Membuat Authentikasi Hotspot dengan NoCat
Tips ini buat rekan rekan yang ingin membuat hotspot, dan membutuhkan ‘portal captive’ sebagai medium authentikasi user berdasarkan point point umum ; username, password, ip address dan mac, aplikasi yang saya tuliskan disini menggunakan NoCat versi 0.82 , saat ini sudah tentu ada release terbaru yang bisa di download di alamat http://nocat.net/download/NoCatAuth/ , maaf kalau tips kali ini tidak saya jelaskan secara rinci karena waktu yang nggak banyak, jadi mohon maaf kalo banyak kekurangan mengingat tips ini tips lama.
Langsung ke proses installasi :
Ekstrak File Installasi Nocat
[root@server]# tar xvfz NoCatAuth_INFN.tar.gz
[root@server]# cd NoCatAuth-0.82_INFN/
Untuk install nocat gateway dan server authentikasi pada mesin yang sama lakukan langkah berikut :
1. Installasi NoCat Gateway :
[root@server]# make PREFIX=/usr/local/nocat/gw gateway .
[root@server NoCatAuth-0.82_INFN]# make PREFIX=/usr/local/nocat/gw gateway
Looking for gpgv…
Checking for firewall compatibility: /sbin/iptables found.
libexec/iptables/access.fw -> bin/access.fw
libexec/iptables/clear.fw -> bin/clear.fw
libexec/iptables/dump.fw -> bin/dump.fw
libexec/iptables/initialize.fw -> bin/initialize.fw
libexec/iptables/reset.fw -> bin/reset.fw
libexec/iptables/throttle.fw -> bin/throttle.fw
/sbin/iptables -> bin/iptables
[ -d /usr/local/nocat/gw ] || mkdir -p /usr/local/nocat/gw
chmod 755 /usr/local/nocat/gw
[ -d /usr/local/nocat/gw/htdocs ] || cp -R htdocs /usr/local/nocat/gw
cp -R bin /usr/local/nocat/gw
Installing NoCat to /usr/local/nocat/gw…
cp -R lib pgp /usr/local/nocat/gw
[ -f /usr/local/nocat/gw/nocat.conf ] || \
perl -pe ’s#/usr/local/nocat#/usr/local/nocat/gw#g’ gateway.conf \
> /usr/local/nocat/gw/nocat.conf
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Congratulations!
NoCat gateway is installed. To start it, check
/usr/local/nocat/gw/nocat.conf, then run bin/gateway
as root.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
2. Installasi NoCat Authentikasi server :
[root@server]# make PREFIX=/usr/local/nocat/authserv authserv
[root@server NoCatAuth-0.82_INFN]# make PREFIX=/usr/local/nocat/authserv authserv
Looking for gpg…
[ -d /usr/local/nocat/authserv ] || mkdir -p /usr/local/nocat/authserv
chmod 755 /usr/local/nocat/authserv
[ -d /usr/local/nocat/authserv/htdocs ] || cp -R htdocs /usr/local/nocat/authserv
cp -R bin /usr/local/nocat/authserv
Installing NoCat to /usr/local/nocat/authserv…
cp -R lib pgp /usr/local/nocat/authserv
[ -d /usr/local/nocat/authserv/etc ] || mkdir /usr/local/nocat/authserv/etc
cp -R etc/passwd /usr/local/nocat/authserv/etc
cp -R etc/group /usr/local/nocat/authserv/etc
cp -R etc/groupadm /usr/local/nocat/authserv/etc
cp -R cgi-bin /usr/local/nocat/authserv
[ -f /usr/local/nocat/authserv/nocat.conf ] || \
perl -pe ’s#/usr/local/nocat#/usr/local/nocat/authserv#g’ authserv.conf \
> /usr/local/nocat/authserv/nocat.conf
[ -f /usr/local/nocat/authserv/httpd.conf ] || \
perl -pe ’s#/usr/local/nocat#/usr/local/nocat/authserv#g’ etc/authserv.conf \
> /usr/local/nocat/authserv/httpd.conf
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Congratulations! NoCat Authserv is installed.
You will find a database schema in etc/nocat.schema.
You will find suitable defaults to include in your Apache configuration
in /usr/local/nocat/authserv/httpd.conf.
You may wish to run ‘make pgpkey’ now to generate your service’s PGP keys.
