Pages : 1
#1 Le 08/08/2012, à 00:30
- yabo84
probleme avec serveur captif coova-chilli
Bonsoir, j'ai depuis un mois un soucis avec coova-chilli.
En fait, la page d'authnetificaion ne s'affiche pas et de surcroit coova-chilli qui est sencé attribuer des addresse dhcp seulement aux clients wifi, le fait aussi pour le reseau filaire(j ne veux pas qu"il attribue des @ au reseau filaire)
j'ai utilisé ce lien: http://doc.ubuntu-fr.org/coovachilli
j'ai une distribution ubuntu 10.10
voci le fichier /etc/chilli.conf:
#
# Chilli Configuration
#
# To configure chilli, see /etc/chilli/default
# and then create your own /etc/chilli/config
# start / stop chilli with /chilli
#
# For help with coova-chilli,
# visit http://coova.org/wiki/index.php/CoovaChilli
#
# This file can either contain all your chilli configurations, or include
# other files, as shown per default below. The idea here is that main.conf
# contains your main configurations, hs.conf is for your configurations
# delivered by RADIUS (using the Administrative-User login), and local.conf
# is for any other settings you might configure by hand for this particular
# installation.
include /etc/chilli/main.conf
include /etc/chilli/hs.conf
include /etc/chilli/local.conf
ipup=/etc/chilli/up.sh
ipdown=/etc/chilli/down.sh
voic le fichier /etc/chilli/config:
# -*- mode: shell-script; -*-
#
# Coova-Chilli Default Configurations.
# To customize, copy this file to /etc/chilli/config
# and edit to your liking. This is included in shell scripts
# that configure chilli and related programs before file 'config'.
###
# Local Network Configurations
#
HS_WANIF=wlan0 # WAN Interface toward the Internet
HS_LANIF=eth0 # Subscriber Interface for client devices
HS_NETWORK=192.168.1.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=192.168.1.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
# HS_DYNIP=
# HS_DYNIP_MASK=255.255.255.0
# HS_STATIP=
# HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=
# OpenDNS Servers
HS_DNS1=208.67.222.222
HS_DNS2=208.67.220.220
###
# HotSpot settings for simple Captive Portal
#
HS_NASID=nas01
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_UAMALLOW=www.goole.com,192.168.1.0/24
