Contenu | Rechercher | Menus

Annonce

Si vous rencontrez des soucis à rester connecté sur le forum (ou si vous avez perdu votre mot de passe) déconnectez-vous et reconnectez-vous depuis cette page, en cochant la case "Me connecter automatiquement lors de mes prochaines visites". Attention, le forum rencontre actuellement quelques difficultés. En cas d'erreur 502, il ne faut pas re-valider l'envoi d'un message ou l'ouverture d'une discussion, au risque de créer un doublon.

La section divers se réorganise ! De nouvelles sous-sections à venir. (plus d'infos + donner son avis)

#1 Le 08/08/2012, à 00:30

yabo84

probleme avec serveur captif coova-chilli

Bonsoir, j'ai depuis un mois un soucis avec coova-chilli.
En fait, la page d'authnetificaion ne s'affiche pas et de surcroit coova-chilli qui est sencé attribuer des addresse dhcp seulement aux clients wifi, le fait aussi pour le reseau filaire(j ne veux pas qu"il attribue des @ au reseau filaire)
j'ai utilisé ce lien: http://doc.ubuntu-fr.org/coovachilli
j'ai une distribution ubuntu 10.10
voci le fichier /etc/chilli.conf:

#
#  Chilli Configuration
#
#  To configure chilli, see /etc/chilli/default
#  and then create your own /etc/chilli/config
#  start / stop chilli with /chilli
#
#  For help with coova-chilli, 
#       visit http://coova.org/wiki/index.php/CoovaChilli
#
#  This file can either contain all your chilli configurations, or include
#  other files, as shown per default below. The idea here is that main.conf
#  contains your main configurations, hs.conf is for your configurations
#  delivered by RADIUS (using the Administrative-User login), and local.conf 
#  is for any other settings you might configure by hand for this particular
#  installation. 

include /etc/chilli/main.conf
include /etc/chilli/hs.conf
include /etc/chilli/local.conf

ipup=/etc/chilli/up.sh
ipdown=/etc/chilli/down.sh

voic le fichier /etc/chilli/config:

# -*- mode: shell-script; -*-
#
#   Coova-Chilli Default Configurations. 
#   To customize, copy this file to /etc/chilli/config
#   and edit to your liking. This is included in shell scripts
#   that configure chilli and related programs before file 'config'. 


###
#   Local Network Configurations
# 

HS_WANIF=wlan0            # WAN Interface toward the Internet
HS_LANIF=eth0		   # Subscriber Interface for client devices
HS_NETWORK=192.168.1.0	   # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0   # HotSpot Network Netmask
HS_UAMLISTEN=192.168.1.1	   # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)

# HS_DYNIP=
# HS_DYNIP_MASK=255.255.255.0
# HS_STATIP=
# HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=

# OpenDNS Servers
HS_DNS1=208.67.222.222
HS_DNS2=208.67.220.220

###
#   HotSpot settings for simple Captive Portal
#
HS_NASID=nas01
HS_RADIUS=localhost
HS_RADIUS2=localhost
HS_UAMALLOW=www.goole.com,192.168.1.0/24
HS_RADSECRET=*******    # Set to be your RADIUS shared secret
HS_UAMSECRET=*********    # Set to be your UAM secret
HS_UAMALIASNAME=chilli

#  Configure RADIUS proxy support (for 802.1x + captive portal support)
# HS_RADPROXY=on
# HS_RADPROXY_LISTEN=127.0.0.1
# HS_RADPROXY_CLIENT=127.0.0.1
# HS_RADPROXY_PORT=1645
# HS_RADPROXY_SECRET=$HS_RADSECRET
#  Example OpenWrt /etc/config/wireless entry for hostapd
#    option encryption wpa2
#    option server $HS_RADPROXY_LISTEN
#    option port $HS_RADPROXY_PORT
#    option key $HS_RADPROXY_SECRET


#   To alternatively use a HTTP URL for AAA instead of RADIUS:
# HS_UAMAAAURL=http://mon_adresse/script.php

#   Put entire domains in the walled-garden with DNS inspection
# HS_UAMDOMAINS=".paypal.com,.paypalobjects.com"

#   Optional initial redirect and RADIUS settings
# HS_SSID=<ssid>	   # To send to the captive portal
# HS_NASMAC=<mac address>  # To explicitly set Called-Station-Id
# HS_NASIP=<ip address>    # To explicitly set NAS-IP-Address

#   The server to be used in combination with HS_UAMFORMAT to 
#   create the final chilli 'uamserver' url configuration.
HS_UAMSERVER=192.168.1.1

