Ok. Back to my experiment. I have spent many days to set up YFI Hotspot Manager, using Fedora 18 64bit, Fedora 19 64bit and Centos 6.4 64bit. If you are using 32 bit, it should be no problem. I didn’t use Ubuntu, because it’s often used. I do not want to be called just copy the post. Although this post reference to posts that already exist.
As usually, I assume a computer already installed, one of these operating systems, Fedora 18 / 19 or Centos 6.4, with a minimum packet. After configuration ethernet, and internet is ok, then continue to the next step.
Start with installation the file / package
necessary. I didn't install all the file / package, so as not to burden the
server.
yum update.
yum
install wget mc vim unzip zip gcc gcc-c++ make git svn nano tar patch mod_ssl
dnsmasq net-tools
Then install the main files (php mysql httpd / apache) to build a server,
yum
install mysql-server php httpd php-mysql php-xml php-gd php-pear php-pdo php-devel php-common ImageMagick
Setup the firewall
For firewall, I just need iptables. In Fedora 18 / 19, before using iptables, first stop or turn off and disable firewalld.
systemctl
stop firewalld
systemctl
disable firewalld
and then continue to install iptables and system
config firewall
yum install iptables-services iptables-utils
system-config-firewall-tui system-config-firewall
configure the firewall so that some services (eg http service) can be accessed from other computers.
system-config-firewall
system-config-firewall wizard will
appear. Then select customize, with press tab. Then press enter.
Next, in trusted services section,
select some service that to be accessed. For example www (http) and ssh.
Next, select close, then press
enter. Automatically, file /etc/sysconfig/iptables will created. If you want to
change service port (trusted services), edit the file (vim /etc/sysconfig/iptables).
Enable service, to be run automatically at startup.
In fedora 18 / 19
systemctl
enable iptables
systemctl
enable mysqld
systemctl
enable httpd
systemctl
enable dnsmasq
In centos 6.4
[root@localhost
~]# chkconfig --level 235 mysqld on
[root@localhost
~]# chkconfig --level 235 httpd on
[root@localhost
~]# chkconfig --level 235 postfix off
[root@localhost
~]# chkconfig --level 235 dnsmasq on
[root@localhost
~]# chkconfig --level 235 ip6tables off
Edit httpd.conf
Edit file
/etc/httpd/conf/httpd.conf, and in the end of line, add some line configuration
below.
##
-- YFi begin
<Directory /var/www/html/c2>
AllowOverride All
</Directory>
#-------COMPRESS
CONTENT-----------
#
place filter 'DEFLATE' on all outgoing content
SetOutputFilter
DEFLATE
#
exclude uncompressible content via file type
SetEnvIfNoCase
Request_URI \.(?:exe|t?gz|jpg|png|pdf|zip|bz2|sit|rar)$ no-gzip
#dont-vary
#
Keep a log of compression ratio on each request
DeflateFilterNote
Input instream
DeflateFilterNote
Output outstream
DeflateFilterNote
Ratio ratio
LogFormat
'"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
CustomLog
/var/log/httpd/deflate.log deflate
#
Properly handle old browsers that do not support compression
BrowserMatch
^Mozilla/4 gzip-only-text/html
BrowserMatch
^Mozilla/4\.0[678] no-gzip
BrowserMatch
\bMSIE !no-gzip !gzip-only-text/html
#----------------------------------
#------ADD
EXPIRY DATE-------------
<FilesMatch
"\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Expires "Thu, 15 Apr 2012
20:00:00 GMT"
</FilesMatch>
#----------------------------------
#--------Remove
ETags --------------------
FileETag
none
#-----------------------------------------
##
-- YFi end
Ensure the following modules are
enabled in Apache (the /etc/httpd/conf/httpd.conf file)
LoadModule
rewrite_module modules/mod_rewrite.so
LoadModule
deflate_module modules/mod_deflate.so
LoadModule
headers_module modules/mod_headers.so
Edit /etc/php.ini
mcedit
/etc/php.ini
short_open_tag = On
date.timezone = Asia / Jakarta --->Change this to your timezone
Then restart service web/apache
service
httpd restart
Download cakephp, yfi_cake and yfi viewer.
