Freebsd + Freeradius (TTLS) + Daloradius + Access Point = Hotspot (Part3)

Windows 7  ( Client ) Configuration

• because i am using windows 7, then i will show you my windows 7 configuration
• Open Network and Sharing Center, then click on Manage Wireless Networks

• create the wireless profile. below example is base on my network environment, you need to adjust it with yours.

• after you click on Add, the choose manually create a network profile.
• you will reach the below windows page

• Click Next

• Click on Change connection settings

• Click Security Tab and then Click on settings

• Uncheck validate server certificate. since we use TTLS as our authentication method, then certificates should not and will not be use. 
• Click Ok
• and now you should be able to connect to your Hotspot/Wifi Access Point with Freeradius as authentication server.

Part 1 - Part 2

Freebsd + Freeradius (TTLS) + Daloradius + Access Point = Hotspot (Part2)

Let's continue the configuration.

now for daloradius installation

• #cd /home/username/ ( just to make sure that you are on your home directory)
• #wget http://sourceforge.net/projects/daloradius/files/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz/download. 
• the result is file with download as it's name. change it to daloradius.tar.gz with the command 
• #mv download daloradius.tar.gz
• extract the package, #tar -zxvf daloradius.tar.gz
• move the daloradius folder to /usr/local/www, #mv daloradius0.9-9 /usr/local/www/
• #chown -R www : www /usr/local/www/daloradius0.9-9
• #cd /usr/local/www/daloradius0.9-9/contrib/db
• insert the sql configuration,  #mysql -u root -p radiux < fr2-mysql-daloradius-and-freeradius.sql
• the above command is only apply to Freeradius version 2. 
• #cd /usr/local/www/daloradius0.9-9/library
• edit daloradius.conf and change the following lines
• #vi daloradius.conf.php

      ------------------------------------------------------------------------------------------------------

• $configValues['FREERADIUS_VERSION'] = '2';
• $configValues['CONFIG_DB_ENGINE'] = 'mysql';
• $configValues['CONFIG_DB_HOST'] = 'localhost';
• $configValues['CONFIG_DB_PORT'] = '3306';
• $configValues['CONFIG_DB_USER'] = 'radadmin';
• $configValues['CONFIG_DB_PASS'] = '123qweasdzxc';
• $configValues['CONFIG_DB_NAME'] = 'radius';

      ------------------------------------------------------------------------------------------------------

• config apache so it can show the daloradius on the browser
• # vi /usr/local/etc/apache/httpd.conf
• add the following lines

     ------------------------------------------------------------------------------------------------------

• Alias /daloradius "/usr/local/www/daloradius0.9-9/"
• <Directory "/usr/local/www/daloradius0.9-9">
•         Options Indexes FollowSymlinks MultiViews
•         AllowOverride None
•         Order allow,deny       
•         Allow from all
• </Directory>

     -------------------------------------------------------------------------------------------------------

• #apachectl restart
• Open your browser and point to http://your.server.ip/daloradius
• enter username : administrator and password : radius ( it's the default setting )
• after you login to daloradius web, create user for testing with the following criteria

• click apply.
• Note : I choose user-password as password type, because this type of password can be accept by radius when i insert the username and password value on the Authentication pop up windows later on.
• choose Edit User menu, we want to test the user account against the radius database
• Enter the username to test,  then click on the test connectivity button. the result as folllow

• you should be able to see Access-Accept if all configuration work properly.
• Next, we should configure the NAS on /usr/local/etc/raddb/clients.conf or in daloradius within Management menu -- Nas.
• vi /usr/local/etc/raddb/clients.conf

         -----------------------------------------------------------------------------------------------------

• client 192.168.0.0/16 {
•         secret          = testing123
•         shortname    = hotspot
•         nastype        = other
• }

          -----------------------------------------------------------------------------------------------------

• the above network netmask is assuming you have many Access Point that will be talking with the Freeradius for authentication. for further Clients.conf configuration you can see on the freeradius website

Configure the Wifi AP 

• Log on to your Access Point Web GUI
• change the wireless security setting to
• WPA Enterprise
• Radius Server IP                : 192.168.100.2
• Radius Authentication Port : 1812 

Part 1 - Part 3

Freebsd + Freeradius (TTLS) + Daloradius + Access Point = Hotspot (Part1)

Hotspot Topology - My version

I am trying to setup this topology, so far i am able to configure the Laptop, AP and also the Freeradius. User can access the network after typing username and password and get authenticated by Freeradius.

