Well, blogging back, here's a short and brief hot chillispot tips for smooth ChilliSpot installation.
As we all know, ChilliSpot is an open source captive portal or wireless LAN access point controller. It is used for authenticating users of a wireless LAN (WiFi). It supports web based login page which is today's standard for public hotspots. Authentication, authorization and accounting (AAA) is handled by our favorite radius server. It also supports two different access methods for a Wireless LAN HotSpot namely Universal Access Method (UAM) as well as Wireless Protected Access (WPA).
ChilliSpot man now says:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chilli has three major interfaces:
A downlink interface for accepting connections from clients, a radius interface for authenticating clients and an uplink network interface for forwarding traffic to other networks.
Authentication of clients is performed by an external radius server. For UAM the CHAP-Challenge and CHAP-Password as specified by RFC 2865 is used. For WPA the radius EAP-Message attribute as defined in RFC 2869 is used. The message attributes described in RFC 2548 are used for transferring encryption keys from the radius server to chilli. Furthermore the radius interface supports accounting.
The downlink interface accepts DHCP and ARP requests from clients. The client can be in two states: Unauthenticated and authenticated.
In unauthenticated state web requests from the client are redirected to an authentication web server.
In a typical application unauthenticated clients will be forwarded to a web server and prompted for username and password. The web server forwards the user credentials to chilli by means of redirecting the web browser to chilli. A received authentication request is forwarded to a radius server. If authentication is successful the state of the client is changed to authenticated. This authentication method is known as Universal Access Method (UAM).
As an alternative to UAM the access points can be configured to authenticate the clients by using Wireless Protected Access (WPA). In this case authentication credentials are forwarded from the access point to chilli by using the radius protocol. The received radius request is proxied by chilli and forwarded to the radius server.
The uplink interface is implemented by using the TUN/TAP driver. When chilli is started a tun interface is established, and optionally an external configuration script is called.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Read ChilliSpot installation basics here first.
Check out the latest version from this download page. Now, do
Download the latest rpm binary here or install directly via:
# rpm -ivh http://www.chillispot.org/download/chillispot-1.1.0.i386.rpm
# updatedb &
Updates.
The old safe way, make a backup copy of chilli.conf file.
# locate chilli.conf
# cp /etc/chilli.conf /etc/chilli.conf.bak
Fire up your favorite browser. And google for "chillispot hotspotlogin.php" keyword.
We are trying to fetch a higher version of hotspotlogin.php or hotspot.php file. Why? I like PHP better than CGI works. :) If you get a version of 0.97 and above, that would be great.
One reason is that this hotspot.php file from google'd page, would actually replace chilli's own CGI login page called hotspotlogin.cgi .
# locate hotspotlogin.cgi
Now, let us assume you already have hotspot.php. We need to copy this file into your root apache directory or whatever suits you as long as the location would be referenced inside /etc/chilli.conf. That basically means, your apache should be up and running as well.
Now, copy the downloaded hotspot.php to your apache root directory like
# cp hotspot.php /var/www/html/
Start your apache
# service httpd start
Note, you can add more IP address restrictions here using apache conf.d files.
Avoid the attitude of hitting copy then paste. Make sure you replace the ones that suits your values. Worry not, you have a backup copy of it, remember? Now, open up your editor and modify /etc/chilli.conf for the below changes.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pidfile /var/run/chilli.pid
dynip your-radius-server-IP-address-local-NETWORK/subnet
net your-radius-server-IP-address-local-NETWORK/subnet
dns1 your-primary-dns-IP-address
dns2 your-secondary-dns-IP-address
domain your-hostname.yourdomain.com
radiusserver1 your-radius-server-IP-address-live
radiusserver2 127.0.0.1
radiusauthport 1812
radiusacctport 1813
radiussecret your-wifi-secret
radiusnasip your-radius-server-IP-address-local
uamserver https://your-hostname.domain.com/hotspot.php
uamsecret your-uam-secret
uamlisten your-radius-server-IP-address-local
uamport 3990
uamallowed your-company.website.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# service chilli start
11 TIPS:
ChilliSpot-powered linux box acting as wifi access point gateway (controller) has been successful with noted conditions below:
1. having a redhat-based distro with kernel versions 2.6.x and above
2. with 2 NICs (Gigabit Ethernet preferably) for optimum performance with
one live IP and unassigned eth1
3. an active firewall with MASQ or preferably NAT
4. for server-based WiFi database and code generation/administration - working Apache/MySQL/PHP + FreeRadius is adviseable
5. gateway of WiFi APs = linux tun0 IP address
6. eth1 should not have any IP address
7. existing caching DNS and Squid proxy for added performance.
