CompuLab SBC-FITPC2 Bedienungsanleitung PDF herunterladen (Seite 11)

controller) by means of web browser redirects. On the chilli side, authentication

requests are then forwarded to the FreeRADIUS server, which matches them with

information in it’s back-end. The FreeRADIUS back-end for the FitVT server is

mysql.

Once the credentials are sent, the user is then either rejected or authenticated by

FreeRADIUS, prompting hotspotlogin.cgi to present either a rejection message or a

page with a success message and a logout link to the user

Understanding how Coova Chilli works can be greatly simplified by having an

overview of the messages that are exchanged during an authentication process.

The data flow looks as follows

HTTPS → [1] → Apache Webserver → CGI → [2] → Chilli Controller → [3,4]

FreeRadius → [5] → Mysql

In each bi-directional exchange of data between the different components a

security mechanism is implemented:

• The end user and passwords [1] (user credentials) are protected via HTTPS

in the first step.

• A secret [2] (uamsecret) is used between the Apache CGI and Chilli

Controller (UAM).

• The Chilli Controller secures the connection to FreeRadius using another

secret [3] (radiussecret) and access the FreeRadius database using a radius

user account [4] (chillispot secret).

• Finally FreeRadius connects to Mysql using another secret [5] (mysqlsecret)

The following steps are needed to implemented the overall architecture.

STEP 1: Create database for FreeRADIUS

The database stores usernames and passwords (end user crendetials)

mysql -u root -p

mysql> CREATE DATABASE radius;

mysql> quit

mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql

mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql

mysql -u root -p

5 https://help.ubuntu.com/community/WifiDocs/CoovaChilli

1 2 ... 6 7 8 9 10 11 12 13 14 15 16 17 18

Keine Kommentare

CompuLab SBC-FITPC2 Bedienungsanleitung Seite 11