My configuration :

1. Freebsd 8.0

2. Freeradius 2.1.10_2

3. Apache 1.3.42

4. Mysql5-Server

5.Php5

6.Php5-mysql

7.Php5-gd

8.Pear-db

9.Daloradius 0.9.9

step by step :

1. Install Freebsd + Apache + Mysql5-Server+Php5+Php5-mysql

2. Install Php5-gd

    #cd /usr/ports/graphics/php5-gd

    #make install clean

3.Install Pear-db

   #cd /usr/ports/databases/pear-DB

   #make install clean

4.Install Freeradius

   #cd /usr/ports/net/freeradius2

   #make install clean 

5.This installation will create directory /usr/local/etc/raddb. All freeradius config files can be found in here.

• #cd /usr/local/etc/raddb
• vi radiusd.conf

         ------------------------------------------------------------------------------------------------------

• prefix = /usr/local
• exec_prefix = ${prefix}
• sysconfdir = ${prefix}/etc
• localstatedir = /var
• sbindir = ${exec_prefix}/sbin
• logdir = /var/log
• raddbdir = ${sysconfdir}/raddb
• radacctdir = ${logdir}/radacct
• 
  
• name = radiusd
• 
  
• confdir = ${raddbdir}
• run_dir = ${localstatedir}/run/${name}
• 
  
• db_dir = ${raddbdir}
• 
  
• libdir = /usr/local/lib/freeradius-2.1.10
• 
  
• pidfile = ${run_dir}/${name}.pid
• 
  
• user = freeradius
• group = freeradius
• 
  
• max_request_time = 30
• 
  
• cleanup_delay = 5
• 
  
• max_requests = 1024
• 
  
• listen {
• type = auth
• ipaddr = *
• port = 0
• }
• 
  
• listen {
• ipaddr = *
• port = 0
• type = acct
• }
• 
  
• hostname_lookups = no
• 
  
• allow_core_dumps = no
• 
  
• regular_expressions = yes
• extended_expressions = yes
• 
  
• log {
• destination = files
• file = ${logdir}/radius.log
• syslog_facility = daemon
• stripped_names = no
• auth = no
• auth_badpass = yes
• auth_goodpass = no
• }
• 
  
• checkrad = ${sbindir}/checkrad
• 
  
• security {
• max_attributes = 200
• reject_delay = 1
• status_server = yes
• }
• 
  
• proxy_requests  = yes
• $INCLUDE proxy.conf
• 
  
• $INCLUDE clients.conf
• 
  
• thread pool {
• start_servers = 5
• max_servers = 32
• min_spare_servers = 3
• max_spare_servers = 10
• max_requests_per_server = 0
• }
• 
  
• modules {
• $INCLUDE ${confdir}/modules/
• $INCLUDE eap.conf
• $INCLUDE sql.conf
• }
• 
  
• instantiate {
• exec
• expr
• expiration
• logintime
• }
• 
  
• $INCLUDE policy.conf
• $INCLUDE sites-enabled/

       -------------------------------------------------------------------------------------------------

• vi site-enabled/default

     --------------------------------------------------------------------------------------------------

• authorize {
• preprocess
• chap
• mschap
• digest
• suffix
• # ntdomain
• eap {
• ok = return
• }
• files
• sql
• expiration
• logintime
• pap
• }
• 
  
• authenticate {
• Auth-Type PAP {
• pap
• }
• Auth-Type CHAP {
• chap
• }
• Auth-Type MS-CHAP {
• mschap
• }
• digest
• pam
• unix
• eap
• }
• 
  
• preacct {
• preprocess
• acct_unique
• suffix
• files
• }
• 
  
• accounting {
• detail
• sql
• sql_log
• exec
• attr_filter.accounting_response
• }
• 
  
• session {
• radutmp
• sql
• }
• 
  
• post-auth {
• sql
• sql_log
• exec
• wimax
• 
  
• Post-Auth-Type REJECT {
• attr_filter.access_reject
• }
• }
• 
  
• pre-proxy {
• }
• 
  
• post-proxy {
• eap
• }

       -----------------------------------------------------------------------------------------------------

• Vi /usr/local/etc/raddb/eap.conf

      ------------------------------------------------------------------------------------------------------

• eap {
• default_eap_type = ttls
• timer_expire     = 60
• ignore_unknown_eap_types = no
• cisco_accounting_username_bug = no
• max_sessions = 4096
• md5 {
• }
• leap {
• }
• gtc {
• auth_type = PAP
• }
• 
  
• tls {
• certdir = ${confdir}/certs
• cadir = ${confdir}/certs
• private_key_password = 1234567890
• private_key_file = ${certdir}/server.pem
• certificate_file = ${certdir}/server.pem
• CA_file = ${cadir}/ca.pem
• dh_file = ${certdir}/dh
• random_file = ${certdir}/random
• CA_path = ${cadir}
• cipher_list = "DEFAULT"
• 
  