Download cakephp and install
wget
https://github.com/cakephp/cakephp/archive/1.2.12.tar.gz
mv
1.2.12.tar.gz /var/www/html/
cd /var/www/html/
tar
zxvf 1.2.12.tar.gz
ln
-s /var/www/html/cakephp-1.2.12
/var/www/html/c2
ln
-s /var/www/html/cakephp-1.2.12
/var/www/c2
Next. Download yfi_cake. Remember this. If you are using PHP 5.3, use version 5 yfi cake. If you are using php 5.4 or latest, use the svn version yfi_cake. In this experiment, php version is 5.4.16, so use yfi_cake svn version.
cd
/usr/local
mkdir
yfi_svn
cd
yfi_svn
svn
checkout svn://svn.code.sf.net/p/hotcakes/code/trunk/yfi yfi
svn
checkout svn://svn.code.sf.net/p/hotcakes/code/trunk/yfi_cake yfi_cake
mv
yfi_cake /var/www/c2/
mv
yfi /var/www/html/
chown
-R apache. /var/www/html/c2/yfi_cake/tmp
chown
-R apache. /var/www/html/c2/yfi_cake/webroot/img/graphics
Create database.
Just for make sure, mysql running.
service
mysqld restart
For security, make password for
root user.
mysqladmin
-u root password yourpasswordmysql
Then create database for yfi
hotspot manager.
mysql
-u root -p
create database yfi;
GRANT ALL PRIVILEGES ON yfi.* to
'yfi'@'127.0.0.1' IDENTIFIED BY 'yfi';
GRANT ALL PRIVILEGES ON yfi.* to
'yfi'@'localhost' IDENTIFIED BY 'yfi';
exit;
Dump the sample database in yfi
database.
mysql
-u root -p yfi < /var/www/html/c2/yfi_cake/setup/db/yfi.sql
You can see the database that you
have created in the folder /var/lib/mysql
At last, edit /etc/selinux/config
mcedit
/etc/selinux/config
SELINUX=disabled
reboot, and let's hope everything goes well…
Test yfi_cake and yfi viewer from browser
Open browser, and go to http://<your-ip-address>/c2/yfi_cake/users/
Continue testing the viewer
component of yfi. Go to http://<your-ip-address>/yfi.
Try to enter using username and password below.
Role
|
Username
|
Password
|
Administrator
|
root
|
admin
|
Access Provider
|
ap
|
ap
|
Permanent User
|
dvdwalt@ri
|
dvdwalt@ri
|
If everything is ok, continue to
next steps.
If you find error when you install yfi hotspot manager, look at How to Fix Problems in Installing "YFI Hotspot Manager" in this blog. may be you will find the error same is like yours, and you can fix it easily.
Configuring Freeradius
Don’t install default freeradius
from command yum, because it’s never successful. I don’t know why. If you have the new
information about this, please comment.
So, download freeradius 2.2.0, from
http://freeradius.org. Before compile freeradius, install file / package
necessary.
yum
install libtool-ltdl-devel mysql-devel perl-XML-Simple perl-XML-LibXML
perl-suidperl perl-libxml-perl
perl-ExtUtils-Embed perl-Time-HiRes
cd
/usr/local/
wget
ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.2.0.tar.gz
tar
zxvf freeradius-server-2.2.0.tar.gz
cd
freeradius-server-2.2.0
./configure;
make; make install
ldconfig
Setup FreeRadius for working
together with YFI Hotspot Manager.
cd
/usr/local/etc/
mv
raddb/ raddb.orig
cp
/var/www/html/c2/yfi_cake/setup/radius/raddb.tar.gz /usr/local/etc/
tar
-xzvf raddb.tar.gz
To start automatically, when
start-up. Do this command below.
cp
/usr/local/sbin/rc.radiusd /etc/init.d/radiusd
When you running command “chkconfig --add radiusd”, you will get error
“service radiusd does not support chkconfig”.
