ABillS
Space shortcuts
Child pages
  • Installing ABillS on Debian
Skip to end of metadata
Go to start of metadata

The version for which the documentation was written

Debian 8.6.0
Debian 9.5.0

Installing ABillS on Debian

The following parameters were used during installation:

  • SSH Server

  • Standart system utilities

Let's switch to root mode. (Using the password you entered during installation)
su
Downloading ABillS: At the time of this writing, the current version is 0.92.05 (Check here last version).
cd /usr
wget https://netix.dl.sourceforge.net/project/abills/abills/0.78/abills-0.78.30.tgz
tar zxvf abills-0.78.30.tgz
cp /usr/abills/libexec/config.pl.default /usr/abills/libexec/config.pl
Change the configuration file /usr/abills/libexec/config.pl
#DB configuration 
$conf{dbhost}='localhost';
$conf{dbname}='abills'; 
$conf{dbuser}='abills';
$conf{dbpasswd}='sqlpassword'; #change to your password 
$conf{ADMIN_MAIL}='info@your.domain'; 
$conf{USERS_MAIL_DOMAIN}="your.domain"; 
# is used to encrypt admin and user passwords.
$conf{secretkey}="test12345678901234567890";

The value of $conf{secretkey} is recommended to be changed from "test12345678901234567890" to a random long string. If you change the value in $conf{secretkey}, change it in the /usr/abills/db/abills.sql file as well

Sutup Software

Update packages and system:
apt-get update -yq && apt-get upgrade -yq
apt-get install libperl-dev  gcc make -yq

MySQL

Debian 8.xx

apt-get install -yq mariadb-server libmysqlclient-dev

Debian 9.xx

apt-get install -yq mariadb-server libmariadbclient-dev libmariadbclient-dev-compat

Create a user and a database.

mysql --default-character-set=utf8 -u root
In the mysql console do:
GRANT ALL ON abills.* TO `abills`@localhost IDENTIFIED BY "sqlpassword";  -- instead of sqlpassword we substitute our value from 
$conf{dbpasswd} CREATE DATABASE abills DEFAULT CHARACTER SET utf8 COLLATE  utf8_general_ci;
flush privileges;
quit;
Loading tables into the database.
cd /usr/abills/db/
mysql --default-character-set=utf8 -D abills < abills.sql
If Invalid default value for 'registration' occurs, execute
sed -i -e "1 s/^/SET SQL_MODE='NO_ENGINE_SUBSTITUTION,NO_AUTO_VALUE_ON_ZERO';/;" /usr/abills/db/abills.sql
mysql --default-character-set=utf8 -u root -D abills < /usr/abills/db/abills.sql

Web Server

Apache

Installing Apache
apt-get install -yq apache2
We create certificates.
/usr/abills/misc/certs_create.sh apache
Copy the finished Apache config to the apache external configurations folder.

Apache 2.4

cp /usr/abills/misc/apache/abills_httpd.conf /etc/apache2/sites-enabled/
Enable modules for Apache:
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
a2enmod cgid
Create an Abills error log file
mkdir /var/log/httpd
touch /var/log/httpd/abills-error.log
service apache2 restart

Perl modules

Modules are required for the system to work.
cd /usr/abills/misc/ && perl perldeps.pl apt-get -batch

For a better life in the future:

apt-get install -yq cpanminus

If some modules are not installed, you can install them

cpanm <ModuleName>

For example not installed Digest::SHA1, run:

cpanm Digest::SHA1

FreeRadius

Install

All ./configure warnings except rlm_perl and rlm_sql_mysql can be ignored.
Install libmysqlclient and libmysqlclient-dev on the remote server

Check PERL


apt-get install libperl-dev -yq
find /usr/lib/ | grep libperl.so 
/usr/lib/x86_64-linux-gnu/libperl.so.5.22 
/usr/lib/x86_64-linux-gnu/libperl.so.5.22.1


We make a symlink so that the library is loaded at compile time
ln -s /usr/lib/x86_64-linux-gnu/libperl.so.5.22 /usr/lib/x86_64-linux-gnu/libperl.so
apt-get install -yq gcc make libtalloc-dev
cd /tmp
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.17.tar.gz
tar zxvf freeradius-server-3.0.17.tar.gz
cd freeradius-server-3.0.17
./configure --prefix=/usr/local/freeradius --with-rlm-perl-lib-dir=/usr/lib/x86_64-linux-gnu/ \
 --with-dhcp=yes --with-openssl=no > /dev/null
make && make install

Setup

cd /usr/abills
rm /usr/local/freeradius/etc/raddb/sites-enabled/*
cp misc/freeradius/v3/mods-enabled/perl /usr/local/freeradius/etc/raddb/mods-enabled/perl
cp misc/freeradius/v3/mods-enabled/sql /usr/local/freeradius/etc/raddb/mods-enabled/sql
cp misc/freeradius/v3/sites-enabled/abills_default /usr/local/freeradius/etc/raddb/sites-enabled/abills_default
cp misc/freeradius/v3/sites-enabled/control-socket /usr/local/freeradius/etc/raddb/sites-enabled/control-socket
cp misc/freeradius/v3/users /usr/local/freeradius/etc/raddb/users
ln -s /usr/local/freeradius/bin/* /usr/bin/
ln -s /usr/local/freeradius/sbin/* /usr/sbin/
File for autorun - create and paste the following text into it
nano /etc/init.d/radiusd
#!/bin/sh
# Start/stop the FreeRADIUS daemon.