#   Use HS_UAMFORMAT to define the actual captive portal url.
#   Shell variable replacement takes place when evaluated, so here
#   HS_UAMSERVER is escaped and later replaced by the pre-defined 
#   HS_UAMSERVER to form the actual "--uamserver" option in chilli.
#HS_UAMFORMAT=http://\$HS_UAMLISTEN:\$HS_UAMUIPORT/www/login.chi
HS_UAMFORMAT=https://\$HS_UAMSERVER/uam/index.php 

#   Same principal goes for HS_UAMHOMEPAGE.
HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html

#   This option will be configured to be the WISPr LoginURL as well
#   as provide "uamService" to the ChilliController. The UAM Service is
#   described in: http://www.coova.org/CoovaChilli/UAMService
#
#HS_UAMSERVICE=
#HS_UAMSERVICE=https://192.168.1.1/cgi-bin/hotspotlogin.cgi 
HS_UAMSERVICE=https://192.168.1.1/hello.html

###
#   Features not activated per-default (default to off)
#
# HS_RADCONF=off	   # Get some configurations from RADIUS or a URL ('on' and 'url' respectively)
#
# HS_ANYIP=on		   # Allow any IP address on subscriber LAN
#
# HS_MACAUTH=on		   # To turn on MAC Authentication
#
# HS_MACAUTHDENY=on	   # Put client in 'drop' state on MAC Auth Access-Reject
#
# HS_MACAUTHMODE=local	   # To allow MAC Authentication based on macallowed, not RADIUS
#
# HS_MACALLOW="..."      # List of MAC addresses to authenticate (comma seperated)
#
# HS_USELOCALUSERS=on      # To use the /etc/chilli/localusers file
#
# HS_OPENIDAUTH=on	   # To inform the RADIUS server to allow OpenID Auth
#
# HS_WPAGUESTS=on	   # To inform the RADIUS server to allow WPA Guests
#
# HS_DNSPARANOIA=on	   # To drop DNS packets containing something other
#			   # than A, CNAME, SOA, or MX records
#
# HS_OPENIDAUTH=on	   # To inform the RADIUS server to allow OpenID Auth
#			   # Will also configure the embedded login forms for OpenID
#
# HS_USE_MAP=on		   # Short hand for allowing the required google
#			   # sites to use Google maps (adds many google sites!)
#
###
#   Other feature settings and their defaults
#
# HS_DEFSESSIONTIMEOUT=0   # Default session-timeout if not defined by RADIUS (0 for unlimited)
#
# HS_DEFIDLETIMEOUT=0	   # Default idle-timeout if not defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXDOWN=0   # Default WISPr-Bandwidth-Max-Down if not defined by RADIUS (0 for unlimited)
#
# HS_DEFBANDWIDTHMAXUP=0	   # Default WISPr-Bandwidth-Max-Up if not defined by RADIUS (0 for unlimited)

###
# Centralized configuration options examples
# 
# HS_RADCONF=url	   # requires curl
# HS_RADCONF_URL=https://coova.org/app/ap/config

# HS_RADCONF=on		   # gather the ChilliSpot-Config attributes in
#			   # Administrative-User login
# HS_RADCONF_SERVER=rad01.coova.org		 # RADIUS Server
# HS_RADCONF_SECRET=coova-anonymous		 # RADIUS Shared Secret 
# HS_RADCONF_AUTHPORT=1812			 # Auth port
# HS_RADCONF_USER=chillispot			 # Username
# HS_RADCONF_PWD=chillispot			 # Password


###
#   Firewall issues
#
# Uncomment the following to add ports to the allowed local ports list
# The up.sh script will allow these local ports to be used, while the default
# is to block all unwanted traffic to the tun/tap. 
#
# HS_TCP_PORTS="80 443"

###
#   Standard configurations
#
HS_MODE=hotspot
HS_TYPE=chillispot
# HS_RADAUTH=1812
# HS_RADACCT=1813
# HS_ADMUSR=chillispot
# HS_ADMPWD=chillispot


###
#   Post-Auth proxy settings
#
# HS_POSTAUTH_PROXY=<host or ip>
# HS_POSTAUTH_PROXYPORT=<port>

#   Directory specifying where internal web pages can be served
#   by chilli with url /www/<file name>. Only extentions like .html
#   .jpg, .gif, .png, .js are allowed. See below for using .chi as a
#   CGI extension.
HS_WWWDIR=/etc/chilli/www

#   Using this option assumes 'haserl' is installed per-default
#   but, and CGI type program can ran from wwwsh to process requests
#   to chilli with url /www/filename.chi
HS_WWWBIN=/etc/chilli/wwwsh

#   Some configurations used in certain user interfaces
#
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/


###
#   WISPr RADIUS Attribute support
#

HS_LOC_NAME="My HotSpot"	   # WISPr Location Name and used in portal

#   WISPr settings (to form a proper WISPr-Location-Id)
# HS_LOC_NETWORK="My Network"	   # Network name
# HS_LOC_AC=408			   # Phone area code
# HS_LOC_CC=1			   # Phone country code
# HS_LOC_ISOCC=US		   # ISO Country code

Quelqu'un a un e idée à me donner? merci d'avance!

