- 2 network interface card
Apache Web server (>= 2.2)
PHP (>= 5.2)
Squid proxy server (>= 2.6)
Netstat-nat (>= 1.4.8)
MySQL DB server (>= 5.0)
- PHPMyadmin (to easily maintain the MySQL database)
Install Apache on target host by installing these packages from official repositories: apache2
sudo aptitude -R install apache2
The user/group database on MySQL can reside on any machine provided that the Wifiauth pc can connect to the DBMS.
In order to install the database on Ubuntu Hardy Heron you need to install the mysql-server package
sudo aptitude -R install mysql-server
You will be asked for a MySQL administrator password (the root@localhost user's password).
You need the apache2 PHP module and the Mysql/PHP5 binding libraries. Just install the php5-mysql and libapache2-mod-php5 packages
sudo aptitude -R install php5-mysql libapache2-mod-php5
sudo aptitude -R install phpmyadmin
sudo aptitude -R install squid
sudo aptitude -R install netstat-nat
Wifiauth comes with an installation script - now tailored for Ubuntu >= 7.04 - that takes care to check the prerequisites and configure the system.
To install the system, just
download the tarball from Launchpad untar it on a directory of your choice
- or get the development branch via bazaar:
bzr branch lp:wifiauth
Once you have the files on your system, become root and execute the configure.sh script. It will guide you during the installation process and configure Wifiauth for you.
Phase 1. Checking prerequisites
The configuration script will check for pre-installed services that are needed in order to use Wifiauth.
If it's the first time you install Wifiauth or do not have any previous configuration file - config.ini - on you Wifiauth's installation dir, the script will start asking your preferences in order to properly configure your system. Phase 2 to 5 are designed to decide system's settings.
Phase 2. Setting Network parameters
To use Wifiauth you need, at least, two network interfaces one will be used for the internal network the other for the external.
Internal network is the one you want Wifiauth to apply authentication on. In other words, clients, accessing this interface, will be asked to authenticate themselves by providing username and password you provide them.
External network is the one that authenticated users are permitted to navigate. This interface will be, therefore, connected to Internet or, if you are using Wifiauth as a gateway for your office LAN, connected to your office network.
After setting internal ant external network settings, you have to decide the Administration network configuration. This net will be granted full access to Wifiauth machine.
Last settings parameter is the User idle timeout. This will be the timeout time used to decide if an authenticated user is still using Wifiauth to navigate. If an user isn't using Wifiauth's gateway capabilities for a n>timeout period he will be considered offline and has to authenticate again if he wants to access the External network
Phase 3. Services and network configuration
During this phase you have to decide if you want Wifiauth to provide DHCP and NAT services.
If you want to automatically assign IP address to users on the Internal network choose Yes when the system asks you: "Do you want to use the DHCP server?". If this is your case, you'll have to provide the assignable IP's interval in which authenticated user will reside.
If you want Internal network 's users to be NATted on the External network just select Y on answering the question: "Do you want to enable NAT?"
TODO: Traffic shaping
Phase 4. MySQL Server access configuration
Wifiauth needs a MySQL server to store users and setting s configuration. The database can reside on the same Wifiauth machine or be installed on another one (this permits a central credentials' storage). During this phase you have to configure the way in which Wifiauth connects to the authentication database.
Just follow the help the installation script gives you and prepare you to provide the MySQL root@<Wifiauth_machine>'s password.
Phase 5. Configuration Summary
Before continuing with installation, the script will give you a summary of all configuration parameters. Please revise them carefully and check for errors before confirming them.
Phase 6. Iptables rules
With all configuration parameters set, the configuration script can decide what iptables rules best fit your environment. You will provided with the iptables rules' set in order to check for errors. Just confirm the default rules you you don't know what we are talking about.
Phase 7. Certificates for HTTPS service
Wifiauth use a secure HTTP dialog to provide user authentication and administration access. During this phase a Certification Authority and a private/public keypar file will be created. Just sit down enjoy the show.
Phase 8. MySQL Database creation
It's now time to create the users' database. During this phase you have to decide the username and password Wifiauth will use to access the MySQL database.
Just pick up a username and a strong password.
Phase 9. Installation
During this phase you system will be prepared to host Wifiauth services. The script will configure the services:
- Squid: a configuration file will be created and putted on the configuration directory
- Apache: a new default website will be created and enabled, SSL and Rewrite modules will be enabled
- DHCP: if you chose to use a DHCP server during Phase 3, the script will create and place a new configuration file for this purpose
Binary files: all Wifiauth autentication system will be placed on /opt/mysar dyrectory
Web contents: the new website used for authenticating users and administer the Wifiauth system will be placed on /var/www/milkeyway
- Sudoers modification: apache process need to access to some privileged commands this will be setted during this phase
- Cron jobs creation:
- Wifiauth an mysar config files creation: all set parameters will be putted on a php configuration file for Wifiauth website and mysar use
- Startup scripts: all startup services scripts will be placed on correct directory
Phase 10. Starting services
All services will be started and you could access your new authenticating gateway administration console on http://<wifiauth_machine>:81