Line 1: |
Line 1: |
| {{Languages}} | | {{Languages}} |
| {{Cleanup}} | | {{Cleanup}} |
− | ==Maintainer== | + | |
| + | ==Coova-Chilli for sme server== |
| + | |
| + | ===Maintainer=== |
| [[User:VIP-ire|Daniel B.]]<br/> | | [[User:VIP-ire|Daniel B.]]<br/> |
| [http://www.firewall-services.com Firewall Services]<br> | | [http://www.firewall-services.com Firewall Services]<br> |
| mailto:daniel@firewall-services.com | | mailto:daniel@firewall-services.com |
| | | |
− | == Introduction == | + | === Description === |
| | | |
| [http://www.coova.org CoovaChilli] is a (GNU GPL) captive portal based on chillispot. It will allow your SME in server and gateway mode to have a third interface. On this new interface, you can plug AP(s) or switchs, and chilli daemon will act as a dhcp server. Every clients connected on this new "lan" will have to authenticate themeself before coova-chilli allows traffic to pass. | | [http://www.coova.org CoovaChilli] is a (GNU GPL) captive portal based on chillispot. It will allow your SME in server and gateway mode to have a third interface. On this new interface, you can plug AP(s) or switchs, and chilli daemon will act as a dhcp server. Every clients connected on this new "lan" will have to authenticate themeself before coova-chilli allows traffic to pass. |
Line 17: |
Line 20: |
| smeserver-coova-chilli integrates coova-chilli on your server. There's no panel for the configuration for now, but the it's quite easy with some db commands. | | smeserver-coova-chilli integrates coova-chilli on your server. There's no panel for the configuration for now, but the it's quite easy with some db commands. |
| | | |
− | == Release Notes == | + | === Requirements === |
− |
| + | *Server in server&gateway mode |
− | * Version: 0.2-2
| + | *a 3rd network interface |
− | * Tested on: SME 7.3 > current | |
− | | |
− | * Note: Install on SME in '''server-gateway mode only.'''
| |
− | | |
− | *'''Warning: This contrib should not be installed on production machines. It is currently (2008-08-23) under development and beta testing. Use at your own risk.'''
| |
− | | |
− | *[http://forums.contribs.org/index.php?topic=40667.0;all SME Forum Link] | |
− | | |
− | | |
− | === Add a network card ===
| |
| | | |
| The first step is to add a third network card on your server. | | The first step is to add a third network card on your server. |
| | | |
− | !!! '''Warning''' !!! When rebooting, if you have several identical NICs, it is possible that the server has swapped two of them, so you may have to reconfigure your Internal/External interface (login as admin, then configure this server). Once that's finished, you should have a new 'eth2' card not configured (it's ok, you do not need to configure it).
| + | {{ibox |
| + | |img={{{img|Warning.png}}} |
| + | |msg=When rebooting, if you have several identical NICs, it is possible that the server has swapped two of them, so you may have to reconfigure your Internal/External interface (login as admin, then configure this server). Once that's finished, you should have a new 'eth2' card not configured (it's ok, you do not need to configure it).|{{{1}}} |
| + | |type={{{type|Warning:}}} |
| + | |color=#FFEED9 |
| + | }} |
| + | === Installation === |
| | | |
− | === Get and install the rpms ===
| + | *install the rpms |
| | | |
| yum --enablerepo=smecontribs install smeserver-coova-chilli | | yum --enablerepo=smecontribs install smeserver-coova-chilli |
Line 41: |
Line 40: |
| (For now, you may also have to enable the repo smetest as smeserver-coova-chilli requires e-smith-radiusd => 1.0.0-18 which is in smetest repo) | | (For now, you may also have to enable the repo smetest as smeserver-coova-chilli requires e-smith-radiusd => 1.0.0-18 which is in smetest repo) |
| | | |
− | === Set up and activate the service ===
| + | *Enable the service |
| | | |
− | By default, the service is turned off, but the rest of the config should be fine for most installations. To activate the service | + | By default, the service is turned off, but the rest of the config should be fine for most installations. To enable the service: |
| | | |
| db configuration setprop chilli status enabled | | db configuration setprop chilli status enabled |
| signal-event chilli-update | | signal-event chilli-update |
| | | |
− | *Check that the demon is running | + | *Check that the daemon is running |
| | | |
| ps aux | grep chilli | | ps aux | grep chilli |
Line 56: |
Line 55: |
| root 10726 0.7 0.1 5884 2152? Ss Apr07 6:50 /usr/sbin/chilli | | root 10726 0.7 0.1 5884 2152? Ss Apr07 6:50 /usr/sbin/chilli |
| | | |
− | === Create a group ===
| + | *Create a group |
| | | |
| In the server-manager, create a group called "chilli", and place in this group all users of the system that you want to give access to the wifi network (or anything you've pluged on eth2). | | In the server-manager, create a group called "chilli", and place in this group all users of the system that you want to give access to the wifi network (or anything you've pluged on eth2). |
| | | |
− | === Attach an AP ===
| + | *Attach an AP |
| | | |
