The version for which the documentation was written
Debian 8.6.0 Debian 9.5.0
Installing ABillS on Debian
The following parameters were used during installation:
SSH Server
Standart system utilities
Let's switch to root mode. (Using the password you entered during installation)
su
Downloading ABillS: At the time of this writing, the current version is 0.92.05 (Check here last version).
cd /usr wget https://netix.dl.sourceforge.net/project/abills/abills/0.78/abills-0.78.30.tgz tar zxvf abills-0.78.30.tgz cp /usr/abills/libexec/config.pl.default /usr/abills/libexec/config.pl
Change the configuration file /usr/abills/libexec/config.pl
#DB configuration $conf{dbhost}='localhost'; $conf{dbname}='abills'; $conf{dbuser}='abills'; $conf{dbpasswd}='sqlpassword'; #change to your password $conf{ADMIN_MAIL}='info@your.domain'; $conf{USERS_MAIL_DOMAIN}="your.domain"; # is used to encrypt admin and user passwords. $conf{secretkey}="test12345678901234567890";
The value of $conf{secretkey} is recommended to be changed from "test12345678901234567890" to a random long string. If you change the value in $conf{secretkey}, change it in the /usr/abills/db/abills.sql file as well
Sutup Software
Update packages and system:
apt-get update -yq && apt-get upgrade -yq apt-get install libperl-dev gcc make -yq
MySQL
Debian 8.xx
apt-get install -yq mariadb-server libmysqlclient-dev
Debian 9.xx
apt-get install -yq mariadb-server libmariadbclient-dev libmariadbclient-dev-compat
Create a user and a database.
mysql --default-character-set=utf8 -u root
In the mysql console do:
GRANT ALL ON abills.* TO `abills`@localhost IDENTIFIED BY "sqlpassword"; -- instead of sqlpassword we substitute our value from $conf{dbpasswd} CREATE DATABASE abills DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; flush privileges; quit;
Loading tables into the database.
cd /usr/abills/db/ mysql --default-character-set=utf8 -D abills < abills.sql
If Invalid default value for 'registration' occurs, execute
sed -i -e "1 s/^/SET SQL_MODE='NO_ENGINE_SUBSTITUTION,NO_AUTO_VALUE_ON_ZERO';/;" /usr/abills/db/abills.sql mysql --default-character-set=utf8 -u root -D abills < /usr/abills/db/abills.sql
Web Server
Apache
Installing Apache
apt-get install -yq apache2
We create certificates.
/usr/abills/misc/certs_create.sh apache
Copy the finished Apache config to the apache external configurations folder.
Apache 2.4
cp /usr/abills/misc/apache/abills_httpd.conf /etc/apache2/sites-enabled/
Enable modules for Apache:
a2enmod ssl a2enmod rewrite a2enmod suexec a2enmod include a2enmod cgid
Create an Abills error log file
mkdir /var/log/httpd touch /var/log/httpd/abills-error.log service apache2 restart
Perl modules
Modules are required for the system to work.
cd /usr/abills/misc/ && perl perldeps.pl apt-get -batch
For a better life in the future:
apt-get install -yq cpanminus
If some modules are not installed, you can install them
cpanm <ModuleName>
For example not installed Digest::SHA1
, run:
cpanm Digest::SHA1
FreeRadius
Install
All ./configure warnings except rlm_perl and rlm_sql_mysql can be ignored.