• cache {
•      enable = no    
•      lifetime = 24 # hours
•      max_entries = 255
• }
• 
  
• verify {
• }
• }
• 
  
• ttls {
• default_eap_type = mschapv2
• copy_request_to_tunnel = no
• use_tunneled_reply = yes
• virtual_server = "inner-tunnel"
• }
• 
  
• peap {
• default_eap_type = mschapv2
• copy_request_to_tunnel = no
• use_tunneled_reply = no
• virtual_server = "inner-tunnel"
• }
• 
  
• mschapv2 {
• }
• }

       --------------------------------------------------------------------------------------------------

• vi /usr/local/etc/raddb/sql.conf

     ---------------------------------------------------------------------------------------------------

• sql {
• database = "mysql"
• driver = "rlm_sql_${database}"
• server = "localhost"
• login = "radadmin"
• password = "123qweasdzxc"
• radius_db = "radius"
• acct_table1 = "radacct"
• acct_table2 = "radacct"
• postauth_table = "radpostauth"
• authcheck_table = "radcheck"
• authreply_table = "radreply"
• groupcheck_table = "radgroupcheck"
• groupreply_table = "radgroupreply"
• usergroup_table = "radusergroup"
• deletestalesessions = yes
• sqltrace = yes
• sqltracefile = ${logdir}/sqltrace.sql
• num_sql_socks = 5
• connect_failure_retry_delay = 60
• lifetime = 0
• max_queries = 0
• readclients = yes
• nas_table = "nas"
• $INCLUDE sql/${database}/dialup.conf
• }

          ------------------------------------------------------------------------------------------------

• vi /usr/local/etc/raddb/site-enabled/inner-tunnel

      ---------------------------------------------------------------------------------------------------

• server inner-tunnel {
• listen {
•        ipaddr = 127.0.0.1
•        port = 18120
•        type = auth
• }
• 
  
• authorize {
• chap
• mschap
• suffix
• update control {
•       Proxy-To-Realm := LOCAL
• }
• 
  
• eap {
• ok = return
• }
• 
  
• files
• 
  
• sql
• 
  
• expiration
• logintime
• 
  
• pap
• }
• 
  
• authenticate {
• Auth-Type PAP {
• pap
• }
• 
  
• Auth-Type CHAP {
• chap
• }
• 
  
• Auth-Type MS-CHAP {
• mschap
• }
• 
  
• unix
• eap
• }
• 
  
• session {
• sql
• }
• 
  
• 
  
• post-auth {
• reply_log
• sql
• 
  
• Post-Auth-Type REJECT {
• attr_filter.access_reject
• }
• 
  
• }
• 
  
• pre-proxy {
• 
  
• }
• 
  
• post-proxy {
• eap
• }
• 
  
• } 

        -------------------------------------------------------------------------------------------------

• Note : On Freebsd system, my daloradius is unable to read the dictionary store in /usr/local/etc/raddb. after googling around i found the solution by changing the permission mode on /usr/local/etc/raddb.
• chmod 755 /usr/local/etc/raddb, which result as follow

• chown root : freeradius /usr/local/etc/raddb/dictionary 
• chmod 644 /usr/local/etc/raddb/dictionary

• Login to your mysql server, create radius database
• #mysql -u root -p
• mysql > create database radius;
• mysql > grant all on radius.* to radadmin@localhost identified by "123qweasdzxc";
• mysql > flush privileges;
• mysql > quit
• test your Freeradius with the following command
• # radiusd -X 
• if your configuration is OK, you will get

• If you are not seeing the above status, then recheck again your configuration

Part 2 - Part 3

Joomla - Magento

Joomla - Magento Integration

Ldap Help

Ldap Reference

JailKit in Ubuntu

Recently just try to install jail_kit on ubuntu.

i download the package from here,
then extract the package on user home directory.

So far, everyhting works fine but then when i do ./configure, i got error saying that no CC found. Turn out that GCC is not installed, i have the GCC-base installation but not the GCC. So i install the GCC package and the installation went smoothly.

Here is my step :
1. extract the jail_kit package
2. change directory to the jail_kit package
3. ./configure
4. make && make install
5. choose where to create the jail directory, in my case i choose / directory.
6. mkdir jail (or whatever name you choose)
7. chown root:root jail
8. sudo jk_init -v /jail basicshell
sudo jk_init -v /jail editors
sudo jk_init -v /jail jk_lsh
sudo jk_init -v /jail netutils
sudo jk_init -v /jail ssh
sudo jk_init -v /jail sftp
9. adduser testjail
10. passwd testjail qwe32190iuy (choose whatever password you like)
11. sudo jk_jailuser -m -j /jail testjail
12. check your /etc/password and make sure you have the line below
testjail:x:1002:1001:,,,:/jail/./home/testjail:/usr/sbin/jk_chrootsh
13.Enable bash for jailed user
jk_cp -v -f /jail /bin/bash
14.check /jail/etc/passwd and make sure you have the following line
testjail:x:1002:1001::/home/testjail:/bin/bash
15. Also don't forget to make sure that the group exist in /jail/etc/group
testjail:x:1001:

Now test to login and check for error in /var/log/auth.log.