HS_RADSECRET=******* # Set to be your RADIUS shared secret
HS_UAMSECRET=********* # Set to be your UAM secret
HS_UAMALIASNAME=chilli
# Configure RADIUS proxy support (for 802.1x + captive portal support)
# HS_RADPROXY=on
# HS_RADPROXY_LISTEN=127.0.0.1
# HS_RADPROXY_CLIENT=127.0.0.1
# HS_RADPROXY_PORT=1645
# HS_RADPROXY_SECRET=$HS_RADSECRET
# Example OpenWrt /etc/config/wireless entry for hostapd
# option encryption wpa2
# option server $HS_RADPROXY_LISTEN
# option port $HS_RADPROXY_PORT
# option key $HS_RADPROXY_SECRET
# To alternatively use a HTTP URL for AAA instead of RADIUS:
# HS_UAMAAAURL=http://mon_adresse/script.php
# Put entire domains in the walled-garden with DNS inspection
# HS_UAMDOMAINS=".paypal.com,.paypalobjects.com"
# Optional initial redirect and RADIUS settings
# HS_SSID=<ssid> # To send to the captive portal
# HS_NASMAC=<mac address> # To explicitly set Called-Station-Id
# HS_NASIP=<ip address> # To explicitly set NAS-IP-Address
# The server to be used in combination with HS_UAMFORMAT to
# create the final chilli 'uamserver' url configuration.
HS_UAMSERVER=192.168.1.1
# Use HS_UAMFORMAT to define the actual captive portal url.
# Shell variable replacement takes place when evaluated, so here
# HS_UAMSERVER is escaped and later replaced by the pre-defined
# HS_UAMSERVER to form the actual "--uamserver" option in chilli.
#HS_UAMFORMAT=http://\$HS_UAMLISTEN:\$HS_UAMUIPORT/www/login.chi
HS_UAMFORMAT=https://\$HS_UAMSERVER/uam/index.php
# Same principal goes for HS_UAMHOMEPAGE.
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
# This option will be configured to be the WISPr LoginURL as well
# as provide "uamService" to the ChilliController. The UAM Service is
# described in: http://www.coova.org/CoovaChilli/UAMService
#
#HS_UAMSERVICE=
#HS_UAMSERVICE=https://192.168.1.1/cgi-bin/hotspotlogin.cgi
HS_UAMSERVICE=https://192.168.1.1/hello.html
###
# Features not activated per-default (default to off)
#
# HS_RADCONF=off # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)
#
# HS_ANYIP=on # Allow any IP address on subscriber LAN
#
# HS_MACAUTH=on # To turn on MAC Authentication
#
# HS_MACAUTHDENY=on # Put client in 'drop' state on MAC Auth Access-Reject
#
# HS_MACAUTHMODE=local # To allow MAC Authentication based on macallowed, not RADIUS
#
# HS_MACALLOW="..." # List of MAC addresses to authenticate (comma seperated)
#
# HS_USELOCALUSERS=on # To use the /etc/chilli/localusers file
#
# HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID Auth
#
# HS_WPAGUESTS=on # To inform the RADIUS server to allow WPA Guests
#
# HS_DNSPARANOIA=on # To drop DNS packets containing something other
# # than A, CNAME, SOA, or MX records
#
# HS_OPENIDAUTH=on # To inform the RADIUS server to allow OpenID Auth
# # Will also configure the embedded login forms for OpenID
#
# HS_USE_MAP=on # Short hand for allowing the required google
# # sites to use Google maps (adds many google sites!)
#
###
# Other feature settings and their defaults
#
# HS_DEFSESSIONTIMEOUT=0 # Default session-timeout if not defined by RADIUS (0 for unlimited)
#
# HS_DEFIDLETIMEOUT=0 # Default idle-timeout if not defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXDOWN=0 # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXUP=0 # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)