### BEGIN INIT INFO
# Provides:          radiusd
# Required-Start:    $remote_fs $network $syslog
# Should-Start:      $time mysql slapd postgresql samba krb5-kdc
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Radius Daemon
# Description:       Extensible, configurable radius daemon
### END INIT INFO

set -e

. /lib/lsb/init-functions

PROG="radiusd"
PROGRAM="/usr/sbin/radiusd"
PIDFILE="/usr/local/freeradius/var/run/radiusd/radiusd.pid"
DESCR="FreeRADIUS daemon"

test -f $PROGRAM || exit 0

# /var/run may be a tmpfs
if [ ! -d /var/run/radiusd ]; then
 mkdir -p /var/run/radiusd
 chown freerad:freerad /var/run/radiusd
fi

export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"

ret=0

case "$1" in
        start)
                log_daemon_msg "Starting $DESCR" "$PROG"
                start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $PROGRAM || ret=$?
                log_end_msg $ret
                exit $ret
                ;;
        stop)
                log_daemon_msg "Stopping $DESCR" "$PROG"
                if [ -f "$PIDFILE" ] ; then
                  start-stop-daemon --stop --retry=TERM/30/KILL/5 --quiet --pidfile $PIDFILE || ret=$?
                  log_end_msg $ret
                else
                  log_action_cont_msg "$PIDFILE not found"
                  log_end_msg 0
                fi
                ;;
        restart|force-reload)
                $0 stop
                $0 start
                ;;
        *)
                echo "Usage: $0 start|stop|restart|force-reload"
                exit 1
                ;;
esac

exit 0
chmod +x /etc/init.d/radiusd
update-rc.d radiusd defaults
update-rc.d radiusd enable

We change the radius /usr/local/freeradius/etc/raddb/radiusd.conf in the config

nano /usr/local/freeradius/etc/raddb/radiusd.conf

  prefix = /usr/local/freeradius
  
  user = freerad
  group = freerad
Thanks to the module sql, you can store access servers in the database (you still need to restart the radius after adding / changing servers, but you don’t need to edit clients.conf). 
Clearing the list of access servers from /usr/local/freeradius/etc/raddb/clients.conf (so that there are no duplicates due to records in the database)
echo '' > /usr/local/freeradius/etc/raddb/clients.conf
Fill in the database connection parameters we need
nano /usr/local/freeradius/etc/raddb/mods-enabled/sql
sql {
        database = "mysql"
        driver = "rlm_sql_${database}"
        server = "localhost"
        #port = 3306
        login = "abills"
        password = "sqlpassword"  #instead of sqlpassword we substitute our value from $conf{dbpasswd}
        radius_db = "abills"
        
#At the very end of the file
        '%secretkey%' change to your value, which is written in $conf{secretkey}
We create user and group. (if freeradius was not previously installed, it will not start without it)
groupadd freerad
useradd -g freerad -s /bash/bash freerad
chown -R freerad:freerad /usr/local/freeradius/etc/raddb
Running radius in debug mode
/usr/sbin/radiusd -X

or

radiusd -X

Check:

radtest test 123456 127.0.0.1:1812 0 secretpass 0 127.0.0.1


If there are no errors, run
service radiusd start

Additionally

Opening the firewall for RADIUS packets
iptables -A ufw-user-input -p udp --dport 1812 -j ACCEPT
iptables -A ufw-user-input -p udp --dport 1813 -j ACCEPT

After install Abills

Wite periodic processes
/etc/crontab
*/5  *      *    *     *   root   /usr/abills/libexec/billd -all
1     0     *    *     *   root    /usr/abills/libexec/periodic daily
1     1     *    *     *   root    /usr/abills/libexec/periodic monthly


and give access to SQL error logging
mkdir -p /usr/abills/var/log
touch /usr/abills/var/log/sql_errors && chmod 666 /usr/abills/var/log/sql_errors
Add links to gzip and mysqldump to create database backups:
ln -s /bin/gzip /usr/bin/gzip
ln -s /usr/bin/mysqldump /usr/local/bin/mysqldump


Web admin interface: (IP address can be found using ip a)

https://your.host:9443/admin/

Default administrator login abills password abills
Web interface for users:

https://your.host:9443/

Check

To check if the service is configured correctly, you need to run the radtest utility by specifying the login and password of an existing user.
Login: test Password: 123456
/usr/local/freeradius/bin/radtest test 123456 127.0.0.1:1812 0 secretpass 0 127.0.0.1
If everything is configured correctly, in the error log Report>Internet>Last connection, the line should appear
2014-12-23 12:55:55 LOG_INFO: AUTH [test] NAS: 1 (xxx.xxx.xxx.xxx) GT: 0.03799
If the error log is empty, then communication with the RADIUS server is not properly configured (go through the FreeRadius section again).
  • No labels