Dernière modification par yabo84 (Le 08/08/2012, à 00:33)

Hors ligne

#2 Le 21/10/2012, à 15:34

jfitoussi

Re : probleme avec serveur captif coova-chilli

Salut,

En fait, la page d'authnetificaion ne s'affiche pas et de surcroit coova-chilli qui est sencé attribuer des addresse dhcp seulement aux clients wifi, le fait aussi pour le reseau filaire(j ne veux pas qu"il attribue des @ au reseau filaire)

En fait, Si ton réseau filaire est derrière le serveur captif, tous les clients obtiendrons une adresse IP du serveur CoovaChilli.
Pour régler ton problème, il suffit de brancher ton réseau filaire sur ta BOX ADSL (ou autre) et de laisser tes antennes WIFI après le serveur CoovaChilli.

Je n'ai pas suffisamment d'éléments pour t'aider. Mais s'il n'y a aucune redirection vers la page d'authentification, c'est qu'il y a un problème de routage.
Ton script de démarrage de CoovaChilli doit au minimum contenir cela :

#!/bin/sh
##############################################################################
#
# Script de dérrage de CHILLISPOT Version 1.0
#
##############################################################################
echo 1 > /proc/sys/net/ipv4/ip_forward

/etc/chilli.iptables.sh

ifconfig eth1 0.0.0.0

/etc/init.d/chilli restart

Ligne 1 : Pour autoriser IP Forward en IP V4.
Ligne 2 : Pour paramétrer iptables (FireWall et routage).
Ligne 3 : Pour RAZ de la carte eth1 (attention : Chez moi, eth0 c'est vers l'ADSL et eth1 vers les bornes WIFI)
Ligne 4 : Démarrage de Chilli

Voici mon script iptables. Mais attention, il est trop permissif :

!/bin/sh
##############################################################################
#
# Fichier de configuration IPTABLE pour CHILLISPOT Version 1.0
#
##############################################################################

# Uses $EXTIF (eth0) as the external interface (Internet or intranet) and
# $INTIF (eth1) as the internal interface (access points).
IPTABLES="/sbin/iptables"
EXTIF="eth0"
INTIF="eth1"

$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT

#Allow related and established on all interfaces (input)
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#Allow releated, established and ssh on $EXTIF. Reject everything else.
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 22 --syn -j ACCEPT

# Autorise le port 80
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 8080 --syn -j ACCEPT

#$IPTABLES -A INPUT -i $EXTIF -p tcp -m tcp --dport 3779 --syn -j ACCEPT
#$IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.10 --dport 3779 -j DNAT --to 10.0.0.1:3779
#$IPTABLES -A FORWARD -p tcp -i eth1 -d 10.0.0.1 --dport 3779 -j ACCEPT

#$IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.10 --dport 3779 -j DNAT --to 10.0.0.1:3779
#$IPTABLES -A FORWARD -p tcp -i eth0 -d 192.168.0.10 --dport 3779 -j ACCEPT

$IPTABLES -A INPUT -i $EXTIF -j REJECT

#Allow related and established from $INTIF. Drop everything else.
$IPTABLES -A INPUT -i $INTIF -j DROP

#Allow http and https on other interfaces (input).
#This is only needed if authentication server is on same server as chilli
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT

#Allow 3990 on other interfaces (input).
$IPTABLES -A INPUT -p tcp -m tcp --dport 3990 --syn -j ACCEPT

# essai d'ouverture du port 3779
#$IPTABLES -A INPUT -p tcp -m tcp --dport 3779 --syn -j ACCEPT

#Allow everything on loopback interface.
$IPTABLES -A INPUT -i lo -j ACCEPT

# Drop everything to and from $INTIF (forward)
# This means that access points can only be managed from ChilliSpot
$IPTABLES -A FORWARD -i $INTIF -j DROP
$IPTABLES -A FORWARD -o $INTIF -j DROP

#Enable NAT on output device
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

J'espère que cela pourra d'aider.

