| Table of Contents |
|---|
The version for which the documentation was written
| Code Block | ||
|---|---|---|
| ||
Debian 8.6.0 Debian 9.5.0 |
Installing ABillS on Debian
The following parameters were used during installation:SSH Server
Standart system utilities
Let's switch to root mode. (Using the password you entered during installation)| Code Block | ||
|---|---|---|
| ||
su |
Downloading ABillS: At the time of this writing, the current version is 0.92.05 (Check here last version).| Code Block | ||
|---|---|---|
| ||
cd /usr wget https://netix.dl.sourceforge.net/project/abills/abills/0.78/abills-0.78.30.tgz tar zxvf abills-0.78.30.tgz cp /usr/abills/libexec/config.pl.default /usr/abills/libexec/config.pl |
Change the configuration file /usr/abills/libexec/config.pl| Code Block | ||
|---|---|---|
| ||
#DB configuration
$conf{dbhost}='localhost';
$conf{dbname}='abills';
$conf{dbuser}='abills';
$conf{dbpasswd}='sqlpassword'; #change to your password
$conf{ADMIN_MAIL}='info@your.domain';
$conf{USERS_MAIL_DOMAIN}="your.domain";
# is used to encrypt admin and user passwords.
$conf{secretkey}="test12345678901234567890"; |
The value of $conf{secretkey} is recommended to be changed from "test12345678901234567890" to a random long string. If you change the value in $conf{secretkey}, change it in the /usr/abills/db/abills.sql file as well
Sutup Software
Update packages and system:| Code Block | ||
|---|---|---|
| ||
apt-get update -yq && apt-get upgrade -yq apt-get install libperl-dev gcc make -yq |
MySQL
Debian 8.xx
| Code Block | ||
|---|---|---|
| ||
apt-get install -yq mariadb-server libmysqlclient-dev |
Debian 9.xx
| Code Block | ||
|---|---|---|
| ||
apt-get install -yq mariadb-server libmariadbclient-dev libmariadbclient-dev-compat |
Create a user and a database.
| Code Block | ||
|---|---|---|
| ||
mysql --default-character-set=utf8 -u root |
In the mysql console do:| Code Block | ||
|---|---|---|
| ||
GRANT ALL ON abills.* TO `abills`@localhost IDENTIFIED BY "sqlpassword"; -- instead of sqlpassword we substitute our value from
$conf{dbpasswd} CREATE DATABASE abills DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
flush privileges;
quit; |
Loading tables into the database.| Code Block | ||
|---|---|---|
| ||
cd /usr/abills/db/ mysql --default-character-set=utf8 -D abills < abills.sql |
If Invalid default value for 'registration' occurs, execute| Code Block | ||
|---|---|---|
| ||
sed -i -e "1 s/^/SET SQL_MODE='NO_ENGINE_SUBSTITUTION,NO_AUTO_VALUE_ON_ZERO';/;" /usr/abills/db/abills.sql mysql --default-character-set=utf8 -u root -D abills < /usr/abills/db/abills.sql |
Web Server
Apache
Installing Apache| Code Block | ||
|---|---|---|
| ||
apt-get install -yq apache2 |
We create certificates.| Code Block | ||
|---|---|---|
| ||
/usr/abills/misc/certs_create.sh apache |
Copy the finished Apache config to the apache external configurations folder.Apache 2.4
| Code Block | ||
|---|---|---|
| ||
cp /usr/abills/misc/apache/abills_httpd.conf /etc/apache2/sites-enabled/ |
Enable modules for Apache:| Code Block | ||
|---|---|---|
| ||
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
a2enmod cgid
a2enmod header |
Create an Abills error log file| Code Block | ||
|---|---|---|
| ||
mkdir /var/log/httpd touch /var/log/httpd/abills-error.log service apache2 restart |
Perl modules
Modules are required for the system to work.| Code Block | ||
|---|---|---|
| ||
cd /usr/abills/misc/ && perl perldeps.pl apt-get -batch |
For a better life in the future:
| Code Block | ||
|---|---|---|
| ||
apt-get install -yq cpanminus |
If some modules are not installed, you can install them
| Code Block | ||
|---|---|---|
| ||
cpanm <ModuleName> |
For example not installed Digest::SHA1, run:
| Code Block | ||
|---|---|---|
| ||
cpanm Digest::SHA1 |
FreeRadius
Install
All ./configure warnings except rlm_perl and rlm_sql_mysql can be ignored.