Here are my references:
www.marthijnvandenheuvel.com
ubuntuforums.org

Remove duplicate value on existing mysql databse table

Trying to learn some mysql stuff, again i think i need to note my activity here before i forgot the command syntax.

my case begin with i need to remove huge amount of duplicate data in mysql database table, luckily the solution is easy to find on doctor google.

i use

mysql>alter ignore table table_name add unique key (column_name);

and all my duplicate entry were remove right away....

Apache 2 SSL and Redirection

Now, i need to create ssl for my domain netmon.foo.com. therefore i do the following :
1. Make sure Apache2 mod ssl is install and enable
    To activate SSL module on Apache 2, issue this command : a2enmod ssl
    The above command only apply when you already install Apache2 mod ssl but not enable it yet
2. Make sure Openssl is install on my Linux box
3. after making sure all the above item are completed, then type  in :
    openssl req -new -x509 -days 365 -keyout path_to_my_apache_key_directory/virtualhost1.key -out path_to_my_apache_crt_directory/virtualhost1.crt  <Hit Enter>


    The system will then ask for Country Code, City, Organizational Unit, Company Name, Common Name. 
    Fill   in all the above field but make sure the Common Name reflect your website domain name, otherwise you might end up with name certificate does not match with website domain name error.
check out these links :
a. apache-2-ssltls-step-step-part-1 
b. apache-ssl-deflate 
Next step, i need to configure your virtualhost1.conf and create new configuration for the website that will be access via https. 
The configuration may look like this :

NameVirtualHost *:443
<VirtualHost *:443>
    ServerName netmon.foo.bar
    DocumentRoot path_to_my_server_web_server_directory

    SSLEngine On                                                                                                                                                      
    SSLCertificateFile path_to_my_apache_crt_directory/virtualhost1.crt                                                                                                                         
    SSLCertificateKeyFile path_to_my_apache_key_directory/virtualhost1.key                                                                                                                      
    <Location />                                                                                                                                                        
    SSLRequireSSL On                                                                                                                                                    
    SSLVerifyClient optional                                                                                                                                            
    SSLVerifyDepth 1                                                                                                                                                    
    SSLOptions +StdEnvVars +StrictRequire                                                                                                                               
    </Location>
        <Directory path_to_my_server_web_server_directory>
        Options +FollowSymLinks
        AllowOverride None
        order allow,deny
        allow from all
        AddType application/x-httpd-php .php

        DirectoryIndex index.php

     </Directory>
</VirtualHost>
Restart the apache service and try the connection https://netmon.foor.bar 


As additional i also want to redirect regular http request http://netmon.foo.bar to https://netmon.foo.bar. I create new virtualhost configuration name netmon-http.


The content of netmon-http :

NameVirtualHost *:80
<VirtualHost *:80>
Servername netmon.foo.bar
Redirect / https://netmon.foo.bar
</VirtualHost> 


Restart the Apache service again and then try to open http://netmon.foo.bar, then it will be redirect to https://netmon.foo.bar


Thanks to Triprasetyono for the help

SATA Ext Drive driver for Windows 7

I want to use my data from my old laptop, It's 300 GB SATA drive. I have install Win 7 on my new laptop but some how the SATA External drive could not be recognize by Win 7.

Prof Google save my day, i found detecting-esata-drive-in-windows-7

Immediately i download the utility, install it on my Win 7..... and my External Sata HD can be recognize..  wuhuuuuu... i got my data back....

Change Nagios Sender Address

I need to change the Nagios Sender Address on my server, by default Nagios will set it to "Nagios@Servername" as it sender address. So whenever you receive mail notification from nagios, you will see "Nagios@Servername" on the sender field.

After browsing around, i found : how-do-i-change-email-address-opsview-emails

Since i use postfix on my machine, then i do as instructed :
1. On postfix main.cf file, i added smtp_generic_maps = /etc/postfix/generic (path where your postfix installation)
2. Create file with generic as it name
3. On that file, add a line nagios@servername  alert@mycompanydomain. Save and Exit
4. On linux console, type postmap generic then hit enter.
5. Restart postfix service

and i got what i needed.

Note :
a. You can change generic into whatever filename you like, but make sure on main.cf you also write the same filename.
b. In the link above, you can find other solution for exim4 and sendmail too

Thanks to awijntje