How to fix it. Edit file /etc/init.d/radiusd, and in the top section of file, add some line command below, . So it will be like this.
How to fix it. Edit file /etc/init.d/radiusd, and in the top section of file, add some line command below, . So it will be like this.
#!bin/sh
#
chkconfig: 2345 80 30
#
description: FreeRadius 2.2.0
#
processname: radiusd
#
pidfile: $rundir/radiusd.pid
Then running command chkconfig to
add radiusd service. It should be work well.
chkconfig
--add radiusd
chkconfig
--level 235 radiusd on
Next. Because I use svn, edit /usr/local/etc/raddb/sites-enabled/default
mcedit
/usr/local/etc/raddb/sites-enabled/default
Find authorize { section, and
comment perl and sql (perl and sql, usually at below “update control”), so it
wil be like this.
update
control {
Auth-Type := perl
}
#perl
#sql
Debug the freeradius, with command
radiusd -X.
If everything is normal, the
results is like below,
... adding new socket proxy address * port
41799
Listening on authentication address * port
1812
Listening on accounting address * port 1813
Listening on command file
/usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
Press Ctrl + C, to stop. Continue
to the next steps.
Setup pptpd to work with YFi Hotspot Manager
yum install ppp
Go to http://poptop.sourceforge.net/yum/stable/packages/.
Look at the file list, select and download according to the linux operating system that you are using.
For Fedora 18 / 19, 32bit
rpm
-Uvh http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.fc19.i686.rpm
For Fedora 18 / 19, 64bit:
rpm
-Uvh http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.fc19.x86_64.rpm
For Centos 6.4, 32bit
rpm
-Uvh http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.i686.rpm
For Centos 6.4, 64bit
rpm
-Uvh http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
Edit the pptpd config file ( vim
/etc/pptpd.conf) at the end line, add:
localip
10.20.30.1
Make the chap-secret file be writable.
So the client (apache) can access the file.
chown
root.apache /etc/ppp/chap-secrets
chmod
664 /etc/ppp/chap-secrets
At last, make pptpd service will be
running automatically when startup.
chkconfig
--level 235 pptpd on
service
pptpd restart
Cron Script
cp
/var/www/html/c2/yfi_cake/setup/cron/yfi /etc/cron.d/
Then edit /etc/cron.d/yfi. Find
user www-data, and change to be user apache. Then save it. So it will be like
this.
*/5
* * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
nasmonitor >> /dev/null 2>&1
*/5
* * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
voucher_cleanup -check_for_used >> /dev/null 2>&1
0
*/3 * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
voucher_cleanup -check_for_depleted >> /dev/null 2>&1
*/5
* * * * root /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
restart_checker >> /dev/null 2>&1
*/5
* * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
notify_checker >> /dev/null 2>&1
1
0 * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
month_end -start >> /dev/null 2>&1
50
23 * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
month_end -end >> /dev/null 2>&1
#This
is a Work In Progress
#*/5
* * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
client_check >> /dev/null 2>&1
#0
*/6 * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
rogue_check >> /dev/null 2>&1
#We
can auto clean-up stale entries after the amount of seconds specified in the
configuration file:
*/5
* * * * apache /var/www/c2/cake/console/cake -app /var/www/c2/yfi_cake
stale_session_cleanup >> /dev/null 2>&1
If you find error when you install yfi hotspot manager, look at How to Fix Problems in Installing "YFI Hotspot Manager" in this blog. may be you will find the error same is like yours, and you can fix it easily.
Captive Portal / Page Login
For this section, I think I do not need to explain anymore. Because in this blog, I have been posting. But if someone asks me to explain again, I'll post again for portions captive portal.
Ok. At this point, yfi hotspot manager as a hotspot billing system is complete and ready for use.
Hello,Admin! I want to know "how to limit User login" using this YFi manager. ( I don't want to allow users to use their username and password at the same time on another computers to get internet access .)
ReplyDeleteCould you tell me..Please !
Thanks ...
Hi will this post working on Fedora 17??
ReplyDeletethis should be working...
