Setting up ChilliSpot with FreeRadius on Tomato

I’ve decided to share how to setup Chillispot with Free Radius, using MySQL for the user database, and running ChilliSpot on the tomato firmware.

I don’t want to make this too long, but also want to be detailed, so don’t be surprised if this spreads over a few posts.

The first step in setting up is to install mysql. We will assume you are running a Redhat / CentOS / Fedora based system, and have access to yum, if you don’t, simply install the package using your package manager, or from source.

We will need mysql, so:

yum install mysql-server mysql

This will install the mysql server and mysql, if not already installed. In a lot of cases, you’ll already have these installed.

Next, we want Free Radius, with mysql configured, so:

yum install freeradius-mysql

Note, this works for CentOS based Operating Systems, it should also work for those running others as well.

This installs Free Radius, it’s MySQL support, and the SQL file needed to run Free Radius from a MySQL database.

This means that you’ll have Free Radius installed, MySQL installed, and be ready for the next step, creating the database.

Creating the database is a simple task:

First,
echo “Create database radius;” | mysql -u root -ppass

Then,

mysql -u root -ppass radius < /usr/share/doc/freeradius-1.0.1/db_mysql.sql This will create a database called 'radius', using the SQL statements in the file db_mysql.sql. Be sure to replace "pass" with your passw0rd. Please note, that if you already have a radius database, don't run the above, it could destroy the information inside it. Next, Free Radius needs to be configured to support the authentication method being used with ChilliSpot. So, we start configuring Free Radius: cd /etc/raddb nano sql.conf Most of the values in this file will be perfectly fine, you will need to change the server, login, password, and database values to those appropriate for your setup however. Scroll further down in the file, and edit the sql_user_name value to: sql_user_name = "%{Stripped-User-Name:-%{User-Name}}" If you believe that you might have unsafe SQL chars in the username field (generally not). If you want to check for simultaneous sessions, you need to uncomment lines further down: simul_count_query simul_verify_query That is generally all you need in the sql.conf file. Next, nano into /etc/raddb/radiusd.conf With this file open in nano, control W to bring up the whereis dialog. Type in: "authorize {", and press enter. You'll find yourself at the section for authorize requests. Scroll through the configuration, and find sql. You can optionally comment all the other options in the authorize section, as they are useless with a MySQL only setup. Do the same for "accounting {", uncommenting the line for "sql" to enable SQL accounting, and save the file, and exit. Next, we need to add some test data to the radcheck table, to test if the radius server can authenticate correctly. So, at the command line, type mysql -p This will start the MySQL client program, asking for a password, type in the password for your root MySQL user, and press enter. Next, type "use radius;", press enter. Next, type "insert into radcheck (UserName, Attribute, op, Value) VALUES ('testuser','Password','==','testpass');", and press enter. That is essentially a test user setup and the radius server configured for MySQL. Now all that is left is plugging ChilliSpot into it, and setting it up to authenticate, which will be tomorrow's post. Not everyone will have yum available, and of course, not all those commands will be able to be copy and pasted to be run by 100% of people, however, you can indeed compile the software to get the same result. FreeRadius has modules that are experimental, some of which might affect how you plan to use Free Radius. Experimental modules require compilation of Free Radius to enable the support of them. The above information is offered on an all care, but no responsibility basis. I suggest you seek expert opinion before attempting any of the commands, or using any of the information if you don't understand what you are doing. I can't be held responsible for your use, misuse or abuse of the above information. Did you know that Radius servers don't just get used to authenticate users for a wireless service? In fact, radius servers have many other uses, and nearly every reader uses one everytime they connect to the internet? Radius servers are used in businesses to Authenticate users for accessing services, by ISPs to authenticate users and manage IP addresses for nearly all internet customers, as well, they have uses in many other industries, such as banking ? I didn't mention above that you can also skip MySQL and just use a flat file configuration with FreeRadius for user authentication. It's probably better to add an extra layer of MySQL as it is definitely more manageable, and provides a real time effect compared to running from a file. With this all in mind, I'll let that settle in and tomorrow, do a guide on connecting ChilliSpot to this part of the setup. And, finally, will show just how to get FreeRadius running on Tomato (a firmware for some WRT Linksys routers, which doesn't include all the features of DD-WRT, but includes the best QoS setup, and is therefore more preferred). Enjoy.