Wi-Fi Web Authentication Project

Wifi Project

1. Debian 12.8.0
2. MariaDB 10.11.6
3. Apache 2.4.62
4. Php 8.2.26
5. phpMyAdmin 5.2.1
6. FreeRadius 3.2.1
7. daloradius 2.2 beta

 

root@san:/home/teee# apt-get install sudo net-tools -y
root@san:/home/teee# sudo locale-gen

== MariaDB ==

root@san:/home/teee# apt-get install mariadb-server mariadb-client
root@san:/home/teee# mysql_secure_installation
Enter current password for root (enter for none):
Switch to unix_socket authentication [Y/n] y
Change the root password? [Y/n] y
New password: SecurePass
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!

Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

== apache2 ==
root@san:/home/teee# apt-get install apache2 apache2-doc

== PHP ==
root@san:/home/teee# apt-get install php libapache2-mod-php php-mysql php-common php-gd php-mbstring php-curl php-xml

root@san:/home/teee# nano /etc/apache2/mods-available/dir.conf
#DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
DirectoryIndex index.php index.html index.cgi index.pl index.php index.$

root@san:/home/teee# systemctl restart apache2

== Perl ==
root@san:/home/teee# apt-get install perl libapache2-mod-perl2

== Python ==
root@san:/home/teee# apt-get install python3 libapache2-mod-python

==Test PHP ==
root@san:/home/teee# nano /var/www/html/test.php

<?php phpinfo(); ?>

== phpMyAdmin ==
root@san:/home/teee# apt-get install phpmyadmin

root@san:~# nano /etc/apache2/sites-available/phpmyadmin.conf

<VirtualHost *:8081>
ServerAdmin webmaster@localhost
DocumentRoot /usr/share/phpmyadmin

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

root@san:~# nano /etc/apache2/ports.conf
Listen 8081

Enabling site phpmyadmin.
To activate the new configuration, you need to run:
systemctl reload apache2

root@san:~# systemctl reload apache2

http://192.168.64.17:8081

== Install FreeRADIUS on Debian ==
root@san:/home/teee# apt-get install -y freeradius freeradius-utils freeradius-mysql
root@san:/home/teee# systemctl enable freeradius

root@san:/home/teee# systemctl stop freeradius

Next, run FreeRADIUS in debug mode:

root@san:/home/teee# freeradius -X
If everything’s working OK, the output should be something like this:

listen {
type = “acct”
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 39265
Listening on proxy address :: port 40985
Ready to process requests

Log into the MySQL console as root:

root@san:/home/teee# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 68
Server version: 10.11.6-MariaDB-0+deb12u1 Debian 12

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]>

Create a database and user for RADIUS:

MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.018 sec)

MariaDB [(none)]> grant all privileges on radius.* to radius@localhost identified by ‘SecurePass’;
Query OK, 0 rows affected (0.024 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.020 sec)

MariaDB [(none)]> quit
Bye

Next, import the FreeRADIUS database schema that shipped with FreeRADIUS

root@san:/home/teee# cd /etc/freeradius/3.0/mods-config/sql/main/mysql/
root@san:/etc/freeradius/3.0/mods-config/sql/main/mysql# ls
extras process-radacct.sql queries.conf schema.sql setup.sql
root@san:/etc/freeradius/3.0/mods-config/sql/main/mysql# mysql -u root -p radius < schema.sql
Enter password:

Enable the FreeRADIUS SQL module by creating a symbolic link to the sql module from /etc/freeradius/3.0/mods-available/ to mods-enabled:
root@san:/etc/freeradius/3.0/mods-config/sql/main/mysql# cd
root@san:~# ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/

Open /etc/freeradius/3.0/mods-available/sql

root@san:~# nano /etc/freeradius/3.0/mods-available/sql
dialect = “mysql”
driver = “rlm_sql_mysql”
server = “localhost”
port = 3306
login = “radius”
password = “SecurePass”
radius_db = “radius”
read_clients = yes

