Virtual Machine daloRADIUS Administrator Guide Version 0.9-9

Virtual Machine daloRADIUS
Administrator Guide
Version 0.9-9
May 2011
Liran Tal of Enginx
Contact
Email:
daloRADIUS Website:
Enginx website:
[email protected]
http://www.daloradius.com
http://www.enginx.com
Copyright © 2011 Liran Tal All Rights Reserved.
Virtual Machine daloRADIUS Administrator Guide
Page 1/25
Virtual Machine daloRADIUS
daloRADIUS ADMINISTRATOR GUIDE
TABLE OF CONTENTS
INTRODUCTION.......................................................................................................................................................................................... 3
INTRODUCTORY TO DALORADIUS............................................................................................................................................................... 4
INTRODUCTORY TO DALORADIUS VIRTUAL MACHINE ............................................................................................................................... 4
AUDIENCE..................................................................................................................................................................................................... 5
SECURITY NOTICE ........................................................................................................................................................................................ 5
LEGAL NOTICE ............................................................................................................................................................................................. 5
CONFIGURATION ........................................................................................................................................................................................ 6
SERVER CONFIGURATION ............................................................................................................................................................................. 7
FREERADIUS .............................................................................................................................................................................................. 8
MYSQL ........................................................................................................................................................................................................ 9
DALORADIUS............................................................................................................................................................................................ 10
daloRADIUS Management Platform...................................................................................................................................................... 10
.htaccess................................................................................................................................................................................................. 11
daloRADIUS Users Platform ................................................................................................................................................................. 12
PORTAL....................................................................................................................................................................................................... 13
Captive Portal Pages ............................................................................................................................................................................. 13
Free Signup Pages ................................................................................................................................................................................. 14
PayPal Signup Pages ............................................................................................................................................................................. 15
MANAGEMENT ........................................................................................................................................................................................... 16
VIRTUAL MACHINE MANAGEMENT ............................................................................................................................................................ 17
DALORADIUS P LATFORM.......................................................................................................................................................................... 18
DALORADIUS USERS ................................................................................................................................................................................ 19
WEBSHELL.................................................................................................................................................................................................. 20
WEBMIN ..................................................................................................................................................................................................... 21
PHPMYADMIN ........................................................................................................................................................................................... 22
MAINTENANCE .......................................................................................................................................................................................... 24
UPDATING FROM SVN ................................................................................................................................................................................ 25
Virtual Machine daloRADIUS Administrator Guide
Page 2/25
Introduction
Virtual Machine daloRADIUS Administrator Guide
Page 3/25
Introductory to daloRADIUS
daloRADIUS is an advanced RADIUS web platform aimed at managing hotspots and general-purpose ISP
deployments. It features user management, graphical reporting, accounting, a billing engine and integrates
with GoogleMaps for geo-locating.
daloRADIUS is a web platform written in PHP, HTML, CSS and JavaScript and utilizes a database abstraction
layer which means, in theory it should support many database systems, although in practice daloRADIUS
queries are mostly MySQL specific (although there are patches for PostgreSQL support)
It is based on a FreeRADIUS deployment with a database server serving as the backend.
Among other features it implements operator ACLs, GoogleMaps integration for locating hotspots/access
points visually and many more features.
daloRADIUS is essentially a web platform to manage a radius server so theoretically it can manage any
radius server but specifically it manages FreeRADIUS and it's database structure. As a web application,
daloRADIUS acts as a management console to control all aspects of a RADIUS server as well as providing
extended commercial and professional features such as Accounting[1] information, graphical reports, a
Billing[2] engine and built-in integration for GoogleMaps[3] service for geo-locating
NAS servers and HotSpots centers.
Introductory to daloRADIUS Virtual Machine
The virtual machine appliance is based on Turnkey[4] virtual machine. In specific, it is based on the LAMP
edition, running the entire web application framework based on Ubuntu 10.04.1 LTS (Long Term Support).
The benefits of using the virtual appliance (and turnkey in particular):
1. It has a smaller footprint
2. Easily scale-able and manageable as a virtual machine that may be migrated to other servers or
cloned. Backup and restore procedures are easy and flexible due to the support of snapshots.
3. All components[5] related to daloRADIUS are pre-installed and pre-configured and may only require a
small amount of tweaking and configuration to be customized to your own hotspot deployment and
network infrastructure.
[1] Accounting records are dependent upon the RADIUS server's accounting functionality and the NAS to send accounting packets.
[2] The billing engine is still very much in it's early stages and provides a mere basic billing functionality
[3] The Geo-locating service depends upon an Internet connection as it is provided by the GoogleMaps service and is also subject to
Google's terms of usage
[4] Turnkey Linux - http://www.turnkeylinux.org/
[5] FreeRADIUS, LAMP setup, daloRADIUS and it's contributed scripts, portal pages, etc.
