HOWTO: Install CoovaChilli on a

Raspberry Pi using Raspbian, FreeRADIUS

and MySQL

Introduction
I was in need of another project. I should probably just stop here...but I feel I need to provide a rationale
for doing this (mainly for myself or perhaps my wife because of the time I put into these “projects”).

Anyway, here goes my (shabby) rationale….like many of you my wife and I get lots of visitors who want
internet access for their many devices while they’re staying with us and because of this I’m constantly
giving out my wireless password. I have a separate network for guests already that isolates them from
my primary internal network where my fileserver, etc, is located so guests don’t have access to anything
important. To deal with this I could either take the easy route or the fun route. The easy route: simply
just change my wireless password on a regular basis or after guests leave…but why do that when you
could do it the fun way? Set up a wireless hotspot and have a new project!

After you’ve gone through this, please feel free to modify and improve upon this document.

The Intended Audience

The intended audience for this howto are people fairly new to linux and who have purchased the
Raspberry Pi as an educational tool. As such, I go into a fair amount of detail so that the beginner can
follow the steps and get to a working hotspot. The beginner can then go back once it is installed and try
to understand in more detail what just happened.

Despite the focus being for beginners anyone can use this; there are likely a few areas where the more
advanced user may choose to deviate or do things a little differently but that’s what this is all about –
learning and having fun doing it.

An Overview of the Process

At a very high level the following are the steps required to take your fresh Raspbian install to a working
CoovaChilli-powered hotspot.

Step 1: Install the required software.

Step 2: Configure how your network is setup to get your WAN and LAN working to support a hotspot.

Step 3: Configure MySQL. This will be where you store your usernames and any restrictions you will
place upon any users, etc.

Step 4: Configure FreeRADIUS. In this step we also need to configure FreeRADIUS to work with MySQL
so these two programs can work together.

Step 5: Install and configure CoovaChilli. On the Raspberry Pi you need to compile CoovaChilli from its
source package and then install the resulting .deb file. Once installed, we’ll configure it to work together
with the other installed software.

Step 6: Configure the firewall.

Step 7: Set up your Access Point so your hotspot users can access it.

Step 8: Set up users and add restrictions

A Few Things First

There are a few things that require an honourary mention:

 Obviously, you will need a Raspberry Pi – I’ve only tested this on a model B. I haven’t tweaked
the Pi in any way (i.e., no overclocking, etc). It’s also important to mention that I’ve installed
everything on my Pi. It is possible to set this up on your router or on separate devices but this is
beyond the scope of this howto.
 To make CoovaChilli work on any system you need to have two Network Interface Controllers or
NICs. Since the Pi only has one LAN port we need to physically add another and in this case it is
simple and inexpensive to use a wireless dongle as our second NIC.
 For the wireless dongle I’m using the Edimax EW-7811un (however, check the Raspberry Pi
compatibility list for others). The only reason I chose this one is that it was small and didn’t
require a powered USB hub to work but the downside is it is slow.
 The operating system I used was: 2013-07-26-wheezy-raspbian and it is available to download at
raspberrypi.org.
 With the exception of a few packages which, I’ll tell you about when we get to it, I used the
standard repository to download and install the required binary packages (i.e., .deb files).
 As a suggestion, before modifying any of the configuration files I would encourage you to make a
backup copy in case you need or want to go back to them. For the most part the default
configurations just work. You obviously need to tweak them to your specific system but
generally these are fairly minor. If you want to have a more advanced set up then I’ll leave that
to you to do further research.
 A wireless router that is configurable to the required specs (defined below).
 If you run into problems throughout this howto I would encourage you to run the different
programs in their debug mode to see what error is showing.
 You will need to have root access to work through this process.
 Some nomenclature: $ means a non-root user while # means a root user
  The text editor I’m using is nano as it comes preinstalled and is a fairly lightweight basic editor
that is easy to use and learn.
 Create a root user as it will be required for this howto.
 The following text, used throughout the document, means that you need to enter this into the
command line. So in keeping with the previous bullet let’s start by creating the root user:
$ sudo passwd root

The Steps
Step 1: Install the Required Software
The software you need to download and install in this section comes from the repositories only. When
we need to download and compile the source packages we’ll go through that in those sections. The only
assumption at this point is that you have a newly installed and working Raspbian command line with
internet access.

