[[f11:technik:raspberrypi:hotspotdm3kb:raspeasyhpdb]]
Sie befinden sich hier: start » f11 » technik » raspberrypi » hotspotdm3kb » raspeasyhpdb
Seite anzeigen
AdminLetzte ÄnderungenÜbersicht

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung 		Vorhergehende Überarbeitung
f11:technik:raspberrypi:hotspotdm3kb:raspeasyhpdb [2014/12/05 17:34]
dm3kb 		f11:technik:raspberrypi:hotspotdm3kb:raspeasyhpdb [2019/09/29 12:03] (aktuell)
Zeile 25: Zeile 25:
  
 Easyhotspot database, username and password system/application/config/database.php Easyhotspot database, username and password system/application/config/database.php
 +
  
  
Zeile 35: Zeile 36:
  
 **Note: The script: /etc/freeradius/sql/mysql/admin.sql will not be executed as it only creates the radius user and DB permissions. This will be done manually in the next steps** **Note: The script: /etc/freeradius/sql/mysql/admin.sql will not be executed as it only creates the radius user and DB permissions. This will be done manually in the next steps**
- 
  
  
Zeile 64: Zeile 64:
 Erase all Radius information from "ehs_noraddata_0.2p3.sql" and use this modifyed file to \\ Erase all Radius information from "ehs_noraddata_0.2p3.sql" and use this modifyed file to \\
 create the tables needed for EASY-Hotspot.\\ create the tables needed for EASY-Hotspot.\\
 +ehs_noraddata_0.2p3.sql can be found in: /opt/EasyHotspot/install\\ 
 +Copy it to e.g. database_HP-only-NoRadius-NoData.sql 
 +and use vi to earse all radius related operations\\ 
 +\\ 
 +Then use this file to create the EASY-Hotspot tables in the same DB that already contain the FreeRadius tabels.\\ 
 +\\
 <code> <code>
-root@raspberrypi:~# mysql -u root -p easyhpradiusdb < /home/pi/easyhotspot/easyhotspot/install/No_rad_ehs_noraddata_0.2p3.sql +root@raspberrypi:~# mysql -u root -p easyhpradiusdb < /home/pi/easyhotspot/easyhotspot/install/database_HP-only-NoRadius-NoData.sql 
-Enter password: 2=+Enter password: ????
 </code> </code>
  
  
 ==Check tables== ==Check tables==
- +Check what tables have been created:
 <code> <code>
 mysql -u root -p easyhpradiusdb  mysql -u root -p easyhpradiusdb 
-Enter password: 2=+Enter password:???
  
  
Zeile 115: Zeile 119:
  
 ==Set DB-User Permissions== ==Set DB-User Permissions==
-As we skipped Admin.sql no radius user has been created. To split responsibilities, easyhotspot needs to access all tables and radius will only be allowd to the radius tables ( radacct, radcheck, radgroupcheck, radgroupreply, radpostauth, radreply, radusergroup )+As we skipped **Admin.sql** no radius user has been created. To split responsibilities, easyhotspot needs to access all tables and radius will only be allowd to the radius tables (This are: radacct, radcheck, radgroupcheck, radgroupreply, radpostauth, radreply, radusergroup )
  
-Note: First it is explained step by step a bit below all commands are listed as a Copy & paste block!!+**Note:** __First it is explained step by step a bit below all commands are listed as a Copy & paste block!!__
  
-Start with creating the easyhotspot user:+Start with creating the  users :
 <code> <code>
 mysql -u root -p  mysql -u root -p 
-Enter password: 2+Enter password: ???
  
 mysql>CREATE USER 'easyhotspot'@'localhost'; mysql>CREATE USER 'easyhotspot'@'localhost';
Zeile 169: Zeile 173:
 # Grant usage for easyhotspot # Grant usage for easyhotspot
  
-mysql> GRANT ALL ON easyhpradiusdb . * TO  'easyhotspot'@'%' IDENTIFIED BY  'Easy54321' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+mysql> GRANT ALL ON easyhpradiusdb . * TO  'easyhotspot'@'%' IDENTIFIED BY  'MyPass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
  
  
-mysql> GRANT SELECT ON easyhpradiusdb . radcheck TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+# Grant usage for radius 
 +mysql> GRANT SELECT ON easyhpradiusdb . radcheck TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
  
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
  
-mysql> GRANT SELECT ON easyhpradiusdb . radgroupcheck TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+mysql> GRANT SELECT ON easyhpradiusdb . radgroupcheck TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
  
-mysql> GRANT SELECT ON easyhpradiusdb . radreply TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+mysql> GRANT SELECT ON easyhpradiusdb . radreply TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
  