Install libmysqlclient and libmysqlclient-dev on the remote serverCheck PERL
| Code Block | ||
|---|---|---|
| ||
apt-get install libperl-dev -yq find /usr/lib/ | grep libperl.so /usr/lib/x86_64-linux-gnu/libperl.so.5.22 /usr/lib/x86_64-linux-gnu/libperl.so.5.22.1 |
We make a symlink so that the library is loaded at compile time| Code Block | ||
|---|---|---|
| ||
ln -s /usr/lib/x86_64-linux-gnu/libperl.so.5.22 /usr/lib/x86_64-linux-gnu/libperl.so |
| Code Block | ||
|---|---|---|
| ||
apt-get install -yq gcc make libtalloc-dev cd /tmp wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.17.tar.gz tar zxvf freeradius-server-3.0.17.tar.gz cd freeradius-server-3.0.17 ./configure --prefix=/usr/local/freeradius --with-rlm-perl-lib-dir=/usr/lib/x86_64-linux-gnu/ \ --with-dhcp=yes --with-openssl=no > /dev/null make && make install |
Setup
| Code Block | ||
|---|---|---|
| ||
cd /usr/abills rm /usr/local/freeradius/etc/raddb/sites-enabled/* cp misc/freeradius/v3/mods-enabled/perl /usr/local/freeradius/etc/raddb/mods-enabled/perl cp misc/freeradius/v3/mods-enabled/sql /usr/local/freeradius/etc/raddb/mods-enabled/sql cp misc/freeradius/v3/sites-enabled/abills_default /usr/local/freeradius/etc/raddb/sites-enabled/abills_default cp misc/freeradius/v3/sites-enabled/control-socket /usr/local/freeradius/etc/raddb/sites-enabled/control-socket cp misc/freeradius/v3/users /usr/local/freeradius/etc/raddb/users ln -s /usr/local/freeradius/bin/* /usr/bin/ ln -s /usr/local/freeradius/sbin/* /usr/sbin/ |
File for autorun - create and paste the following text into it| Code Block | ||
|---|---|---|
| ||
nano /etc/init.d/radiusd |
| Code Block | ||||
|---|---|---|---|---|
| ||||
#!/bin/sh
# Start/stop the FreeRADIUS daemon.
### BEGIN INIT INFO
# Provides: radiusd
# Required-Start: $remote_fs $network $syslog
# Should-Start: $time mysql slapd postgresql samba krb5-kdc
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Radius Daemon
# Description: Extensible, configurable radius daemon
### END INIT INFO
set -e
. /lib/lsb/init-functions
PROG="radiusd"
PROGRAM="/usr/sbin/radiusd"
PIDFILE="/usr/local/freeradius/var/run/radiusd/radiusd.pid"
DESCR="FreeRADIUS daemon"
test -f $PROGRAM || exit 0
# /var/run may be a tmpfs
if [ ! -d /var/run/radiusd ]; then
mkdir -p /var/run/radiusd
chown freerad:freerad /var/run/radiusd
fi
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
ret=0
case "$1" in
start)
log_daemon_msg "Starting $DESCR" "$PROG"
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $PROGRAM || ret=$?
log_end_msg $ret
exit $ret
;;
stop)
log_daemon_msg "Stopping $DESCR" "$PROG"
if [ -f "$PIDFILE" ] ; then
start-stop-daemon --stop --retry=TERM/30/KILL/5 --quiet --pidfile $PIDFILE || ret=$?