First, update the software that came with the standard install:

$ sudo apt-get update && sudo apt-get upgrade

Install the required packages used for building packages from source (we’ll need these later):

$ sudo apt-get install debhelper libssl-dev libcurl4-gnutls-dev

Install the packages we’ll be using in conjunction with CoovaChilli:

$ sudo apt-get install mysql-server freeradius freeradius-mysql

A couple of points to make:

 When installing MySQL you will be asked to enter a root password – please remember this as
you will be using this several times throughout this FAQ.
 During the installation process of FreeRADIUS there will come a point where it generates Diffie-
Hellman (DH) parameters – the time it takes to compute these is highly variable but typically this
is a time to grab a coffee as it will likely take a while.
 With the exception of two packages (CoovaChilli and haserl) we now have everything we need.
Step 2: Networking
The purpose of this section is to set up your network interfaces appropriately so that one interface
connects to the internet and the other interface is set up so that it can be used by CoovaChilli to manage
your hotspot clients.

As stated previously, CoovaChilli requires 2 NICs and therefore we need to setup our networking for two
NICs. In this case the assumption is that you have a wireless dongle plugged in and recognized by your Pi
that will serve as our second NIC.

We’ll set it up so your internet connection comes from the wireless dongle represented by wlan0 and
the wired interface (eth0) will be managed by CoovaChilli. This is probably the simplest setup – the
reverse has other complications that are beyond the scope of this howto.

$ sudo nano /etc/network/interfaces

Modify the file to look like this: (remember to back up your original file)

auto lo
iface lo inet loopback

# eth0 is the wired interface that will be managed by CoovaChilli

# The ip address listed below will be entered into the file /etc/chilli/defaults and assigned to the variable
# HS_UAMLISTEN=10.1.1.1 and the network address will be assigned to $HS_NETWORK=10.1.1.0,
HS_LANIF = eth0

# CoovaChilli isn’t even installed yet so don’t worry too much about this – it’s more for your information
at this point and for reference when you look back to see how everything fits together.

auto eth0
iface eth0 inet static
address 10.1.1.1
netmask 255.255.255.0
network 10.1.1.0

# The primary internet connection

# Given that wlan0 is the primary internet connection then later in the file /etc/chilli/defaults we set the
variable HS_WANIF=wlan0

auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface wlan0 inet dhcp
wpa-ssid “YourSSID”
wpa-psk “YourPassword”
Now we need to edit the wpa_supplicant.conf file:

$ sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

The following set up assumes you are connected to your router using WPA/2-PSK mode. I use AES as it is
more secure and faster so I would strongly encourage you to use it over TKIP. Add this to the end of the
file:

network={
ssid=”YourSSID”
psk=”YourPassword”
proto=RSN
key-mgmt=WPA-PSK
pairwise=CCMP
auth_alg=OPEN
}

When you’re done you can restart the networking service:

$ sudo /etc/init.d/networking restart

$ ifconfig

You should see that wlan0 has an IP address from your wireless router (confirm this). You should also
see that the eth0 interface has been assigned an IP address of 10.1.1.1. If this is not the case then
reboot your pi (for whatever reason I had to do this once for it to pick up the change – strange).

Step 3: Configure MySQL

We’ve already installed MySQL in step one so now we’re ready to configure it. This is where you’ll need
the MySQL root password you created during the installation of MySQL.

For most of this howto you can save yourself time from typing ‘sudo’ before every command by
switching to the root user.

$ su root

Create a MySQL database called ‘radius’:

# echo “create database radius;” | mysql –u root –p

OR, you can do this

# mysql –u root –p

mysql> create database radius;

mysql> quit
The reason I showed you this alternative is because when you want to come back later to check, edit,
update, delete, or what have you, the contents of the tables in the radius database then it’s easier to do
it the second way. The first way is simple and efficient as you’re only using one line but you will need to
get familiar with MySQL if you want to build on this howto.

Create the tables in the new radius database you just set up. For this step (i.e., schema.sql) you must be
the root user – even sudo doesn’t work.

# mysql –u root –p radius < /etc/freeradius/sql/mysql/schema.sql

# mysql –u root –p radius < /etc/freeradius/sql/mysql/admin.sql

Create a user. This is a test user who will login to your CoovaChilli hotspot account later.