| The final step is to connect an AP on the NIC. I'm talking about a AP and not a router. If you have a WiFi router, it is possible to work if these conditions are met: | | The final step is to connect an AP on the NIC. I'm talking about a AP and not a router. If you have a WiFi router, it is possible to work if these conditions are met: |
Line 70: |
Line 69: |
| You can also connect a switch to eth2, and add as many AP you want. | | You can also connect a switch to eth2, and add as many AP you want. |
| | | |
− | === Login ===
| + | *Login |
| Connect a client, and try to open a web page, you should fall on a page like this: | | Connect a client, and try to open a web page, you should fall on a page like this: |
| | | |
Line 80: |
Line 79: |
| [[Image:Login-with-guest.jpg]] | | [[Image:Login-with-guest.jpg]] |
| | | |
− | == List of db parameters == | + | === List of db parameters === |
| | | |
| | | |
Line 130: |
Line 129: |
| it'll re-generate the necessary files and restart needed services. | | it'll re-generate the necessary files and restart needed services. |
| | | |
− | == The login page == | + | === The login page === |
| | | |
| The login page is a mix of the CGI provided with chillispot and some modifications of other login pages. | | The login page is a mix of the CGI provided with chillispot and some modifications of other login pages. |
Line 145: |
Line 144: |
| */opt/chilli/css/sme.css : This CSS file is used to choose the background color, font class, logo etc... It can be customized, it won't be overriden on upgrades | | */opt/chilli/css/sme.css : This CSS file is used to choose the background color, font class, logo etc... It can be customized, it won't be overriden on upgrades |
| | | |
− | == The authorized group(s) == | + | === The authorized group(s) === |
| | | |
| By default, only members of the group "chilli" have access to the portal. You can change this behavior | | By default, only members of the group "chilli" have access to the portal. You can change this behavior |
Line 209: |
Line 208: |
| | | |
| | | |
− | == What authenticated users have access to ? == | + | === What authenticated users have access to ? === |
| | | |
| By default, not much. | | By default, not much. |
Line 225: |
Line 224: |
| Services names need to correspond to those defined in the configuration db | | Services names need to correspond to those defined in the configuration db |
| | | |
− | '''Note''': This will just open the corresponding port(s), you need to make sure the service listen on the correct interface.
| + | {{Note box|This will just open the corresponding port(s), you need to make sure the service listen on the correct interface.}} |
| | | |
| *AllowedOutgoing will allow more outgoing traffic. It's list of proto/host/port clients will be able to contact on the internet (These rules only apply to forwarded traffic, nothing will be allowed to the private network). Wildcard '*' (or keyword any) can replace host or port. Eg: | | *AllowedOutgoing will allow more outgoing traffic. It's list of proto/host/port clients will be able to contact on the internet (These rules only apply to forwarded traffic, nothing will be allowed to the private network). Wildcard '*' (or keyword any) can replace host or port. Eg: |
Line 236: |
Line 235: |
| *Any host will be accessible on port 123 with tcp | | *Any host will be accessible on port 123 with tcp |
| | | |
− | '''Note''': proto can be tcp or udp only for now, there's now way to add icmp rules with db commands for now.
| + | {{ Note box|proto can be tcp or udp only for now, there's now way to add icmp rules with db commands.}} |
| | | |
− | == Troubleshoot == | + | === Troubleshoot === |
| | | |
| If the contrib doesn't work, check in the order: | | If the contrib doesn't work, check in the order: |
Line 258: |
Line 257: |
| *Check your client can use DNS. If you get a timeout when you try to open a web page from the client, it's possible that the problem comes from some DNS issue. Try to enter an ip in your browser, even a fake on (http://11.12.13.4/ for example), if you see the login page, then, you should try to configure the DNS of your ISP in the db | | *Check your client can use DNS. If you get a timeout when you try to open a web page from the client, it's possible that the problem comes from some DNS issue. Try to enter an ip in your browser, even a fake on (http://11.12.13.4/ for example), if you see the login page, then, you should try to configure the DNS of your ISP in the db |
| db configuration setprop chilli dns1 <ip> dns2 <ip> | | db configuration setprop chilli dns1 <ip> dns2 <ip> |
| + | |
| + | === Uninstall === |
| + | yum remove smeserver-coova-chilli coova-chilli |
| + | |
| + | === Source === |
| + | The source for this contrib can be found in the smeserver [http://smeserver.cvs.sourceforge.net/smeserver/smeserver-coova-chilli/ CVS] on sourceforge. |
| + | === Bugs === |
| + | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] |
| + | and select the smeserver-coova-chilli component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-coova-chilli|title=this link}} |
| + | |
| ---- | | ---- |
| [[Category:Contrib]] | | [[Category:Contrib]] |