-mysql> GRANT SELECT ON easyhpradiusdb . radgroupreply TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+mysql> GRANT SELECT ON easyhpradiusdb . radgroupreply TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
  
-mysql> GRANT ALL ON easyhpradiusdb . radacct TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+mysql> GRANT ALL ON easyhpradiusdb . radacct TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
  
-mysql> GRANT ALL ON easyhpradiusdb . radpostauth TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+mysql> GRANT ALL ON easyhpradiusdb . radpostauth TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
  
-mysql> GRANT SELECT ON easyhpradiusdb . radusergroup TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+mysql> GRANT SELECT ON easyhpradiusdb . radusergroup TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
Zeile 208: Zeile 213:
 <code> <code>
 mysql -u root -p  mysql -u root -p 
-Enter password: 2+Enter password: ???
  
 CREATE USER 'easyhotspot'@'localhost'; CREATE USER 'easyhotspot'@'localhost';
Zeile 218: Zeile 223:
  
 # Change PW for easyhotspot # Change PW for easyhotspot
-####SET PASSWORD FOR 'easyhotspot'@'localhost' = PASSWORD('Easy54321');+####SET PASSWORD FOR 'easyhotspot'@'localhost' = PASSWORD('MyPass');
 UPDATE mysql.user SET Password=PASSWORD('Easy54321') WHERE User='easyhotspot' AND Host='localhost'; UPDATE mysql.user SET Password=PASSWORD('Easy54321') WHERE User='easyhotspot' AND Host='localhost';
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
Zeile 224: Zeile 229:
  
 # Change PW for radius # Change PW for radius
-#####SET PASSWORD FOR 'radius'@'localhost' = PASSWORD('Radpass12345');+#####SET PASSWORD FOR 'radius'@'localhost' = PASSWORD('Radpass');
 UPDATE mysql.user SET Password=PASSWORD('Radpass12345') WHERE User='radius' AND Host='localhost'; UPDATE mysql.user SET Password=PASSWORD('Radpass12345') WHERE User='radius' AND Host='localhost';
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
Zeile 232: Zeile 237:
 # Grant usage for easyhotspot # Grant usage for easyhotspot
  
-GRANT ALL ON easyhpradiusdb . * TO  'easyhotspot'@'%' IDENTIFIED BY  'Easy54321' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+GRANT ALL ON easyhpradiusdb . * TO  'easyhotspot'@'%' IDENTIFIED BY  'MyPass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
  
 +# Grant usage for radius
  
-GRANT SELECT ON easyhpradiusdb . radcheck TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+GRANT SELECT ON easyhpradiusdb . radcheck TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
  
-GRANT SELECT ON easyhpradiusdb . radgroupcheck TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+GRANT SELECT ON easyhpradiusdb . radgroupcheck TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
  
-GRANT SELECT ON easyhpradiusdb . radreply TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+GRANT SELECT ON easyhpradiusdb . radreply TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
  
-GRANT SELECT ON easyhpradiusdb . radgroupreply TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+GRANT SELECT ON easyhpradiusdb . radgroupreply TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
  
-GRANT ALL ON easyhpradiusdb . radacct TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+GRANT ALL ON easyhpradiusdb . radacct TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
  
-GRANT ALL ON easyhpradiusdb . radpostauth TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+GRANT ALL ON easyhpradiusdb . radpostauth TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
  
-GRANT SELECT ON easyhpradiusdb . radusergroup TO  'radius'@'%' IDENTIFIED BY  'Radpass12345' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;+GRANT SELECT ON easyhpradiusdb . radusergroup TO  'radius'@'%' IDENTIFIED BY  'Radpass' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
  
 FLUSH PRIVILEGES; FLUSH PRIVILEGES;
 </code> </code>
 +
  
  
 == Test "radius" User login to Radius/EasyHotspot DB == == Test "radius" User login to Radius/EasyHotspot DB ==
 +Test on commandline that the new user is able to login to DB
 <code> <code>
 mysql -u easyhotspot -p easyhpradiusdb mysql -u easyhotspot -p easyhpradiusdb
Zeile 267: Zeile 275:
  
 == Test "easyHotspot" User login to Radius/EasyHotspot DB == == Test "easyHotspot" User login to Radius/EasyHotspot DB ==
 +Test on commandline that the new user is able to login to DB
 <code> <code>
 mysql -u radius -p easyhpradiusdb mysql -u radius -p easyhpradiusdb
Zeile 274: Zeile 283:
  
 ==Create a user to test radius login== ==Create a user to test radius login==
 +<del>
 +This user is not managed via Easy-Hotspot, so creation is **optional**. \\</del>
  