# echo “insert into radcheck (username, attribute, op, value) values (‘user1’,
‘Cleartext-Password’, ‘:=’, ‘password’);” | mysql –u root –p radius

Step 4: Configure FreeRADIUS

The first step is to configure FreeRADIUS to use the MySQL database you just set up. FreeRADIUS comes
configured to essentially work out of the box; however, the default setup is to use flat files rather than to
use MySQL. Much of this section is used to get FreeRADIUS to use MySQL. Oh yeah, the binary version
of FreeRADIUS that is installed from the repositories is version 2.1.12.

Now edit the main radius configuration file:

# nano /etc/freeradius/radius.conf

Uncomment the line:

$INCLUDE sql.conf

More edits to make MySQL work:

# nano /etc/freeradius/sites-available/default

This file is organized into sections of code and there are three sections you need to modify. Find the
following blocks of code and uncomment the sql line in each.

authorize {
sql
}

accounting {
sql
}
session {
sql
}

Now that we have FreeRADIUS configured to work with MySQL, let’s test it to ensure it is configured
properly. First we stop the FreeRADIUS daemon.

# /etc/init.d/freeradius stop

Then restart FreeRADIUS in debug mode:

# freeradius –X

At this point you’ll see reams of output filling up your screen. What’s important here is to look at the
end and check for a line that says “Ready to process requests”. If you see that then great! If not then
check the reams of output as it will tell you where the error occurred. Check to make sure you didn’t
forget to uncomment something or you didn’t make a typo, etc.

Now that FreeRADIUS is processing requests we need to make sure it will authenticate the test user you
entered previously, that is, user1 with its associated ‘password’. Open up another terminal (alt-F2 or if
you’re using something like Putty then start a new session) and enter the following:

# radtest user1 password localhost 0 testing123

If all goes well, you should see output that says: “rad_recv: Access-Accept packet from host 127.0.0.1….”.
If not, check to make sure you added the user and password correctly and that you’ve followed the
correct sequence above to allow FreeRADIUS to read the MySQL database.

Note: testing123 is the shared secret that’s configured in /etc/freeradius/clients.conf. This is typically
shared between the router using the WPA2 Enterprise setting and FreeRADIUS to authenticate each
other. In our case it authenticates FreeRADIUS and CoovaChilli.

Now you can close the extra terminal you’ve opened and in the first terminal hit <ctrl-C> to stop
freeradius in debug mode. Now restart the freeradius daemon:

# /etc/init.d/freeradius start

Step 5: Install and Configure CoovaChilli 1.3.0

In this section we’ll compile and install two programs from source: CoovaChilli and haserl. Let’s begin
with CoovaChilli.

Enter the /usr/src directory and download the following file:

# cd /usr/src

If you are installing this on an i386 system (and not a Raspberry Pi) then download the following binary
to make your life easier:

# wget http://ap.coova.org/chilli/coova-chilli_1.3.0_i386.deb
Back to the Pi…the first step is to get the source code from the CoovaChilli website:

# wget http://ap.coova.org/chilli/coova-chilli-1.3.0.tar.gz

On my system I calculated the sha256sum of this file to be:

ca24ac274340c65a8e7ff704e6866a04380a87c444f261ba84097f0bd1c162e8 coova-chilli-1.3.0.tar.gz

It’s a good habit to check this to make sure your file is complete. On your system simply do the following
to get the sha256sum of your .tar.gz file:

$ sha256sum coova-chilli-1.3.0.tar.gz

Now compare your number to the one listed above. If the hashes are the same – perfect! If not, then
you may want to re-download the file.

Once it’s downloaded and verified then unpack the file:

/usr/src # tar xzf coova-chilli-1.3.0.tar.gz

This creates a directory called: coova-chilli-1.3.0. Enter the directory:

/usr/src/ # cd coova-chilli-1.3.0

We are now ready to configure the source code. To do this change back to a non-root user:

/usr/src/coova-chilli-1.3.0 # exit

As a normal user go back into the coova-chilli source code directory (if not already in it):

$ cd /usr/src/coova-chilli-1.3.0

Now we can configure the source files with the following options. It looks intimidating doesn’t it! Note
that the dashes preceding the tags below are double hyphens ( --) not singles; those joining two words
are a single hyphen.