Disable MySQL SSL connection.
# If any of the files below are set, TLS encryption is enabled
# tls {
# ca_file = “/etc/ssl/certs/my_ca.crt”
# ca_path = “/etc/ssl/certs/”
# certificate_file = “/etc/ssl/certs/private/client.crt”
# private_key_file = “/etc/ssl/certs/private/client.key”
# cipher = “DHE-RSA-AES256-SHA:AES128-SHA”
#
# tls_required = yes
# tls_check_cert = no
# tls_check_cert_cn = no
# }

root@san:~# chown -h freerad:freerad /etc/freeradius/3.0/mods-enabled/sql
root@san:~# ls -l /etc/freeradius/3.0/mods-enabled/sql
lrwxrwxrwx 1 freerad freerad 38 Jan 7 21:01 /etc/freeradius/3.0/mods-enabled/sql -> /etc/freeradius/3.0/mods-available/sql
root@san:~# systemctl restart freeradius

== Install daloRADIUS on Debian ==
root@san:~# apt-get install php-mail php-mail-mime php-pear
root@san:~# pear install DB
WARNING: channel “pear.php.net” has updated its protocols, use “pear channel-update pear.php.net” to update
downloading DB-1.12.2.tgz …
Starting to download DB-1.12.2.tgz (137,662 bytes)
………………………..done: 137,662 bytes
install ok: channel://pear.php.net/DB-1.12.2

root@san:~# pear install MDB2
WARNING: channel “pear.php.net” has updated its protocols, use “pear channel-update pear.php.net” to update
downloading MDB2-2.4.1.tgz …
Starting to download MDB2-2.4.1.tgz (121,557 bytes)
……………………..done: 121,557 bytes
install ok: channel://pear.php.net/MDB2-2.4.1
MDB2: Optional feature fbsql available (Frontbase SQL driver for MDB2)
MDB2: Optional feature ibase available (Interbase/Firebird driver for MDB2)
MDB2: Optional feature mysql available (MySQL driver for MDB2)
MDB2: Optional feature mysqli available (MySQLi driver for MDB2)
MDB2: Optional feature mssql available (MS SQL Server driver for MDB2)
MDB2: Optional feature oci8 available (Oracle driver for MDB2)
MDB2: Optional feature pgsql available (PostgreSQL driver for MDB2)
MDB2: Optional feature querysim available (Querysim driver for MDB2)
MDB2: Optional feature sqlite available (SQLite2 driver for MDB2)
MDB2: To install optional features use “pear install pear/MDB2#featurename”

https://sourceforge.net/projects/daloradius/files/
root@san:~# wget http://liquidtelecom.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
root@san:~# tar xvf daloradius-0.9-9.tar.gz

root@san:~# apt -y install unzip
root@san:~# wget https://github.com/lirantal/daloradius/archive/master.zip
root@san:~# unzip master.zip
root@san:~# mv daloradius-master daloradius
root@san:~# cd daloradius/
root@san:~/daloradius/contrib/db# sudo mysql -u root -p radius < fr3-mariadb-freeradius.sql
root@san:~/daloradius/contrib/db# sudo mysql -u root -p radius < mariadb-daloradius.sql

root@san:~# mkdir /var/www/html/raddb
root@san:/home/teee/daloradius# cp -R app /var/www/html/raddb/
root@san:/home/teee/daloradius# chown -R www-data:www-data /var/www/html/raddb/

root@san:/home/teee# cp -R daloradius/ /var/www/
root@san:~# cd /var/www/daloradius/
root@san:/var/www/daloradius# mkdir -p var/{log,backup}
root@san:/var/www/daloradius# chown -R www-data:www-data var

sudo tee /etc/apache2/ports.conf<<EOF
Listen 88
Listen 8000

<IfModule ssl_module>
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>
EOF
======================

root@san:/etc/apache2# sudo tee /etc/apache2/sites-available/operators.conf<<EOF
<VirtualHost *:8000>
ServerAdmin operators@localhost
DocumentRoot /var/www/daloradius/app/operators

<Directory /var/www/daloradius/app/operators>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>

<Directory /var/www/daloradius>
Require all denied
</Directory>

ErrorLog \${APACHE_LOG_DIR}/daloradius/operators/error.log
CustomLog \${APACHE_LOG_DIR}/daloradius/operators/access.log combined
</VirtualHost>
EOF

==================

root@san:/etc/apache2# sudo tee /etc/apache2/sites-available/users.conf<<EOF
<VirtualHost *:88>
ServerAdmin users@localhost
DocumentRoot /var/www/daloradius/app/users