Virtual Machine daloRADIUS Administrator Guide
Page 4/25
Audience
Individuals or businesses that wish not to concern themselves with the installation and deployment of a full
scale RADIUS or daloRADIUS solution may find this virtual appliance suitable as it provides a relatively plugn-play solution with minor modifications for businesses to apply. It is a great tool to quickly evaluate the
software and servers installed.
The virtual machine may also be a good candidate for demo purposes.
Security Notice
daloRADIUS doesn't implement good security measures to avoid attacks such as XSS, CSRF or SQL Injections
and as such deployments should implement extra security measures such as password protected directory
access to the web application and consider providing access to the web application only to trusted staff.
Due to the above statement the /daloradius and / daloradius-users directories in the virtual machine are
protected by a web server's authentication method, requiring username and password to open up the
daloRADIUS platform.
Moreover, other software such as phpmyadmin, a web shell and a webmin administration console are also
installed and available and access to them should be denied (or restricted) to anyone outside your private
network. The server stack itself may also you to take precautions to secure the server.
Legal Notice
daloRADIUS is licensed under GNU's General Public License, version 2, which is available online at
http://www.gnu.org/licenses/gpl-2.0.html
daloRADIUS, being an open source project, comes with no official warranty or support beyond community
resources such as the mailing list, forums, documentation, etc.
daloRADIUS User Guide
Page 5/25
Configuration
The server has been pre-installed with many software components such as a database server, the radius
server, daloRADIUS etc. This chapter will cover all the related software and their relevant configuration items.
daloRADIUS User Guide
Page 6/25
Server Configuration
Upon booting the virtual machine will issue a DHCP request for an IP Address.
Once the system has completed booting up it will present a dialog screen representing all of the services that
are up and their addresses for logging in (web page, IP address it received, etc).
Shell root Account:
Username: root
Password: daloradius
Image: daloRADIUS Virtual Machine boot-up display
daloRADIUS User Guide
Page 7/25
FreeRADIUS
Software version installed is FreeRADIUS version 2.1.10, from source.
The source code, patched with sql counters support and it's binaries build may be found at the directory /opt
Configuration directory: /etc/freeradius
Files that were replaced by daloRADIUS are:
1. /etc/freeradius/sql.conf
2. /etc/freeradius/radiusd.conf
3. /etc/freeradius/sql/mysql/counter.conf
4. /etc/freeradius/sites-available/default
Original files were kept in the same directory level with the suffix ".orig" which enables reverting back to
stock configuration or diff'ing the change.
If changes are made to the MySQL user/pass for the radius database then it's required to also make this
change in /etc/freeradius/sql.conf
Logs are located in: /var/log/freeradius/
daloRADIUS User Guide
Page 8/25
MySQL
Software version installed is MySQL version 5.1, from the Ubuntu repository.
Configuration directory: /etc/mysql
Root Account:
Username: root
Password: daloradius
RADIUS Account:
Username: radius
Password: radius
Database name: radius
Logs are located in: /var/log/mysql/
daloRADIUS User Guide
Page 9/25
daloRADIUS
Software version installed is daloRADIUS 0.9-9 from svn repository.
daloRADIUS Management Platform
Configuration directory: /var/www/daloradius
Configuration file: /var/www/daloradius/library/daloradius.conf.php
Website Access: http://server-ip/daloradius/
If changes are made to the MySQL user/pass for the radius database then edit daloRADIUS
configuration file and set the new connection information accordingly.
The following table describes the configurable options in the configuration file that you might need to
change:
Configuration Option
CONFIG_DB_ENGINE
Value
(Default/Recommended)
mysql
CONFIG_DB_HOST
127.0.0.1
CONFIG_DB_PORT
CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME
CONFIG_MAIL_SMTPADDR
CONFIG_MAIL_SMTPPORT
CONFIG_MAIL_SMTPFROM
CONFIG_DASHBOARD_DALO_SECRETKEY
CONFIG_DASHBOARD_DALO_DELAYSOFT
CONFIG_DASHBOARD_DALO_DELAYHARD
3306
root
root
radius
127.0.0.1
25
[email protected]
sillykey
5
15
daloRADIUS User Guide
Description
The database engine.
Possible values: mysql
IP Address or Host name of
the MySQL database Server
The database engine port
Database's username
Database's password
Database name
SMTP mail server
SMTP mail from address
Heartbeat script's secret key
Heartbeat's script soft delay
Heartbeat's script hard delay
Page 10/25
daloRADIUS Web Auth:
for use when a user/pass authentication dialog asks for login when opening up the daloRADIUS
management interface.