/usr/src/coova-chilli-1.3.0 $ ./configure --prefix=/usr

--mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \
--sysconfdir=/etc --localstatedir=/var --enable-largelimits \
--enable-binstatusfile --enable-statusfile --enable-chilliproxy \
--enable-chilliradsec --enable-chilliredir --with-openssl --with-curl \
--with-poll --enable-dhcpopt --enable-sessgarden --enable-dnslog \
--enable-ipwhitelist --enable-redirdnsreq --enable-miniconfig \
--enable-libjson --enable-layer3 --enable-proxyvsa --enable-miniportal \
--enable-chilliscript --enable-eapol --enable-uamdomainfile \
--enable-modules --enable-multiroute

Don’t worry it will come to the end in a bit….and when it does you need to set the compatibility level for
debhelper otherwise you’ll get something like:

…: No compatibility level specified in debian/compat

… :The package will soon FTBFS; time to fix it!
… :Compatibility levels before 5 are deprecated (level 1 in use)
Failing to set the compatibility level may result in a .deb file that’s incomplete, unstable or unusable.
Therefore let’s set the compatibility level to 9:

/usr/src/coova-chilli-1.3.0 $ echo 9 > debian/compat

Now we need to modify the /usr/src/coova-chilli-1.3.0/debian/rules file:

$ sudo nano /usr/src/coova-chilli-1.3.0/debian/rules

On line 54 of the file (close to the bottom) under install: build, we need to replace the following line:

$(MAKE) DESTDIR=$(CURDIR)/debian/tmp install

With:

$(MAKE) DESTDIR=/ install

This ensures the necessary files are put into /etc/chilli/ directory and not in the directory specified in the
original line. Failing to do this will cause an error.

We’re now at the point where we’re ready to compile the source code into an actual .deb file that you
can install!

/usr/src/coova-chilli-1.3.0 $ sudo dpkg-buildpackage –us –uc

Now that you just hit enter, you can sit back and watch the Pi do some real work. This takes about +/-20
minutes on my Pi (with no overclocking or tweaking). Once finished, the resulting .deb file (including a
few other files) will be located in the /usr/src directory and will be called: coova-chilli_1.3.0_armhf.deb

Now we can install our new .deb file. Make sure you go up a level to the /usr/src directory where the file
is located.

/usr/src $ sudo dpkg –i coova-chilli_1.3.0_armhf.deb

When this is finished you’ll be presented with the following options: (Just select the default)

Configuration file `/etc/init.d/chilli'

==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** chilli (Y/I/N/O/D/Z) [default=N] ? N
You should now get an error that says:

Starting chilli: SIOCSIFADDR: No such device

eth1: ERROR while getting interface flags: No such device

This is okay. Chilli tried to start and since we haven’t configured it yet it failed.

Despite the error, this should be a happy moment in your progress….if you’ve never compiled and
installed a program from its source before give yourself a pat on the back!

Now that we’re on a roll compiling our code from source let’s do it once more. Let’s start by
downloading the source code:

/usr/src $ sudo wget http://downloads.sourceforge.net/project/haserl/haserl-

devel/haserl-0.9.30.tar.gz

FYI, haserl is a light-weight program to create cgi web scripts.

Now unpack it:

/usr/src $ sudo tar xzf haserl-0.9.30.tar.gz

Calculate the sha256sum of this file and compare it to the one below.

$ sha256sum haserl-0.9.30.tar.gz

01f9f942c58beb8eb6acd7fdbc5fa32e9156a9b8630992def7eb5a48c5f04b50 haserl-0.9.30.tar.gz

Enter the haserl directory:

/usr/src $ cd haserl-0.9.30

Configure the file (this time with no options so this feels…well…easy):

/usr/src/haserl-0.9.30 $ ./configure

Now we make and install the file:

/usr/src/haserl-0.9.30 $ sudo make && sudo make install

haserl should now be installed and we’ll come back to it in a bit.

Now we’re ready to actually configure CoovaChilli. First we need to enable the service so it will start. It is
turned off by default. To enable it to start simply edit the following file:

# nano /etc/default/chilli

Change the first line from a 0 to a 1:

START_CHILLI = 1

Okay, now we’re going to edit the main chilli configuration file:

# nano /etc/chilli/defaults

Note this is the file I referred to previously when we set up our networking. The first few items we’re
changing are to be consistent with what’s in the /etc/network/interfaces file.