###
# Centralized configuration options examples
#
# HS_RADCONF=url # requires curl
# HS_RADCONF_URL=https://coova.org/app/ap/config
# HS_RADCONF=on # gather the ChilliSpot-Config attributes in
# # Administrative-User login
# HS_RADCONF_SERVER=rad01.coova.org # RADIUS Server
# HS_RADCONF_SECRET=coova-anonymous # RADIUS Shared Secret
# HS_RADCONF_AUTHPORT=1812 # Auth port
# HS_RADCONF_USER=chillispot # Username
# HS_RADCONF_PWD=chillispot # Password
###
# Firewall issues
#
# Uncomment the following to add ports to the allowed local ports list
# The up.sh script will allow these local ports to be used, while the default
# is to block all unwanted traffic to the tun/tap.
#
# HS_TCP_PORTS="80 443"
###
# Standard configurations
#
HS_MODE=hotspot
HS_TYPE=chillispot
# HS_RADAUTH=1812
# HS_RADACCT=1813
# HS_ADMUSR=chillispot
# HS_ADMPWD=chillispot
###
# Post-Auth proxy settings
#
# HS_POSTAUTH_PROXY=<host or ip>
# HS_POSTAUTH_PROXYPORT=<port>
# Directory specifying where internal web pages can be served
# by chilli with url /www/<file name>. Only extentions like .html
# .jpg, .gif, .png, .js are allowed. See below for using .chi as a
# CGI extension.
HS_WWWDIR=/etc/chilli/www
# Using this option assumes 'haserl' is installed per-default
# but, and CGI type program can ran from wwwsh to process requests
# to chilli with url /www/filename.chi
HS_WWWBIN=/etc/chilli/wwwsh
# Some configurations used in certain user interfaces
#
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
###
# WISPr RADIUS Attribute support
#
HS_LOC_NAME="My HotSpot" # WISPr Location Name and used in portal
# WISPr settings (to form a proper WISPr-Location-Id)
# HS_LOC_NETWORK="My Network" # Network name
# HS_LOC_AC=408 # Phone area code
# HS_LOC_CC=1 # Phone country code
# HS_LOC_ISOCC=US # ISO Country code
Quelqu'un a un e idée à me donner? merci d'avance!
Dernière modification par yabo84 (Le 08/08/2012, à 00:33)
Hors ligne
#2 Le 21/10/2012, à 15:34
- jfitoussi
Re : probleme avec serveur captif coova-chilli
Salut,
En fait, la page d'authnetificaion ne s'affiche pas et de surcroit coova-chilli qui est sencé attribuer des addresse dhcp seulement aux clients wifi, le fait aussi pour le reseau filaire(j ne veux pas qu"il attribue des @ au reseau filaire)
En fait, Si ton réseau filaire est derrière le serveur captif, tous les clients obtiendrons une adresse IP du serveur CoovaChilli.
Pour régler ton problème, il suffit de brancher ton réseau filaire sur ta BOX ADSL (ou autre) et de laisser tes antennes WIFI après le serveur CoovaChilli.
Je n'ai pas suffisamment d'éléments pour t'aider. Mais s'il n'y a aucune redirection vers la page d'authentification, c'est qu'il y a un problème de routage.
Ton script de démarrage de CoovaChilli doit au minimum contenir cela :
#!/bin/sh
##############################################################################
#
# Script de dérrage de CHILLISPOT Version 1.0
#
##############################################################################
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/chilli.iptables.sh
ifconfig eth1 0.0.0.0
/etc/init.d/chilli restart
Ligne 1 : Pour autoriser IP Forward en IP V4.
Ligne 2 : Pour paramétrer iptables (FireWall et routage).
Ligne 3 : Pour RAZ de la carte eth1 (attention : Chez moi, eth0 c'est vers l'ADSL et eth1 vers les bornes WIFI)
Ligne 4 : Démarrage de Chilli
Voici mon script iptables. Mais attention, il est trop permissif :
!/bin/sh
##############################################################################
#
# Fichier de configuration IPTABLE pour CHILLISPOT Version 1.0
#
##############################################################################
# Uses $EXTIF (eth0) as the external interface (Internet or intranet) and
# $INTIF (eth1) as the internal interface (access points).
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT
# Autorise le port 80
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 8080 --syn -j ACCEPT
#$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 3779 --syn -j ACCEPT
#$IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.10 --dport 3779 -j DNAT --to 10.0.0.1:3779
#$IPTABLES -A FORWARD -p tcp -i eth1 -d 10.0.0.1 --dport 3779 -j ACCEPT
#$IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.10 --dport 3779 -j DNAT --to 10.0.0.1:3779
#$IPTABLES -A FORWARD -p tcp -i eth0 -d 192.168.0.10 --dport 3779 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -j REJECT
#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP
#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT
# essai d'ouverture du port 3779
#$IPTABLES -A INPUT -p tcp -m tcp --dport 3779 --syn -j ACCEPT
#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT
# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP
#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
J'espère que cela pourra d'aider.