Amicalement,

Jérôme


Jérôme
iMac pour la maison
Ubuntu Server 12.04.1 LTS pour travailler

Hors ligne

#3 Le 04/01/2013, à 14:31

ramaC

Re : probleme avec serveur captif coova-chilli

Bonjour!
j'ai le meme probleme de redirection; et sais pas comment faire, jne trouve mème pas chilli.iptables
voici mon /etc/chilli/config:

# -*- mode: shell-script; -*-
#
#   Coova-Chilli Default Configurations.
#   To customize, copy this file to /etc/chilli/config
#   and edit to your liking. This is included in shell scripts
#   that configure chilli and related programs before file 'config'.


###
#   Local Network Configurations
#

# HS_WANIF=eth0            # WAN Interface toward the Internet
HS_LANIF=eth1              # Subscriber Interface for client devices
HS_NETWORK=192.168.10.0    # HotSpot Network (must include HS_UAMLISTEN)
HS_NETMASK=255.255.255.0   # HotSpot Network Netmask
HS_UAMLISTEN=192.168.10.1          # HotSpot IP Address (on subscriber network)
HS_UAMPORT=3990            # HotSpot UAM Port (on subscriber network)
HS_UAMUIPORT=4990          # HotSpot UAM "UI" Port (on subscriber network, for embedded portal)

# HS_DYNIP=
# HS_DYNIP_MASK=255.255.255.0
# HS_STATIP=
# HS_STATIP_MASK=255.255.255.0
# HS_DNS_DOMAIN=

# OpenDNS Servers

HS_DNS1=192.168.1.1
HS_DNS2=8.8.8.8

###
#   HotSpot settings for simple Captive Portal
#
HS_NASID=nas01
HS_RADIUS=127.0.0.1
HS_RADIUS2=127.0.0.1
HS_UAMALLOW=www.coova.org,www.google.com,192.168.10.0/24,192.168.1.1,8.8.8.8
HS_RADSECRET=ncri    # Set to be your RADIUS shared secret
HS_RADSECRET=ncri    # Set to be your RADIUS shared secret
HS_UAMSECRET=ncri     # Set to be your UAM secret
HS_UAMALIASNAME=chilli

#  Configure RADIUS proxy support (for 802.1x + captive portal support)
# HS_RADPROXY=on
# HS_RADPROXY_LISTEN=127.0.0.1
# HS_RADPROXY_CLIENT=127.0.0.1
# HS_RADPROXY_PORT=1645
# HS_RADPROXY_SECRET=$HS_RADSECRET
#  Example OpenWrt /etc/config/wireless entry for hostapd
#    option encryption wpa2
#    option server $HS_RADPROXY_LISTEN
#    option port $HS_RADPROXY_PORT
#    option key $HS_RADPROXY_SECRET


#   To alternatively use a HTTP URL for AAA instead of RADIUS:
# HS_UAMAAAURL=http://my-site/script.php

#   Put entire domains in the walled-garden with DNS inspection

#   The server to be used in combination with HS_UAMFORMAT to
#   create the final chilli 'uamserver' url configuration.

HS_UAMSERVER=$HS_NETWORK

#   Use HS_UAMFORMAT to define the actual captive portal url.
#   Shell variable replacement takes place when evaluated, so here
#   HS_UAMSERVER is escaped and later replaced by the pre-defined
#   HS_UAMSERVER to form the actual "--uamserver" option in chilli.

HS_UAMFORMAT=https://\$HS_UAMSERVER/uam/index.html

#   Same principal goes for HS_UAMHOMEPAGE.

HS_UAMHOMEPAGE=http://\$HS_UAMLISTEN:\$HS_UAMPORT/www/coova.html

#   This option will be configured to be the WISPr LoginURL as well
#   as provide "uamService" to the ChilliController. The UAM Service is
#   described in: http://www.coova.org/CoovaChilli/UAMService
#

HS_UAMSERVICE=https://192.168.10.1/cgi-bin/hotspotlogin.cgi

###
#   Firewall issues
#
# Uncomment the following to add ports to the allowed local ports list
# The up.sh script will allow these local ports to be used, while the default
# is to block all unwanted traffic to the tun/tap.
#
#HS_TCP_PORTS="80 443"

###
#   Standard configurations
#
HS_MODE=hotspot
HS_TYPE=chillispot
# HS_RADAUTH=1812
# HS_RADACCT=1813


HS_ADMUSR=chillispot
HS_ADMPWD=chillispot


###
#   Post-Auth proxy settings
#
# HS_POSTAUTH_PROXY=<host or ip>
# HS_POSTAUTH_PROXYPORT=<port>

#   Directory specifying where internal web pages can be served
#   by chilli with url /www/<file name>. Only extentions like .html
#   .jpg, .gif, .png, .js are allowed. See below for using .chi as a
#   CGI extension.
HS_WWWDIR=/etc/chilli/www
#   Using this option assumes 'haserl' is installed per-default
#   but, and CGI type program can ran from wwwsh to process requests
#   to chilli with url /www/filename.chi
HS_WWWBIN=/etc/chilli/wwwsh