HS_WANIF = wlan0 # From our /etc/network/interfaces file

HW_LANIF = eth0
HS_NETWORK = 10.1.1.0
HS_UAMLISTEN = 10.1.1.1
HS_DNS1 = 8.8.8.8
HS_UAMALLOW = 10.1.1.0/24
HS_RADSECRET = testing123
HS_LOC_NAME = “Guest AP”
# From our /etc/network/interfaces file
# From our /etc/network/interfaces file
# From our /etc/network/interfaces file
# Set it to google because I know it works
# This doesn’t need to change but you might want to change this later.
# You’ll just need to change it in /etc/freeradius/clients.conf as well
# Change this to what you’d like to appear on your login page

Step 6: Configure the Firewall

Our next step is to configure the firewall using iptables. CoovaChilli comes preconfigured to do the
heavy lifting for you but we do need to add a couple of entries. Edit the following file:

$ sudo nano /etc/chilli/up.sh

At the bottom of the file add the following line:

iptables –I POSTROUTING –t nat –o $HS_WANIF –j MASQUERADE

Remember we installed haserl? We’ll now edit the following file and add the path to haserl:

$ sudo nano /etc/chilli/wwwsh

Go to the line where it says:

haserl = $(which haserl 2>/dev/null) and replace it with:

haserl = /usr/local/bin/haserl
We’re nearly done. We only have to restart all of our services. Now this doesn’t have to be done (it’s
not Windows) but I’d suggest rebooting to ensure all changes are made.

$ sudo reboot

Once you’ve logged back into the Pi, you will need to start chilli.

$ sudo /etc/init.d/chilli start

Okay. Your CoovaChilli Captive Portal should now be configured and, if the stars are aligned, working.

If you check ifconfig you should see a new tun0 interface – this is a good sign.

$ ifconfig

Step 7: Setup your Access Point

To make CoovaChilli work, you need to turn you router into a bridge. I have dd-wrt installed on my
router so this is possible. You need to check your router to see if you can do this on yours. In dd-wrt you
need to do the following:

(a) Disable the DHCP Server

Under Setup: Basic Setup
DHCP Server Disable

(b) Set your broadcast SSID

Under Wireless: Basic Settings
Wireless Network Name (SSID) Your-Hotspot
Wireless Channel Auto

(c) Disable the Security Mode

Under Wireless: Wireless Security
Security Mode: Disabled

(d) Disable the firewall

Under Security
Firewall Protection Disable

The physical setup of your router:

Plug the Ethernet cable from your Pi into a LAN port on your router (not the WAN/internet port).
Remember your wireless dongle should already be receiving your internet signal.

Now let’s test it.

From another computer wirelessly connect to the network you just set up. Start your web browser and
fingers crossed it should bring up the Coova login page. If so, then great job! You now have your own
wireless hotspot! Your (geeky) neighbours will be jealous!
Remember you set up a test user called ‘user1’ with a password of ‘password’. Enter those into the
user/password fields. If all is successful you should be able to access the internet through your hotspot.
Now enter a non-existent user and password to see if it fails – it should. If both of these work then
congrats!

Step 8: Setting Up Users and Setting Restrictions

Okay, what fun is a hotspot if you can’t set up some restrictions!?

There are many restrictions you can set up for your users. I’m going to show you some of the basic ones
but if you’d like more complicated restrictions then I’d send you to “google”.

For the most part the user restrictions are managed and setup through FreeRADIUS rather than
CoovaChilli which means we’ll be modifying our MySQL tables to set the restrictions. Okay, so let’s get
started. Edit the following file:

$ sudo nano /etc/freeradius/radius.conf

Uncomment the line so it reads:

$INCLUDE sql/mysql/counter.conf

Now we will edit the following file:

$ sudo nano /etc/freeradius/sites-available/defaults

Within the authorize section of the file we’re going to uncomment sql; however, depending on the
restrictions you want to apply you must also add them to this file. We’re going to add four counters:
noresetcounter, dailycounter, monthlycounter, expiration. All but expiration are found in
/etc/freeradius/sql/mysql/counter.conf since expiration is a module.

authorize {
sql  uncomment
noresetcounter add
dailycounter add
monthlycounter add
expiration add
daily  uncomment this one
}
accounting {
daily uncomment
}
Now that we’ve modified this file we need to add some entries into the dictionary:

$ sudo nano /etc/freeradius/dictionary

Add the following lines:

ATTRIBUTE Daily-Session-Time 3000 integer

ATTRIBUTE Max-Daily-Session 3001 integer

ATTRIBUTE Monthly-Session-Time 3002 integer

ATTRIBUTE Max-Monthly-Session 3003 integer

ATTRIBUTE Max-All-Session-Time 3004 integer

ATTRIBUTE Max-All-Session 3005 integer

To deal with the expiration restriction we need to add some code:

$ sudo nano /etc/freeradius/sql/mysql/counter.conf

sqlcounter expiration {
count-attribute = "Acct-Session-Time"
counter-name = "Max-Allowed-Session"
check-name = "Expiration"
sqlmod-inst = "sql"
key = "User-Name"
reset = "never"
query = "SELECT IFNULL(TIME_TO_SEC(TIMEDIFF(NOW(), \
MIN(AcctStartTime))),0) FROM radacct WHERE \
UserName='${key}' ORDER BY AcctStartTime LIMIT 1;"
}

Now that we’ve got our system configured we can now proceed to add new users along with
restrictions:

If we want to add a new user called “Sam” with an associated password “Sam’sPassword” we do the
following:

# echo “insert into radcheck (username, attribute, op, value) values (‘Sam’,
‘Cleartext-Password’, ‘:=’, ‘Sam’sPassword’);” | mysql –u root –p radius

Now one of the benefits of using MySQL is that immediately after you added Sam, you can now login
as Sam without restarting any of your services.
You can add as many or as few (i.e., none) of the restrictions provided below to any or all of your
users. Add the desired restrictions to the appropriate users in the MySQL database. Some examples
follow:

Example 1:

This will set the maximum time that Sam can access the internet to 10800 seconds or 3 hours:

# echo “insert into radcheck (username, attribute, op, value) values (‘Sam’, ‘Max-Daily-Session’, ‘:=’,
10800);” | mysql –u root –p radius

Example 2:

The following will limit when user1 can logon to the internet. Note that user1 can only access the
internet between 9.00am and 6.00pm in the example.

# echo “insert into radcheck (username, attribute, op, value) values (‘user1’, ‘Login-Time’, ‘:=’,
‘Al0900-1800’);” | mysql –u root –p radius

Example 3:

Sam is only allowed to be logged on the system once. If you set this to 2 then Sam can logon to the
system twice simultaneously. This prevents people from sharing their user name and password with
their friends and each of them to login at the same time.

# echo “insert into radcheck (username, attribute, op, value) values (‘Sam’, ‘Simultaneous-Use’, ‘:=’,
1);” | mysql –u root –p radius

Example 4:

Sam’s access expires on August 1, 2013 at 8.00pm.

# echo “insert into radcheck (username, attribute, op, value) values (‘Sam’, ‘Expiration’, ‘:=’, ‘August 1
2013 20:00’);” | mysql –u root –p radius

Example 5:

Sam will be rejected no matter what.

# echo “insert into radcheck (username, attribute, op, value) values (‘Sam’, ‘Auth-Type’, ‘:=’,
‘Reject’);” | mysql –u root –p radius

Example 6:

Sam forgets to logout and therefore has an idle session and you want to automatically log Sam off if
the session is idle longer than 120 seconds:

# echo “insert into radreply (username, attribute, op, value) values (‘Sam’, ‘Idle-Timeout’, ‘=’, 120);” |
mysql –u root –p radius
 Note a couple things: the equal sign is an ‘=’ sign and not a ‘:=’, the time is listed in seconds and the
entry is into the table radreply and not radcheck.

Example 7:

You want to limit Sam’s sessions to 10 minutes each. In other words, after Sam has been logged in
he will be automatically logged out after 10 minutes. If Sam logs out and back in, he will get another
10 minutes.

# echo “insert into radreply (username, attribute, op, value) values (‘Sam’, ‘Session-Timeout’, ‘=’,
600);” | mysql –u root –p radius

See the note in example 6.

The final part which, is optional, is to get chilli to start at boot time. Edit the following file:

$ sudo /etc/init.d/chilli

At the top of the file edit the section to match this:

### BEGIN INIT INFO

# Provides: chilli
# Required-Start: $network
# Should-Start:
# Required-Stop: $network
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 016
# Description: CoovaChilli access controller
### END INIT INFO

To get chilli to start at boot time enter the following command:

$ sudo update-rc.d chilli defaults

By the way, if you don’t want chilli to start at boot time and you’ve entered the above command already
you can reverse it by entering the following:

$ sudo update-rc.d –f chilli remove

By now you should have a working hotspot powered by CoovaChilli on your Raspberry Pi. Please feel
free to edit this document to improve on it as you see fit. Enjoy!