GOOD LUCK!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
3. Membuat PGP key :
[root@server]# make PREFIX=/usr/local/nocat/authserv pgpkey
Looking for gpg…
[ -d /usr/local/nocat/pgp ] || mkdir /usr/local/nocat/pgp
chmod 700 /usr/local/nocat/pgp
gpg –homedir=/usr/local/nocat/pgp –gen-key
gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: keyring `/usr/local/nocat/pgp/secring.gpg’ created
gpg: keyring `/usr/local/nocat/pgp/pubring.gpg’ created
Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) RSA (sign only)
Your selection? 4
What keysize do you want? (1024)
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct (y/n)? y
You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: administrator
Email address: kayudha@quasarmail.net
Comment: net-admin
You selected this USER-ID:
"administrator (net-admin) <kayudha@quasarmail.net>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
……+++++
gpg: /usr/local/nocat/pgp/trustdb.gpg: trustdb created
public and secret key created and signed.
key marked as ultimately trusted.
pub 1024R/76AB4A22 2007-02-06 administrator (net-admin) <kayudha@quasarmail.net>
Key fingerprint = 13A7 6F35 E348 1FA8 BD26 EA83 9A00 59A4 76AB 4A22
Note that this key cannot be used for encryption. You may want to use
the command "–edit-key" to generate a secondary key for this purpose.
cp -R /usr/local/nocat/pgp/pubring.gpg /usr/local/nocat/trustedkeys.gpg
Be sure to make your /usr/local/nocat/pgp directory readable *only* by the user
your httpd runs as.
The public key ring you’ll need to distribute can be found in
/usr/local/nocat/trustedkeys.gpg.
[root@server NoCatAuth-0.82_INFN]# cp /usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gw/pgp
[root@server NoCatAuth-0.82_INFN]# chown -R apache.apache /usr/local/nocat/authserv/pgp
[root@server NoCatAuth-0.82_INFN]# ls /usr/local/nocat/trustedkeys.gpg
/usr/local/nocat/trustedkeys.gpg
4. Memasukkan init script :
[root@server NoCatAuth-0.82_INFN]# wget http://trip.ge.infn.it/software/config_file/nocat/nocatgw
–18:20:46– http://trip.ge.infn.it/software/config_file/nocat/nocatgw
=> `nocatgw’
Resolving trip.ge.infn.it… 193.206.144.22
Connecting to trip.ge.infn.it[193.206.144.22]:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 956 [text/plain]
100%[=================================================================================>] 956 –.–K/s
18:20:47 (9.12 MB/s) - `nocatgw’ saved [956/956]
[root@server NoCatAuth-0.82_INFN]# cp nocatgw /etc/init.d ; chmod 755 /etc/init.d/nocatgw
[root@server NoCatAuth-0.82_INFN]# chkconfig –add nocatgw
[root@server NoCatAuth-0.82_INFN]# chkconfig –level 345 nocatgw on
5. Melakukan konfigurasi pada HTTPD server :
[root@server NoCatAuth-0.82_INFN]# cp /usr/local/nocat/authserv/httpd.conf /etc/httpd/conf/nocat.conf
[root@server NoCatAuth-0.82_INFN]# echo "include conf/nocat.conf" >> /etc/httpd/conf/httpd.conf
[root@serverm NoCatAuth-0.82_INFN]# vi /etc/httpd/conf/httpd.conf
Tambahkan line :
<Directory "/usr/local/nocat/htdocs">
AllowOverride None
Order allow,deny
Allow from all
</Directory>
[root@server NoCatAuth-0.82_INFN]# service httpd restart
6. Menjalankan NoCat :
[root@server NoCatAuth-0.82_INFN]# service nocatgw start
nah dari sisi client coba browsing ke alamat internet, secara otomatis akan diarahkan ke form login user NoCat.
Lain kesempatan akan saya sampaikan untuk setting authentikasi hotspot di Mikrotik atau mungkin dengan FreeRadius, tapi nanti karena belum sempat ngetik dan udah ngantuk, maaf ya maaf …
Buat rekan rekan yang ingin sharing informasi seputar IT, Linux , Wireless dan laen laen silahkan, saya sangat senang dan terbuka untuk dapat berdiskusi, dengan semua kekurangan yang saya miliki semoga dapat membantu.
by : kayudha
reacheable at : +628156271789