Amicalement,
Jérôme
Jérôme
iMac pour la maison
Ubuntu Server 12.04.1 LTS pour travailler
Hors ligne
#3 Le 04/01/2013, à 14:31
- ramaC
Re : probleme avec serveur captif coova-chilli
Bonjour!
j'ai le meme probleme de redirection; et sais pas comment faire, jne trouve mème pas chilli.iptables
voici mon /etc/chilli/config:
# -*- mode: shell-script; -*-
#
# Coova-Chilli Default Configurations.
# To customize, copy this file to /etc/chilli/config
# and edit to your liking. This is included in shell scripts
# that configure chilli and related programs before file 'config'.
###
# Local Network Configurations
#
# HS_WANIF=eth0 # WAN Interface toward the Internet
HS_LANIF=eth1 # Subscriber Interface for client devices
HS_NETWORK=192.168.10.0 # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0 # HotSpot Network Netmask
HS_UAMLISTEN=192.168.10.1 # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990 # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990 # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)
# HS_DYNIP=
# HS_DYNIP_MASK=255.255.255.0
# HS_STATIP=
# HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=
# OpenDNS Servers
HS_DNS1=192.168.1.1
HS_DNS2=8.8.8.8
###
# HotSpot settings for simple Captive Portal
#
HS_NASID=nas01
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_UAMALLOW=www.coova.org,www.google.com,192.168.10.0/24,192.168.1.1,8.8.8.8
HS_RADSECRET=ncri # Set to be your RADIUS shared secret
HS_RADSECRET=ncri # Set to be your RADIUS shared secret
HS_UAMSECRET=ncri # Set to be your UAM secret
HS_UAMALIASNAME=chilli
# Configure RADIUS proxy support (for 802.1x + captive portal support)
# HS_RADPROXY=on
# HS_RADPROXY_LISTEN=127.0.0.1
# HS_RADPROXY_CLIENT=127.0.0.1
# HS_RADPROXY_PORT=1645
# HS_RADPROXY_SECRET=$HS_RADSECRET
# Example OpenWrt /etc/config/wireless entry for hostapd
# option encryption wpa2
# option server $HS_RADPROXY_LISTEN
# option port $HS_RADPROXY_PORT
# option key $HS_RADPROXY_SECRET
# To alternatively use a HTTP URL for AAA instead of RADIUS:
# HS_UAMAAAURL=http://my-site/script.php
# Put entire domains in the walled-garden with DNS inspection
# The server to be used in combination with HS_UAMFORMAT to
# create the final chilli 'uamserver' url configuration.
HS_UAMSERVER=$HS_NETWORK
# Use HS_UAMFORMAT to define the actual captive portal url.
# Shell variable replacement takes place when evaluated, so here
# HS_UAMSERVER is escaped and later replaced by the pre-defined
# HS_UAMSERVER to form the actual "--uamserver" option in chilli.
HS_UAMFORMAT=https://\$HS_UAMSERVER/uam/index.html
# Same principal goes for HS_UAMHOMEPAGE.
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html
# This option will be configured to be the WISPr LoginURL as well
# as provide "uamService" to the ChilliController. The UAM Service is
# described in: http://www.coova.org/CoovaChilli/UAMService
#
HS_UAMSERVICE=https://192.168.10.1/cgi-bin/hotspotlogin.cgi
###
# Firewall issues
#
# Uncomment the following to add ports to the allowed local ports list
# The up.sh script will allow these local ports to be used, while the default
# is to block all unwanted traffic to the tun/tap.
#
#HS_TCP_PORTS="80 443"
