I think I do not need to explain anymore. Because in this blog, I have been posting. But if someone asks me to explain again, I'll post again for portions captive portal. Ok. At this point, yfi hotspot manager as a hotspot billing system is complete and ready for use.


  1. Hello,Admin! I want to know "how to limit User login" using this YFi manager. ( I don't want to allow users to use their username and password at the same time on another computers to get internet access .)
    Could you tell me..Please !
    Thanks ...

  2. Hi will this post working on Fedora 17??

  3. this post working on Centos 6.5?

    1. I think there's no difference between centos 6.5 and centos 6.4. so this will be working...

  4. and also centOs 6.6?
    ty again

  5. How can I do this parte on centOs?

    "LoadModule rewrite_module modules/
    LoadModule deflate_module modules/
    LoadModule headers_module modules/"


    1. just type the command on the terminal..

  6. Im using php 5.3.3 version
    what i have to do in this parte?

    "cd /usr/local
    mkdir yfi_svn
    cd yfi_svn
    svn checkout svn:// yfi
    svn checkout svn:// yfi_cake
    mv yfi_cake /var/www/c2/
    mv yfi /var/www/html/
    chown -R apache. /var/www/html/c2/yfi_cake/tmp
    chown -R apache. /var/www/html/c2/yfi_cake/webroot/img/graphics"


    1. If you are using PHP 5.3, download and use yfi cake, dont use svn version.

  7. can you help me with the commands I have to do instead of this?

  8. radiusd -X
    radiusd: FreeRADIUS Version 2.2.6, for host i686-pc-linux-gnu, built on Mar 16 2015 at 15:51:26
    Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
    There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
    You may redistribute copies of FreeRADIUS under the terms of the
    GNU General Public License.
    For more information about these matters, see the file named COPYRIGHT.
    Starting - reading configuration files ...
    including configuration file /usr/local/etc/raddb/radiusd.conf
    [others includings]

    main {
    allow_core_dumps = no
    including dictionary file /usr/local/etc/raddb/dictionary
    main {
    name = "radiusd"
    prefix = "/usr/local"
    localstatedir = "/usr/local/var"
    sbindir = "/usr/local/sbin"
    logdir = "/usr/local/var/log/radius"
    run_dir = "/usr/local/var/run/radiusd"
    libdir = "/usr/local/lib"
    radacctdir = "/usr/local/var/log/radius/radacct"
    hostname_lookups = no
    max_request_time = 30
    cleanup_delay = 5
    max_requests = 1024
    pidfile = "/usr/local/var/run/radiusd/"
    checkrad = "/usr/local/sbin/checkrad"
    debug_level = 0
    proxy_requests = yes
    log {
    stripped_names = no
    auth = no
    auth_badpass = no
    auth_goodpass = no
    security {
    max_attributes = 200
    reject_delay = 1
    status_server = yes
    allow_vulnerable_openssl = no
    radiusd: #### Loading Realms and Home Servers ####
    proxy server {
    retry_delay = 5
    retry_count = 3
    default_fallback = no
    dead_time = 120
    wake_all_if_all_dead = no
    home_server localhost {
    ipaddr =
    port = 1812
    type = "auth"
    secret = "testing123"
    response_window = 20
    max_outstanding = 65536
    require_message_authenticator = no
    zombie_period = 40
    status_check = "status-server"
    ping_interval = 30
    check_interval = 30
    num_answers_to_alive = 3
    num_pings_to_alive = 3
    revive_interval = 120
    status_check_timeout = 4
    coa {
    irt = 2
    mrt = 16
    mrc = 5
    mrd = 30
    home_server_pool my_auth_failover {
    type = fail-over
    home_server = localhost
    realm {
    auth_pool = my_auth_failover
    realm LOCAL {
    realm stell {
    realm hom {
    realm ri {
    radiusd: #### Loading Clients ####
    Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed)
    For more information see

    How i can fix it?

    1. check your openssl version... maybe you need to upgrade that..
      or downgrade your freeradius version...

  9. how can I configure an interface 2 to connect to other virtual machine?
    At the interface 2 assign IP for DHCP

    1. settings-network
      for example, at adapter 2, "attached to:",, choose internal network (intrnet).
      do the same on another virtual machine.

    2. these settings are for virtualbox?
      How can I do the same in VMPlayer?


  10. If I want to do this tutorial on Ubuntu Desktop 14.04 I have to use this: ?

  11. after this tutorial,
    how can I get this access for captive portal virtual machine 2 that accesses the server=machine1?

    I refer to these images:

    TY for continuing to help me.

    1. I think you need to learn a few about networking... please learn it first. learn how to connect 2 computer. that's the basic.

    2. Yes already connect two computers.
      I can ping.
      After this tutorial.
      How do I use captive portal?
      Should I install CoovaChili?

      section : User Login Page

    4. After this tutorial, on centos.
      To install hotspot. Should i have continue here:,

      at point :" Activate and change chillispot dictionary" ?

    5. at point : "user login page"

  12. On my client my dns doenst work.
    when i acess doenst work but works.
    Could you help me?

  13. roel ngerii do you know why radtest return rad_recv: Access-Reject ?
    I add user line to users file.

    Do you know why radtest doenst work after this tutorial?

  14. How I can configure HTTPS redirect?