log_end_msg $ret
else
log_action_cont_msg "$PIDFILE not found"
log_end_msg 0
fi
;;
restart|force-reload)
$0 stop
$0 start
;;
*)
echo "Usage: $0 start|stop|restart|force-reload"
exit 1
;;
esac
exit 0 |
| Code Block | ||
|---|---|---|
| ||
chmod +x /etc/init.d/radiusd update-rc.d radiusd defaults update-rc.d radiusd enable |
We change the radius /usr/local/freeradius/etc/raddb/radiusd.conf in the config
| Code Block | ||
|---|---|---|
| ||
nano /usr/local/freeradius/etc/raddb/radiusd.conf prefix = /usr/local/freeradius user = freerad group = freerad |
Thanks to the module sql, you can store access servers in the database (you still need to restart the radius after adding / changing servers, but you don’t need to edit clients.conf). Clearing the list of access servers from /usr/local/freeradius/etc/raddb/clients.conf (so that there are no duplicates due to records in the database)
| Code Block | ||
|---|---|---|
| ||
echo '' > /usr/local/freeradius/etc/raddb/clients.conf |
Fill in the database connection parameters we need| Code Block | ||
|---|---|---|
| ||
nano /usr/local/freeradius/etc/raddb/mods-enabled/sql |
| Code Block | ||
|---|---|---|
| ||
sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
#port = 3306
login = "abills"
password = "sqlpassword" #instead of sqlpassword we substitute our value from $conf{dbpasswd}
radius_db = "abills"
#At the very end of the file
'%secretkey%' change to your value, which is written in $conf{secretkey} |
We create user and group. (if freeradius was not previously installed, it will not start without it)| Code Block | ||
|---|---|---|
| ||
groupadd freerad useradd -g freerad -s /bash/bash freerad chown -R freerad:freerad /usr/local/freeradius/etc/raddb |
Running radius in debug mode| Code Block | ||
|---|---|---|
| ||
/usr/sbin/radiusd -X |
or
| Code Block | ||
|---|---|---|
| ||
radiusd -X |
Check:
| Code Block | ||
|---|---|---|
| ||
radtest test 123456 127.0.0.1:1812 0 secretpass 0 127.0.0.1 |
If there are no errors, run| Code Block | ||
|---|---|---|
| ||
service radiusd start |
Additionally
Opening the firewall for RADIUS packetsiptables -A ufw-user-input -p udp --dport 1812 -j ACCEPT iptables -A ufw-user-input -p udp --dport 1813 -j ACCEPT
After install Abills
Wite periodic processes| Code Block | ||||
|---|---|---|---|---|
| ||||
*/5 * * * * root /usr/abills/libexec/billd -all 1 0 * * * root /usr/abills/libexec/periodic daily 1 1 * * * root /usr/abills/libexec/periodic monthly |
| Code Block | ||||
|---|---|---|---|---|
| ||||
mkdir -p /usr/abills/var/log touch /usr/abills/var/log/sql_errors && chmod 666 /usr/abills/var/log/sql_errors |
Add links to gzip and mysqldump to create database backups:| Code Block | ||
|---|---|---|
| ||
ln -s /bin/gzip /usr/bin/gzip ln -s /usr/bin/mysqldump /usr/local/bin/mysqldump |
Web admin interface: (IP address can be found using ip a)Default administrator login abills password abillsWeb interface for users:Check
To check if the service is configured correctly, you need to run the radtest utility by specifying the login and password of an existing user.Login: test Password: 123456| Code Block | ||
|---|---|---|
| ||
/usr/local/freeradius/bin/radtest test 123456 127.0.0.1:1812 0 secretpass 0 127.0.0.1 |
If everything is configured correctly, in the error log Report>Internet>Last connection, the line should appear| No Format |
|---|
2014-12-23 12:55:55 LOG_INFO: AUTH [test] NAS: 1 (xxx.xxx.xxx.xxx) GT: 0.03799 |
If the error log is empty, then communication with the RADIUS server is not properly configured (go through the FreeRadius section again).