Username: admin
Password: admin
To change the password for the admin user, perform the following:
CODE
# cd /var/www/daloradius/
# htpasswd -c .htpasswd admin
When prompted for the password, repeat it twice for verification.
To disable this authentication dialog rename, modify accordingly or completely remove the file
/var/www/daloradius/.htaccess
Admin Operator:
for use when login-in to the web application.
Username: administrator
Password: radius
Logs are located in: /var/www/daloradius/logs/
.htaccess
daloRADIUS package comes with a .htaccess[1] file which is used with the Apache web server to
configure access control to the daloRADIUS application.
There are 2 types of gaining access to the daloRADIUS application that can be configured – the first is
by authenticating with username and password and the second is by access control based on matched
IP addresses or ranges.
By default, the .htaccess does not require the user to validate with either username or password or
match the IP access ranges though these should be enabled for added security so that the web
application is not visible or accessible to anyone but you and your trusted operators staff.
Even though daloRADIUS requires username and password of it's own, there might be
insecurities that the application exposes and should be treated with counter measures such as
the Apache authentication requirement
The .htaccess also covers access to the heartbeat.php script via IP ranges only and that is due to the
fact that NASes (or any other type of nodes) which are reporting to daloRADIUS via the Heartbeat
mechanism are doing it based on HTTP GET requests on port 80 and without expecting to perform an
authentication process, hence for this script only access is granted based on IP ranges which the
NASes belong to.
[1] .htaccess in Apache's wiki: http://wiki.apache.org/httpd/Htaccess.
daloRADIUS User Guide
Page 11/25
daloRADIUS Users Platform
Configuration directory: /var/www/daloradius-users
Configuration file: /var/www/daloradius-users/library/daloradius.conf.php
Website Access: http://server-ip/daloradius-users/
If changes are made to the MySQL user/pass for the radius database then edit daloRADIUS
configuration file and set the new connection information accordingly.
daloRADIUS User Guide
Page 12/25
Portal
The following describes the configuration related to the captive portal pages as well as the free signup and
paypal signup pages.
Captive Portal Pages
The captive portal landing pages are based on the original Chillispot's contributed captive portal pages
though they have been much altered by separating them into a template-like structure, allowing
flexibility in making changes to their look & feel.
Captive Portal directory: /var/www/portal/hotspotlogin
Configuration file: /var/www/portal/hotspotlogin/hotspotlogin.php
Website Access / UAM Server: http://server-ip/portal/hotspotlogin/hotspotlogin.php
It is required to edit the configuration file and replace the $uamsecret PHP variable holding the UAM
Secret value from it's current default value "enginx" to whatever is set in your Chillispot's or
CoovaChilli's NAS for the UAM Secret value.
daloRADIUS User Guide
Page 13/25
Free Signup Pages
The free signup web pages provide an interface for freely signing up for your users.
As such, it is possible to define a profile which the users will be assigned to automatically when being
created, there-fore it is possible to limit these free users to a certain bandwidth, data transfer or
session time.
Captive Portal directory: /var/www/portal/signup-free
Configuration file: /var/www/portal/signup-free/library/daloradius.conf.php
Website Access: http://server-ip/portal/signup-free/
If changes are made to the MySQL user/pass for the radius database then edit daloRADIUS
configuration file and set the new connection information accordingly.
The following table describes the configurable options in the configuration file that you might need to
change:
Configuration Option
CONFIG_DB_ENGINE
Value
(Default/Recommended)
mysql
CONFIG_DB_HOST
127.0.0.1
CONFIG_DB_PORT
CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME
CONFIG_GROUP_NAME
3306
root
root
radius
somegroup
CONFIG_USERNAME_PREFIX
GST_
CONFIG_USERNAME_LENGTH
CONFIG_PASSWORD_LENGTH
CONFIG_SIGNUP_SUCCESS_MSG_LOGIN_LINK
4
4
…
daloRADIUS User Guide
Description
The database engine.
Possible values: mysql
IP Address or Host name of
the MySQL database Server
The database engine port
Database's username
Database's password
Database name
The group/profile the free
user will be associated with
The prefix to append to the
username
Created username length
Created password length
The success message with a
link to the login page.
Page 14/25
PayPal Signup Pages
The PayPal sign up pages are closely associated with daloRADIUS's billing engine and plans setup.
These pages provide online registration with payment being made to your PayPal business account,
resulting in the user given a valid account immediately for the plan he chose to buy.