Install libmysqlclient and libmysqlclient-dev on the remote server
Check PERL
apt-get install libperl-dev -yq find /usr/lib/ | grep libperl.so /usr/lib/x86_64-linux-gnu/libperl.so.5.22 /usr/lib/x86_64-linux-gnu/libperl.so.5.22.1
We make a symlink so that the library is loaded at compile time
ln -s /usr/lib/x86_64-linux-gnu/libperl.so.5.22 /usr/lib/x86_64-linux-gnu/libperl.so
apt-get install -yq gcc make libtalloc-dev cd /tmp wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.17.tar.gz tar zxvf freeradius-server-3.0.17.tar.gz cd freeradius-server-3.0.17 ./configure --prefix=/usr/local/freeradius --with-rlm-perl-lib-dir=/usr/lib/x86_64-linux-gnu/ \ --with-dhcp=yes --with-openssl=no > /dev/null make && make install
Setup
cd /usr/abills rm /usr/local/freeradius/etc/raddb/sites-enabled/* cp misc/freeradius/v3/mods-enabled/perl /usr/local/freeradius/etc/raddb/mods-enabled/perl cp misc/freeradius/v3/mods-enabled/sql /usr/local/freeradius/etc/raddb/mods-enabled/sql cp misc/freeradius/v3/sites-enabled/abills_default /usr/local/freeradius/etc/raddb/sites-enabled/abills_default cp misc/freeradius/v3/sites-enabled/control-socket /usr/local/freeradius/etc/raddb/sites-enabled/control-socket cp misc/freeradius/v3/users /usr/local/freeradius/etc/raddb/users ln -s /usr/local/freeradius/bin/* /usr/bin/ ln -s /usr/local/freeradius/sbin/* /usr/sbin/
File for autorun - create and paste the following text into it
nano /etc/init.d/radiusd
chmod +x /etc/init.d/radiusd update-rc.d radiusd defaults update-rc.d radiusd enable
We change the radius /usr/local/freeradius/etc/raddb/radiusd.conf in the config
nano /usr/local/freeradius/etc/raddb/radiusd.conf prefix = /usr/local/freeradius user = freerad group = freerad
Thanks to the module sql
, you can store access servers in the database (you still need to restart the radius after adding / changing servers, but you don’t need to edit clients.conf).
Clearing the list of access servers from /usr/local/freeradius/etc/raddb/clients.conf (so that there are no duplicates due to records in the database)
echo '' > /usr/local/freeradius/etc/raddb/clients.conf
Fill in the database connection parameters we need
nano /usr/local/freeradius/etc/raddb/mods-enabled/sql
sql { database = "mysql" driver = "rlm_sql_${database}" server = "localhost" #port = 3306 login = "abills" password = "sqlpassword" #instead of sqlpassword we substitute our value from $conf{dbpasswd} radius_db = "abills" #At the very end of the file '%secretkey%' change to your value, which is written in $conf{secretkey}
We create user and group. (if freeradius was not previously installed, it will not start without it)
groupadd freerad useradd -g freerad -s /bash/bash freerad chown -R freerad:freerad /usr/local/freeradius/etc/raddb
Running radius in debug mode
/usr/sbin/radiusd -X
or
radiusd -X
Check:
radtest test 123456 127.0.0.1:1812 0 secretpass 0 127.0.0.1
If there are no errors, run
service radiusd start
Additionally
Opening the firewall for RADIUS packets
iptables -A ufw-user-input -p udp --dport 1812 -j ACCEPT iptables -A ufw-user-input -p udp --dport 1813 -j ACCEPT
After install Abills
Wite periodic processes
/etc/crontab
*/5 * * * * root /usr/abills/libexec/billd -all 1 0 * * * root /usr/abills/libexec/periodic daily 1 1 * * * root /usr/abills/libexec/periodic monthly
and give access to SQL error logging
mkdir -p /usr/abills/var/log touch /usr/abills/var/log/sql_errors && chmod 666 /usr/abills/var/log/sql_errors
Add links to gzip and mysqldump to create database backups:
ln -s /bin/gzip /usr/bin/gzip ln -s /usr/bin/mysqldump /usr/local/bin/mysqldump
Web admin interface: (IP address can be found using ip a)
Default administrator login abills password abills
Web interface for users:
Check
To check if the service is configured correctly, you need to run the radtest utility by specifying the login and password of an existing user.
Login: test Password: 123456
/usr/local/freeradius/bin/radtest test 123456 127.0.0.1:1812 0 secretpass 0 127.0.0.1
If everything is configured correctly, in the error log Report>Internet>Last connection, the line should appear
2014-12-23 12:55:55 LOG_INFO: AUTH [test] NAS: 1 (xxx.xxx.xxx.xxx) GT: 0.03799
If the error log is empty, then communication with the RADIUS server is not properly configured (go through the FreeRadius section again).