wifidog+authpuppy搭建WiFi 认证平台

0:前提
其实搭建认证环境都是基础,重要的是要对WiFidog的代码进行详细的研究,了解清楚wifidog与authpuppy之间进行了哪些数据交互,WiFidog的程序框架及iptables的建立及生效规则,这才是重点。WiFidog和之前nodogsplash的代码90%是一样的,只是之前没有研究nodogsplash的外部认证机制。
WiFidog可以通过外部认证来控制用户的上网行为,此处的外部认证接口就是:authpuppy。

1:authpuppy安装之前准备
在安装authpuppy的过程遇到很多问题,但是都能根据网上其他朋友的提示可以搞定,我将自己想要的配置文件copy上来。

[root@localhost /etc]$cat host.conf   
multi on  
order hosts,bind  
[root@localhost /etc]$cat hosts  
127.0.0.1       localhost.localdomain   localhost  
127.0.0.1       authpuppy.localhost  


::1         localhost6 localhost6.localdomain localhost6 localhost6.localdomain6

之后就是 httpd相关的配置文件:
/etc/httpd/conf]$cat httpd.conf
同时常用的命令如下:
service httpd restart,service mysqld restart等

其配置文件中主要就是配置一个虚拟目录.其配置内容如下:

<VirtualHost *:80>  
    ServerAdmin webmaster@test  
    ServerName authpuppy.localhost  
    ServerAlias authpuppy.test  

    DocumentRoot "/var/www/"  
    DirectoryIndex index.php  

   <Directory /var/www/authpuppy/web/>  
          Options Indexes FollowSymLinks MultiViews  
          AllowOverride All  
          Order allow,deny  
          allow from all  
  </Directory>  


  Alias /sf /var/www/authpuppy/lib/vendor/symfony/data/web/sf  
  <Directory "/var/www/authpuppy/lib/vendor/symfony/data/web/sf">  
          AllowOverride All  
          Allow from All  
  </Directory>  



    ErrorLog /var/log/httpd/error.log  
    # Possible values include: debug, info, notice, warn, error,crit,  
    # alert, emerg.  
    LogLevel warn  

    CustomLog /var/log/httpd/access.log combined  

</VirtualHost>  
[root@localhost /etc/httpd/conf]$cat httpd.conf 

其中可以看出:

ServerName authpuppy.localhost
DocumentRoot "/var/www/"   #web的根目录
DirectoryIndex index.php   #访问的主页http://192.168.0.142/authpuppy/web/index.php
<Directory /var/www/authpuppy/web/> #authpuppy的目录位置
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Order allow,deny
          allow from all
</Directory>

authpuppy的目录位置及结构如下:
QQ截图20141216162755.png

建立好上面的环境之后,下面就要建立MySQL数据库。建立好的数据如下:

[root@localhost ~]$mysql  
Welcome to the MySQL monitor.  Commands end with ; or \g.  
Your MySQL connection id is 813  
Server version: 5.1.47 Source distribution  

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.  
This software comes with ABSOLUTELY NO WARRANTY. This is free software,  
and you are welcome to modify and redistribute it under the GPL v2 license  

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.  

mysql> show databases;  
+--------------------+  
| Database           |  
+--------------------+  
| information_schema |  
| authpuppy          |  
| mysql              |  
+--------------------+  
3 rows in set (0.01 sec)  

mysql> use authpuppy;  
Reading table information for completion of table and column names  
You can turn off this feature to get a quicker startup with -A  