<Directory /var/www/daloradius/app/users>
Options -Indexes +FollowSymLinks
AllowOverride None
Require all granted
</Directory>

<Directory /var/www/daloradius>
Require all denied
</Directory>

ErrorLog \${APACHE_LOG_DIR}/daloradius/users/error.log
CustomLog \${APACHE_LOG_DIR}/daloradius/users/access.log combined
</VirtualHost>
EOF

=======================
root@san:/etc/apache2# sudo a2ensite users.conf operators.conf
Enabling site users.
Enabling site operators.
To activate the new configuration, you need to run:
systemctl reload apache2

root@san:/etc/apache2# mkdir -p /var/log/apache2/daloradius/{operators,users}
root@san:/etc/apache2# sudo a2dissite 000-default.conf
Site 000-default disabled.
To activate the new configuration, you need to run:
systemctl reload apache2

root@san:/etc/apache2# systemctl restart apache2 freeradius
root@san:/etc/apache2# systemctl status apache2 freeradius
● apache2.service – The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; preset: enabled)
Active: active (running) since Wed 2025-01-08 01:03:12 +07; 41s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 758 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 762 (/usr/sbin/apach)
Tasks: 6 (limit: 4649)
Memory: 20.9M
CPU: 520ms
CGroup: /system.slice/apache2.service
├─762 /usr/sbin/apache2 -k start
├─763 /usr/sbin/apache2 -k start
├─764 /usr/sbin/apache2 -k start
├─765 /usr/sbin/apache2 -k start
├─766 /usr/sbin/apache2 -k start
└─767 /usr/sbin/apache2 -k start

Jan 08 01:03:11 san systemd[1]: Starting apache2.service – The Apache HTTP Server…
Jan 08 01:03:12 san systemd[1]: Started apache2.service – The Apache HTTP Server.

● freeradius.service – FreeRADIUS multi-protocol policy server
Loaded: loaded (/lib/systemd/system/freeradius.service; enabled; preset: enabled)
Active: active (running) since Wed 2025-01-08 01:03:13 +07; 40s ago
Docs: man:radiusd(8)
man:radiusd.conf(5)
http://wiki.freeradius.org/
http://networkradius.com/doc/
Process: 755 ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout (code=exited, status=0/SUCCESS)
Main PID: 769 (freeradius)
Status: “Processing requests”
Tasks: 6 (limit: 4649)
Memory: 78.6M (limit: 2.0G)
CPU: 1.487s
CGroup: /system.slice/freeradius.service
└─769 /usr/sbin/freeradius -f

Jan 08 01:03:12 san freeradius[755]: Compiling Auth-Type PAP for attr Auth-Type
Jan 08 01:03:12 san freeradius[755]: Compiling Auth-Type CHAP for attr Auth-Type
Jan 08 01:03:12 san freeradius[755]: Compiling Auth-Type MS-CHAP for attr Auth-Type
Jan 08 01:03:12 san freeradius[755]: Compiling Autz-Type New-TLS-Connection for attr Autz-Type
Jan 08 01:03:12 san freeradius[755]: Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
Jan 08 01:03:12 san freeradius[755]: Compiling Post-Auth-Type Challenge for attr Post-Auth-Type
Jan 08 01:03:12 san freeradius[755]: Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type

root@san:/etc/apache2# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 517/mariadbd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 441/sshd: /usr/sbin
tcp6 0 0 :::8000 :::* LISTEN 762/apache2
tcp6 0 0 :::88 :::* LISTEN 762/apache2
tcp6 0 0 :::22 :::* LISTEN 441/sshd: /usr/sbin
udp 0 0 0.0.0.0:68 0.0.0.0:* 363/dhclient
udp 0 0 0.0.0.0:54050 0.0.0.0:* 769/freeradius
udp 0 0 127.0.0.1:18120 0.0.0.0:* 769/freeradius
udp 0 0 0.0.0.0:1812 0.0.0.0:* 769/freeradius
udp 0 0 0.0.0.0:1813 0.0.0.0:* 769/freeradius
udp6 0 0 :::57992 :::* 769/freeradius
udp6 0 0 :::1812 :::* 769/freeradius
udp6 0 0 :::1813 :::* 769/freeradius

http://192.168.64.17:88/login.php
http://192.168.64.17:8000/login.php

Leave a Reply