-This user is not managed via Easy-Hotspot, so creation is optional.  
 <code> <code>
-echo "insert into radcheck (username, attribute, op, value) values ('user1','Cleartext-Password',':=','passwd123');" | mysql -u root -p easyhpradiusdb+echo "insert into radcheck (username, attribute, op, value) values ('user1','Cleartext-Password',':=','passwd1');" | mysql -u root -p easyhpradiusdb
 </code> </code>
  
-Check new user entry in table radcheck+<del>Check new user entry in table radcheck\\</del>
 <code> <code>
 mysql> select * from radcheck where username='user1'; mysql> select * from radcheck where username='user1';
Zeile 286: Zeile 296:
 | id | username | attribute          | op | value     | | id | username | attribute          | op | value     |
 +----+----------+--------------------+----+-----------+ +----+----------+--------------------+----+-----------+
-|  1 | user1    | Cleartext-Password | := | passwd123 |+|  1 | user1    | Cleartext-Password | := | passwd1 |
 +----+----------+--------------------+----+-----------+ +----+----------+--------------------+----+-----------+
 1 row in set (0.01 sec) 1 row in set (0.01 sec)
Zeile 292: Zeile 302:
  
  
 +==Create User via EasyHP Admin GUI==
  
-==Check / Change Freeradius shared secret ==+Log in to:[[f11:technik:raspberrypi:hotspotdm3kb:rasp1logeasyhp|EASY-Hotspot Admin GUI]] and create a (Post-Payed) User 
 +for the first tests.  
 + 
 + 
 +==Check / Change Freeradius shared secret==
 Default is "testing123" Default is "testing123"
 In case of using a different secret change password, as we have configured above of radius user in mysql, change secret in Free-Radius config. In case of using a different secret change password, as we have configured above of radius user in mysql, change secret in Free-Radius config.
Zeile 304: Zeile 319:
         #port = 3306         #port = 3306
         login = "radius"         login = "radius"
-        password = "Radpass12345+        password = "Radpass
                  
        # Database table configuration for everything except Oracle        # Database table configuration for everything except Oracle
Zeile 314: Zeile 329:
  
  
 +===Test Radius Server===
 +Now the Radius Server can be tested as a valid user is available.\\
 +Start Radius in Debug-Mode:
 +<code>
 +freeradius -X
 +</code>
 +Dont panic, tons of output will run over the screen, but important is that after some time \\
 +a line named: **Ready to process requests.** is displayed\\ 
 +Now login on another terminal and test radius communication with MySQL by requesting login-In for for the user just created via [[f11:technik:raspberrypi:hotspotdm3kb:rasp1logeasyhp|EASY-Hotspot Admin GUI]] e.g. user1 with pw passwd1 on localhost 1812 and secret RaspiRadi:
 +<code>
 +root@raspberrypi:~# radtest user1 passwd123 localhost 0 RaspiRadi
 +Sending Access-Request of id 35 to 127.0.0.1 port 1812
 + User-Name = "user1"
 + User-Password = "passwd123"
 + NAS-IP-Address = 127.0.1.1
 + NAS-Port = 0
 + Message-Authenticator = 0x00000000000000000000000000000000
 +rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=35, length=20
 +root@raspberrypi:~# 
  
 +</code>
 +If you see the reply from Radius that an Access-Accept packet is received the Radius is operational.
  
  
Zeile 320: Zeile 356:
  
  
-Additional: Only if something went wrong and a restart is necessary: Drop DB and User:+**Additional:** Only if something went wrong and a restart is necessary: Drop DB and User:
  
 <code> <code>
Zeile 339: Zeile 375:
 </code> </code>
  
- 
-===Start RADIUS in debug mode:=== 
-<code> 
-freeradius -X 
-</code> 
-Dont panic, tons of output will run over the screen, but important is that after some time \\ 
-a line named: **Ready to process requests.** is displayed\\  
-Now login on another terminal and test radius communication with MySQL by requesting login-Infor for user1 with pw passwd123 on localhost 1812 and secret RaspiRadi1234: 
-<code> 
-root@raspberrypi:~# radtest user1 passwd123 localhost 0 RaspiRadi1234 
-Sending Access-Request of id 35 to 127.0.0.1 port 1812 
- User-Name = "user1" 
- User-Password = "passwd123" 
- NAS-IP-Address = 127.0.1.1 
- NAS-Port = 0 
- Message-Authenticator = 0x00000000000000000000000000000000 
-rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=35, length=20 
-root@raspberrypi:~#  
  
 </code> </code>
f11/technik/raspberrypi/hotspotdm3kb/raspeasyhpdb.1417797262.txt.gz · Zuletzt geändert: 2019/09/29 12:01 (Externe Bearbeitung)
Seite anzeigenÄltere Versionen
Medien-ManagerNach oben
CC Attribution-Noncommercial-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0