Database changed  
mysql> show tables;  
+---------------------------+  
| Tables_in_authpuppy       |  
+---------------------------+  
| ap_applicable_policies    |  
| ap_connection_policies    |  
| ap_node_authenticators    |  
| ap_node_policies          |  
| ap_node_user_bypass       |  
| ap_plugin_config          |  
| ap_plugins_migrations     |  
| ap_user                   |  
| ap_user_remember_me       |  
| connections               |  
| migration_version         |  
| nodes                     |  
| sf_guard_forgot_password  |  
| sf_guard_group            |  
| sf_guard_group_permission |  
| sf_guard_permission       |  
| sf_guard_remember_key     |  
| sf_guard_user             |  
| sf_guard_user_group       |  
| sf_guard_user_permission  |  
+---------------------------+  
20 rows in set (0.00 sec)  

mysql> slect * from ap_user;  
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'slect * from ap_user' at line 1  
mysql> select * from ap_user;  
+----+----------+--------------------------+--------------------+---------------------+------------------------------------------+--------+----------------+  
| id | username | password                 | email              | registered_on       | validation_token                         | status | username_lower |  
+----+----------+--------------------------+--------------------+---------------------+------------------------------------------+--------+----------------+  
|  1 | suiyuan  | H9hK9mgDAXdJnkYghQczkQ== | suiyuan626@163.com | 2014-06-10 16:05:25 | eda2838b1543e16fcfd7da6064886be67c544042 |      5 | suiyuan        |  
|  4 | xue      | H9hK9mgDAXdJnkYghQczkQ== | xue626@163.com     | 2014-06-10 17:04:07 | 117b0cd467900c59b9e60bb52719ce3551d321ce |      5 | xue            |  
+----+----------+--------------------------+--------------------+---------------------+------------------------------------------+--------+----------------+  
2 rows in set (0.00 sec)  

mysql>   

其中上面是创建的俩个用户,是通过authpuppy的管理界面来创建的,用户在认证的时候只有输入正确的用户名及密码才能才算认证通过。同时如果不创建数据库,在启动authpuppy的时候会告诉缺少相应的文件目录。

3:安装过程
由于我们已经安装成功了,安装的过程中没有怎么抓图。

2.png

其中过一定要记住上面的用户名及密码,后面登陆的时候要用到,最好也写一个邮箱地址,如果忘记密码也可以找回来。
当安装成功之后访问:http://192.168.0.142/authpuppy/web/index.php
如下界面:
4.png

输入之前的用户名及密码(第二张图片上面的用户名及密码)。登陆之后的界面如下:
3.png

之后就可以安装插件,现在随便看看几个菜单。
6.png

上面就是数据库里面创建的用户suiyaun(用户已此用户名进行登陆认证的)的上网的一些信息。

wifidog运行时的配置文件,其实配置文件只需要几个关键的参数就可以运行。

# WiFiDog Configuration file  

GatewayID 123456789  

ExternalInterface eth0  

GatewayInterface br0  

HtmlMessageFile /opt/wifidog/etc/wifidog-.html  


AuthServer {  
    Hostname 192.168.0.142  
    SSLAvailable no  
    Path /authpuppy/web/  
}  

CheckInterval 60  

# The timeout will be INTERVAL * TIMEOUT  
ClientTimeout 5  

# Parameter: TrustedMACList  
# Comma separated list of MAC addresses who are allowed to pass  
# through without authentication  
#TrustedMACList 00:00:DE:AD:BE:AF,00:00:C0:1D:F0:0D  


FirewallRuleSet validating-users {  
    FirewallRule allow to 0.0.0.0/0  
}  


FirewallRuleSet known-users {  
    FirewallRule allow to 0.0.0.0/0  
}  


FirewallRuleSet unknown-users {  
    FirewallRule allow udp port 53  
    FirewallRule allow tcp port 53  
    FirewallRule allow udp port 67  
    FirewallRule allow tcp port 67  
}  

FirewallRuleSet locked-users {  
    FirewallRule block to 0.0.0.0/0  
}  

本文章由 http://www.wifidog.pro/2014/12/16/wifidog-authpuppy%E6%90%AD%E5%BB%BA.html 整理编辑,转载请注明出处

标签: wifidog认证 wifidog安装 wifidog原理 wifidog分析 wifidog配置 wifidog流程 wifidog服务器 wifidog-ddwrt wifidog openwrt