Captive Portal directory: /var/www/portal/signup-paypal
Configuration file: /var/www/portal/signup-paypal/library/daloradius.conf.php
Website Access: http://server-ip/portal/signup-paypal/
If changes are made to the MySQL user/pass for the radius database then edit daloRADIUS
configuration file and set the new connection information accordingly.
The following table describes the configurable options in the configuration file that you might need to
change:
Configuration Option
CONFIG_DB_ENGINE
Value (Default/Recommended)
mysql
CONFIG_DB_HOST
127.0.0.1
CONFIG_DB_PORT
3306
CONFIG_DB_USER
root
CONFIG_DB_PASS
root
CONFIG_DB_NAME
CONFIG_MERCHANT_WEB_PAYMENT
radius
https://www.sandbox.paypal.com/cgibin/webscr
CONFIG_MERCHANT_IPN_URL_ROOT
https://portal.daloradius.com/portal/signuppaypal
CONFIG_MERCHANT_BUSINESS_ID
[email protected]
CONFIG_USERNAME_LENGTH
8
CONFIG_PASSWORD_LENGTH
8
daloRADIUS User Guide
Description
The database
engine.
Possible values:
mysql
IP Address or Host
name of the
MySQL database
Server
The database
engine port
Database's
username
Database's
password
Database name
The PayPal web
payment url.
Remove the
sandbox from the
URL for production
systems.
The directory URL
for the paypal sign
upages
The business ID
which will be set
as the recipient for
payments
Created username
length
Created password
length
Page 15/25
Management
daloRADIUS User Guide
Page 16/25
Virtual Machine Management
The server's web home page provides a control panel with links to access the different tools available to the
server's administrator or the hotspot owner.
This is the default page that is loaded and presented when the virtual machine IP address or hostname is
accessed.
Image: Web Console
daloRADIUS User Guide
Page 17/25
daloRADIUS Platform
Opens up the daloRADIUS Management interface for daloRADIUS administrators and operators.
Use the default administrator user's credentials to login to daloRADIUS:
Username: administrator
Password: radius
The virtual machine has a default test user (username is daloradius), do not forget to remove
this user in your production-deployed environment.
Image: daloRADIUS Platform
daloRADIUS User Guide
Page 18/25
daloRADIUS Users
Opens up the daloRADIUS Users interface which is used for users created with daloRADIUS to login and
overview their account settings. While this is not an interface an operator can login to, it is certainly possible
to login with a user's portal login account to validate his accounting is working properly.
The virtual machine has a default test user, these are the credentials to test and login with
Username: daloradius
Password: daloradius
Do not forget to remove this user in your production-deployed environment.
Image: daloRADIUS Users
daloRADIUS User Guide
Page 19/25
Webshell
Opens up an interactive, web-based, shell console.
This provides easy access to the system's shell interface without having to connect via SSH.
Image: Web Shell
It is basically ssh over https, so you may login with any valid user in the system.
To login with the default install user use:
Username: root
Password: daloradius
daloRADIUS User Guide
Page 20/25
Webmin
Opens up webmin, the web-based system management control panel.
Webmin is a web application that provides server's administrator with a management front-end to administer
components of the server, such as the web server, the crontab schedule and more.
Image: Webmin Login
You may login with any valid user in the system.
To login with the default install user use:
Username: root
Password: daloradius
Image: Webmin Interface
daloRADIUS User Guide
Page 21/25
PHPMyAdmin
Opens up phpmyadmin, the web-based MySQL management interface
PHPMyAdmin provides a graphical interface to manage the database server, simplifying database
administration operations or querying database tables.
Image: phpmyadmin platform
At the phpmyadmin login page you may use mysql's superuser root or the specific radius database user
credentials:
Root Account:
Username: root
Password: daloradius
RADIUS Account:
Username: radius
Password: radius
Database name: radius
Image: daloRADIUS Platform
daloRADIUS User Guide
Page 22/25
daloRADIUS User Guide
Page 23/25
Maintenance
daloRADIUS User Guide
Page 24/25
Updating from SVN
The virtual machine server is installed with daloRADIUS's 0.9-9 version based on the latest SVN revision.
Checking-out daloRADIUS code-base from SVN provides an easy upgrade path for fixes and improvements,
thus staying up-to-date with the latest enhancements which are pushed in to SVN constantly.
Running an SVN update
Getting the latest SVN update, run the following commands
CODE
# cd /var/www/daloRADIUS
# svn update
You may also sync with the latest SVN updates for portal files as well as the daloRADIUS Users
community.
CODE
# cd /var/www/portal/signup-paypal
# svn up
# cd /var/www/portal/signup-free
# svn up
# cd /var/www/portal/hotspotlogin
# svn up
# cd /var/www/daloradius-users
# svn up
daloRADIUS User Guide
Page 25/25