#   Some configurations used in certain user interfaces
#
HS_PROVIDER=Coova
HS_PROVIDER_LINK=http://www.coova.org/


###
#   WISPr RADIUS Attribute support
#

HS_LOC_NAME="My HotSpot"           # WISPr Location Name and used in portal

#   WISPr settings (to form a proper WISPr-Location-Id)
# HS_LOC_NETWORK="My Network"      # Network name
# HS_LOC_AC=408                    # Phone area code
# HS_LOC_CC=1                      # Phone country code
# HS_LOC_ISOCC=BF                  # ISO Country code

et /etc/init.d/chilli:

#! /bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/chilli
NAME=chilli
DESC=chilli

START_CHILLI=0

if [ -f /etc/default/chilli ] ; then
   . /etc/default/chilli
fi

if [ "$START_CHILLI" != "1" ] ; then
   echo "Chilli default off. Look at /etc/default/chilli"
   exit 0
fi

test -f $DAEMON || exit 0
. /etc/chilli/functions

MULTI=$(ls /etc/chilli/*/chilli.conf 2>/dev/null)
[ -z "$DHCPIF" ] && [ -n "$MULTI" ] && {
    for c in $MULTI; 
    do
        echo "Found configuration $c"
        DHCPIF=$(basename $(echo $c|sed 's#/chilli.conf##'))
        export DHCPIF

export DHCPIF
        echo "Running DHCPIF=$DHCPIF $0 $*"
        sh $0 $*
    done
    exit
}

if [ -n "$DHCPIF" ]; then
    CONFIG=/etc/chilli/$DHCPIF/chilli.conf
else
    CONFIG=/etc/chilli.conf
fi

[ -f $CONFIG ] || {
    echo "$CONFIG Not found"
    exit 0
}

check_required

RETVAL=0


prog="chilli"

case "$1" in
  start)
        echo -n "Starting $DESC: "
        /sbin/modprobe tun >/dev/null 2>&1
        echo 1 > /proc/sys/net/ipv4/ip_forward

        writeconfig
        radiusconfig
 test ${HS_ADMINTERVAL:-0} -gt 0 && {    
            (crontab -l 2>&- | grep -v $0
                echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
                ) | crontab - 2>&-
        }

        ifconfig $HS_LANIF 0.0.0.0

        start-stop-daemon --start --quiet --pidfile /var/run/$NAME.$HS_LANIF.pid \

           --exec $DAEMON -- -c $CONFIG
        RETVAL=$?
        echo "$NAME."
        ;;
    
    checkrunning)
        check=`start-stop-daemon --start --exec $DAEMON --test`
        if [ x"$check" != x"$DAEMON already running." ] ; then
            $0 start
        fi
;;
    
    radconfig)
        [ -e $MAIN_CONF ] || writeconfig
        radiusconfig
        ;;
    
    restart)
        $0 stop
        sleep 1
 $0 start
        RETVAL=$?
        ;;
    
    stop)
        echo -n "Stopping $DESC: "

        crontab -l 2>&- | grep -v $0 | crontab -


 start-stop-daemon --oknodo --stop --quiet --pidfile /var/run/$NAME.$HS_LANIF.p$
            --exec $DAEMON
        echo "$NAME."
        ;;
    
    reload)
        echo "Reloading $DESC."
        start-stop-daemon --stop --signal 1 --quiet --pidfile \
            /var/run/$NAME.$HS_LANIF.pid --exec $DAEMON
        ;;
  condrestart)
        check=`start-stop-daemon --start --exec $DAEMON --test`
        if [ x"$check" != x"$DAEMON already running." ] ; then
            $0 restart
            RETVAL=$?
        fi
        ;;
    
    status)
 status chilli
        RETVAL=$?
        ;;
    
    *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|condrestart|status|reload|radconfig}" >&2
        exit 1
        ;;
esac
exit 0


svp si vous pouvez m'aider, c'est vraiment urgent,
merci d'avance

Dernière modification par ramaC (Le 04/01/2013, à 15:08)

Hors ligne

#4 Le 08/01/2013, à 10:33

ramaC

Re : probleme avec serveur captif coova-chilli

personne pour m'aider????

Hors ligne

Haut de page ↑