Deletethis post working on Centos 6.5?
ReplyDeletety
I think there's no difference between centos 6.5 and centos 6.4. so this will be working...
Deleteand also centOs 6.6?
ReplyDeletety again
How can I do this parte on centOs?
ReplyDelete"LoadModule rewrite_module modules/mod_rewrite.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so"
BR
just type the command on the terminal..
DeleteIm using php 5.3.3 version
ReplyDeletewhat i have to do in this parte?
"cd /usr/local
mkdir yfi_svn
cd yfi_svn
svn checkout svn://svn.code.sf.net/p/hotcakes/code/trunk/yfi yfi
svn checkout svn://svn.code.sf.net/p/hotcakes/code/trunk/yfi_cake yfi_cake
mv yfi_cake /var/www/c2/
mv yfi /var/www/html/
chown -R apache. /var/www/html/c2/yfi_cake/tmp
chown -R apache. /var/www/html/c2/yfi_cake/webroot/img/graphics"
Atila
If you are using PHP 5.3, download and use yfi cake, dont use svn version.
Deletecan you help me with the commands I have to do instead of this?
ReplyDeleteradiusd -X
ReplyDeleteradiusd: FreeRADIUS Version 2.2.6, for host i686-pc-linux-gnu, built on Mar 16 2015 at 15:51:26
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
[others includings]
main {
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
name = "radiusd"
prefix = "/usr/local"
localstatedir = "/usr/local/var"
sbindir = "/usr/local/sbin"
logdir = "/usr/local/var/log/radius"
run_dir = "/usr/local/var/run/radiusd"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
allow_vulnerable_openssl = no
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
realm stell {
}
realm hom {
}
realm ri {
}
radiusd: #### Loading Clients ####
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed)
For more information see http://heartbleed.com
How i can fix it?
check your openssl version... maybe you need to upgrade that..
Deleteor downgrade your freeradius version...
how can I configure an interface 2 to connect to other virtual machine?
ReplyDeleteAt the interface 2 assign IP for DHCP
settings-network
Deletefor example, at adapter 2, "attached to:",, choose internal network (intrnet).
do the same on another virtual machine.
these settings are for virtualbox?
DeleteHow can I do the same in VMPlayer?
https://www.vmware.com/support/ws4/doc/network_configure_ws.html
DeleteIf I want to do this tutorial on Ubuntu Desktop 14.04 I have to use this:
ReplyDeletehttp://myconfigure.blogspot.pt/2012/03/install-hotspot-yfi-part-1.html ?
yes,...
Deleteafter this tutorial,
ReplyDeletehow can I get this access for captive portal virtual machine 2 that accesses the server=machine1?
I refer to these images:
http://2.bp.blogspot.com/-C6ggYIAM3r8/UQHx1L1hCaI/AAAAAAAAALE/urRkczCeRMc/s1600/login+client.PNG
http://3.bp.blogspot.com/-DpuWD0iKrew/UQHx0goa8GI/AAAAAAAAALI/q_hK45BYqgA/s400/client+connect.PNG
TY for continuing to help me.
I think you need to learn a few about networking... please learn it first. learn how to connect 2 computer. that's the basic.
DeleteYes already connect two computers.
DeleteI can ping.
After this tutorial.
How do I use captive portal?
Should I install CoovaChili?
http://myconfigure.blogspot.com/2012/03/install-hotspot-yfi-part-2.html
Deletesection : User Login Page
After this tutorial, on centos.
DeleteTo install hotspot. Should i have continue here: http://myconfigure.blogspot.pt/2012/03/install-hotspot-yfi-part-2.html,
at point :" Activate and change chillispot dictionary" ?
at point : "user login page"
DeleteOn my client my dns doenst work.
ReplyDeletewhen i acess google.com doenst work but 216.58.219.36 works.
Could you help me?
roel ngerii do you know why radtest return rad_recv: Access-Reject ?
ReplyDeleteI add user line to users file.
Do you know why radtest doenst work after this tutorial?
How I can configure HTTPS redirect?
ReplyDelete