###
# Standard configurations
#
HS_MODE=hotspot
HS_TYPE=chillispot
# HS_RADAUTH=1812
# HS_RADACCT=1813
HS_ADMUSR=chillispot
HS_ADMPWD=chillispot
###
# Post-Auth proxy settings
#
# HS_POSTAUTH_PROXY=<host or ip>
# HS_POSTAUTH_PROXYPORT=<port>
# Directory specifying where internal web pages can be served
# by chilli with url /www/<file name>. Only extentions like .html
# .jpg, .gif, .png, .js are allowed. See below for using .chi as a
# CGI extension.
HS_WWWDIR=/etc/chilli/www
# Using this option assumes 'haserl' is installed per-default
# but, and CGI type program can ran from wwwsh to process requests
# to chilli with url /www/filename.chi
HS_WWWBIN=/etc/chilli/wwwsh
# Some configurations used in certain user interfaces
#
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/
###
# WISPr RADIUS Attribute support
#
HS_LOC_NAME="My HotSpot" # WISPr Location Name and used in portal
# WISPr settings (to form a proper WISPr-Location-Id)
# HS_LOC_NETWORK="My Network" # Network name
# HS_LOC_AC=408 # Phone area code
# HS_LOC_CC=1 # Phone country code
# HS_LOC_ISOCC=BF # ISO Country code
et /etc/init.d/chilli:
#! /bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/chilli
NAME=chilli
DESC=chilli
START_CHILLI=0
if [ -f /etc/default/chilli ] ; then
. /etc/default/chilli
fi
if [ "$START_CHILLI" != "1" ] ; then
echo "Chilli default off. Look at /etc/default/chilli"
exit 0
fi
test -f $DAEMON || exit 0
. /etc/chilli/functions
MULTI=$(ls /etc/chilli/*/chilli.conf 2>/dev/null)
[ -z "$DHCPIF" ] && [ -n "$MULTI" ] && {
for c in $MULTI;
do
echo "Found configuration $c"
DHCPIF=$(basename $(echo $c|sed 's#/chilli.conf##'))
export DHCPIF
export DHCPIF
echo "Running DHCPIF=$DHCPIF $0 $*"
sh $0 $*
done
exit
}
if [ -n "$DHCPIF" ]; then
CONFIG=/etc/chilli/$DHCPIF/chilli.conf
else
CONFIG=/etc/chilli.conf
fi
[ -f $CONFIG ] || {
echo "$CONFIG Not found"
exit 0
}
check_required
RETVAL=0
prog="chilli"
case "$1" in
start)
echo -n "Starting $DESC: "
/sbin/modprobe tun >/dev/null 2>&1
echo 1 > /proc/sys/net/ipv4/ip_forward
writeconfig
radiusconfig
test ${HS_ADMINTERVAL:-0} -gt 0 && {
(crontab -l 2>&- | grep -v $0
echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
) | crontab - 2>&-
}
ifconfig $HS_LANIF 0.0.0.0
start-stop-daemon --start --quiet --pidfile /var/run/$NAME.$HS_LANIF.pid \
--exec $DAEMON -- -c $CONFIG
RETVAL=$?
echo "$NAME."
;;
checkrunning)
check=`start-stop-daemon --start --exec $DAEMON --test`
if [ x"$check" != x"$DAEMON already running." ] ; then
$0 start
fi
;;
radconfig)
[ -e $MAIN_CONF ] || writeconfig
radiusconfig
;;
restart)
$0 stop
sleep 1
$0 start
RETVAL=$?
;;
stop)
echo -n "Stopping $DESC: "
crontab -l 2>&- | grep -v $0 | crontab -
start-stop-daemon --oknodo --stop --quiet --pidfile /var/run/$NAME.$HS_LANIF.p$
--exec $DAEMON
echo "$NAME."
;;
reload)
echo "Reloading $DESC."
start-stop-daemon --stop --signal 1 --quiet --pidfile \
/var/run/$NAME.$HS_LANIF.pid --exec $DAEMON
;;
condrestart)
check=`start-stop-daemon --start --exec $DAEMON --test`
if [ x"$check" != x"$DAEMON already running." ] ; then
$0 restart
RETVAL=$?
fi
;;
status)
status chilli
RETVAL=$?
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|condrestart|status|reload|radconfig}" >&2
exit 1
;;
esac
exit 0
svp si vous pouvez m'aider, c'est vraiment urgent,
merci d'avance
Dernière modification par ramaC (Le 04/01/2013, à 15:08)
Hors ligne
#4 Le 08/01/2013, à 10:33
- ramaC
Re : probleme avec serveur captif coova-chilli
personne pour m'aider????
Hors ligne
Pages : 1