8. very nice if you can do PHP coding to create your own customized WiFi admin and mgmt page
9. and lastly, you are trying to avoid an erratic and sad experience the way *some and cheap WiFi box handles AAA, NAT, cloaking, code generation/mgmt (atleast for my case) and not to mention a clogged bottlenecked ethernet ports for a typical large volume of WiFi audience.
10. The last wifi box next to your linux box are cross-cabled.
If it doesn't work out right, read chilli.conf, read FAQs , join the forums and try again.
Make it colorful with your MRTG graph usage, NTOP, bandwidth
See my wifi admin and mgmt page:
Goodluck.
Subscription
Categories
- HowTos (612)
- Linux Devices (40)
- Linux Diggs (620)
- Linux News (1541)
- Linux Videos (24)
Recent Posts
Blog Archive
-
▼
2007
(340)
-
▼
July
(107)
- AMSN messenger install howto
- firefox browser - yum update howto
- kopete messenger install howto
- Gaim pidgin messenger install howto
- xmms - multimedia player install howto
- UltraDMA - speedup your harddisk howto
- sabayon - user profile manager howto
- 50 quick linux command tips part 3
- No negotiations with Microsoft in progress
- connect SamSung D820 mobile to linux howto
- yum from ISO image or CD install howto
- missing portmap reinstall howto
- 50 quick linux command tips part 2
- 50 quick linux command tips part 1
- desktop wiki install howto
- NASA tests Linux for spacecraft control
- warzone 2100 strategy 3d game install howto
- motd - message of the day
- more with kernel name version howto
- stop and start networking service howto
- change network proxy preference howto
- alexa firefox toolbar plugin install howto
- reboot / halt system via CLI howto
- gparted partitioning install howto
- google picasa install howto
- pine and pico install howto
- adobe/macromedia flash player test and install howto
- realplayer install howto
- Microsoft's TrueType core fonts install howto
- Why Choose Fedora? (Fedora vs. Ubuntu)
- Microsoft vs Opensource
- the df command
- linux possessed by monsterz
- change display setting howto
- NTP clock synchronization howto
- qtparted partitioning magic install howto
- host name and host aliases explained
- IP aliasing - virtual IP howto
- viruskiller on linux
- change keyboard language setting
- changing ethernet card settings howto
- TIP: WiFi with chillispot and linux
- play tennis the linux way
- sudoku game install howto
- my linux box talked to me
- CD/DVD burning software install howto
- A SYSAD BLOG - LINUX: list out active host connect...
- list out active host connection howto
- more with linux command named history
- GnuPG and enigmail thunderbird add-ons
- PDF file readers install howto
- digikam - KDE photo management install howto
- gnome floppy formatter
- f-spot Gnome photo manager install howto
- VLC media player install howto
- ping IP subnet block howto
- TIP: find and delete files recursively
- list out opened host ports howto
- TIP: linux process priority scheduling management
- TIP: spammer sending email using squid
- remount partition as read only howto
- additional swap file howto
- CrossOver install howto
- system-config-securitylevel-tui and lokkit howto
- format a windows partition from linux hadrdisk
- TIP: monitoring while mounting USB devices
- zero-sized a file without permission / ownership c...
- TIP: auto create mail spool when adding user
- md5sum checksum howto
- IP address to country lookup howto
- gnome mail notification install howto
- add new harddisk to existing linux system
- TIP: block an IP address
- disk space report
- more trace route command alternatives
- changing your hardware / software clock howto
- other interesting ping commands
- send email via CLI howto
- adding static route howto
- send message to all logged in users
- unzip zip untar tar bzip2 bunzip2 gzip gunzip file...
- format of /etc/passwd, /etc/shadow and /etc/group
- remove user's cron jobs howto
- find the user's files howto
- passphraseless + passwordless ssh howto
- passwordless ssh howto
- X11 Forwarding via ssh howto
- skype install howto
- disable IPv6
- lsusb - list all USB devices
- make yum faster
- lspci - list all PCI devices
- kill a process
- beginners CLI guide for static ip address
- the pidof command
- retrieve data from mysql using bash script
- VirtualBox install howto
- call bash script inside php web page
- alternative linux browsers
- last / currently logged in users
-
▼
July
(107)
Thursday, July 19, 2007
TIP: WiFi with chillispot and linux
Subscribe to:
Post Comments (Atom)
ILoveTux - howtos and news | About | Contact | TOS | Policy
0 comments:
Post a Comment