Professional Documents
Culture Documents
2009
by Liran Tal
liran@enginx.com
daloRADIUS ships with CoovaChilli (and Chillispot's) captive portal pages and support those only.
Moreover, it provides a PHP version for the captive portal pages which are suitable to deploy on a LAMP
based install, while introducing a a templating system for the captive portal pages which makes it extremely
easy and convenient for businesses to modify the portal pages and customize to their needs.
Project's References:
1. Wifidog: http://dev.wifidog.org
2. NoCatAuth: http://nocat.net
3. Chillispot: http://chillispot.info
4. CoovaChilli: http://coova.org/CoovaChilli
Out-lined below are the steps to take for a Ubuntu or a Debian-based Linux distribution:
(while the document refers to CoovaChilli, most if not all configuration examples are relevant to Chillispot as
well and so, CoovaChilli and Chillispot are interchange-able in the scope of the document)
1. Get latest release of daloRADIUS ( >= 0.9-8 ) and unpack the tar.gz package to a local directory.
CODE
# cd /tmp
# wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius-0.98/daloradius-0.9-8.tar.gz?use_mirror=garr
# tar zxvf daloradius-0.9-8.tar.gz
2. Copy the hotspotlogin directory from contrib/chilli/portal2 (found in the top-level directory of the
daloRADIUS package) to the website accessible directory of your choice. For the example through-out
this document we will use /var/www/dalohosting/hotspotlogin/
CODE
# mkdir p /var/www/dalohosting
# cp -arp /tmp/daloradius-0.9-8/contrib/chilli/portal2/hotspotlogin/ /var/www/dalohosting/
3. Adjust file permissions for the web server user and group
CODE
4. CoovaChilli (and Chillispot) communicates with the (remote) portal pages over SSL, and the
CoovaChilli directive that is required in CoovaChilli's configuration is:
CODE
#
#
#
#
uamlisten
uamport
uamserver
uamsecret
192.168.182.1
3990
https://www.example.com/hotspotlogin/hotspotlogin.php
mysecretuampassword
Information regarding these parameters and others is available through CoovaChilli's homepage,
forums, mailing list and documentation.
In the given example, the hotspotlogin directory is accessible from that example domain. It's
necessary to make sure that a good shared secret is used for the uamsecret directive which needs to
match the same in both the hotspotlogin files and the CoovaChilli configuration files.
5. Configuring the hotspotlogin directory, we need to specify the uamsecret that was set previously in
the CoovaChilli configuration. Use the preferred editor by your choice to edit the file
/var/www/dalohosting/hotspotlogin/hotspotlogin.php and set the uamsecret variable at the beginning
of the file accordingly:
CODE
6. It is required to make the hotspotlogin directory accessible to the web server via the exact location as
we set in CoovaChilli's uamserver definition. To achieve this we define a VirtualHost entry: (though it
is beyond the scope of this document to explain it in every other possible way, use apache's
references).
Enabling SSL support in apache:
CODE
#
#
#
#
While this isn't an apache guide, the steps above should be sufficient for an already installed apache2
server to add SSL support.
Next, adding a VirtualHost file entry (assuming a NameVirtualHost entry for this domain already
exist). The
CODE
<VirtualHost 1.1.1.1:443>
ServerName www.example.com
ServerAlias www.example.com
DocumentRoot /var/www/dalohosting/
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
CODE
# a2ensite hotspotlogin-ssl
# /etc/init.d/apache2 restart
It might be a good idea to make sure the web server is configured to listen for SSL on the correct IP
address as stated above. Take a look at /etc/apache2/ports.conf
Successful Login
Finally,
When the captive portal pages have been installed and configured correctly in the remote web server, and
the CoovaChilli configuration has correct parameters and the software is running on a NAS or a sandbox
Linux system, if the user attempts to connect to the wireless network (at least, wireless in most cases) an IP
address is allocated by the DHCP server ran by CoovaChilli for the user.
At this point, the user will attempt to open the browser and surf the Internet, since CoovaChilli is configured
to run as a captive portal software it will intercept the user's port 80 (web traffic) request and displays the
configured captive portal page, as shown in the screenshot:
Feedback
We hope you enjoyed this tutorial and made the best of it.
For comments and general feedback please contact us via email at team@enginx.com