How to install authpuppy and client in debian host

For the authpuppy auth server, the instructions here should work for a Debian machine: http://www.authpuppy.org/doc/Getting_Started

For the client, you need to compile from source. Check out the instructions at http://dev.wifidog.org/wiki/doc/install/debian with sources available from http://sourceforge.net/projects/wifidog/files/wifidog-gateway/

I consider myself as a Linux beginner. I experienced Debian, and even if i were an intermediate user, i would reconsider using it.

It is a long, long, long installation process for what ? For a system who need so many things to download and install to make it work easier and easier is a large word. The Squeeze version of Debian need a lot of patience, cause for each type of files, it is far from being intuitive to managed them.

Yes for a long time user of Linux, may be that's an excellent Linux distro, but there is so many why ? While i went through processes who need something else to install something else to install and it can goes on and on ... all it does is frustration.

I talk about my own experience but i'm surely not the only one thinking like i do. Not being a sudoer ? The system ask a name and password for administration privilege and i can't sudo anything, i have to use another kind of terminal, what's the point ? what's the point ? How to make it easy while it can be worst.

So, i'm just writing a note about those who would consider Debian Linux instead of Ubuntu, and depending on their experiences, for me there is only an answer, later, may later for Debian. For now i get what i want and what i need with Ubuntu without asking "Hey what the ...." .

I know well what you're talking about Andrei is that the installation and customer authpuppy wifidog is very hard, we need to share information and help us, we mount a case study for this, let us help.
any information can help each

I just want be sure that there is no misunderstanding. Authpuppy is a very intuitive an a very well documented system. In fact, it help a lot having what it would be very hard and very complex to make. So there is no problem with Authpuppy, it is in my own opinion a very good and stable interface.

But between Ubuntu and Debian, for a beginner like me, Debian is way too complex, not very intuitive and very hard to managed. I have many example, like this one, making a copy and paste in the terminal windows, it is not possible until with the use of a mouse and it is not possible with the use of the keyboard. There is something to configure to make it possible. So just for something simple as a terminal interface, it is something complex so i was just saying to beginners like me, to try Ubuntu instead of Debian. Debian is so driven by security that it secure itself against the admin, and even against the root user. I used it for a day, and i had all i need to say that i don't want it cause it is so complicated for nothing.

Ubuntu make the management easier. There is an excellent potential in this Linux Distro. So my point of view is only that i would strongly suggest Ubuntu to any beginners like i am to work with and having authpuppy on it. You guys made an excellent job. I would be honored if one day i would be able to participate any further development of Authpuppy.

Thanks for your excellent interface and service,

Sincerly,

André

ahhh .... you referred to is only the complexity of debian, but even so, the complexity of this OS is rewarded in stability

Yes :) In fact, Debian has made his reputation since many years, and on the few knowledge that i have it is a well known Linux OS. But there is so many little anoying things that make this system sometime frustrating. Like copy and paste for example, On one of the preinstalled internet browser it work and on the other one it don't. It may seem kind of a dummy problem, yes there is much more than that, but it remain annoying.

In some case, copy and paste don't work in terminal, as well as the administrative terminal as the regular terminal. Having to paste a line of code in a text based software and copying it again to make it possible to paste it in a terminal is a long way to go to make something very simple who could be, again, very annoying.

For security reasons, i guess that these limitations are there for good. Anyway, i was going to give up on Debian and i give it a try today and tonite, i've worked all night long yesterday (not as a programmer) and it is a kind of challenge for me for taking the time to explore authpuppy as welll as all what it come with.

So thanks again. If i have further question, i will post it here to you Deimer or to Geneviève, you are the two one (i'm sorry if i mayt forget someone that's not intentionnal) that i know. Si vous parlez Français j'en serais ravi aussi mais je crois que c'est préférable de s'exprimer en anglais afin d'atteindre un maximum de personnes.

Have an excellent time !

André

I read the documentation about the installation side of the client. I had the same problem exposed in the localhost ip translation on Ubuntu. It refer to the local ip adress of my pc instead of 127.0.0.1. I have something like couldn't resolve hostname, using 127.0.0.1 as registered ... anyway i'll get back with this issue later during this week end.

Thanks a lot Deimer,

André

Hi André, as I was, what steps you have advanced, I could not continue my attempts, but my problem is basically in the installation of the client. this week I will continue to try and tell them I want to do a manual something more detailed and specific than what is found in the wiki to authpuppy.

Thanks Deimer. I appreciate your words. So, if it is possible, keep me informed about the future step of what you'll do. I would really appreciate it. I work as well as on Ubuntu 12.04 lts as on Debian Squeeze. It seems to me that there is a kind of "two worlds" between the way authpuppy work on one OS and on the other OS. I just wanna add that i don't blame Authpuppy at all but any further information is always good to know to make everything working good.

Thanks again Deimer (sorry about my english writing by the way, i speak french).

André

no ....not quiet, you understand that, besides my native language is Spanish

Hi Deimer,

No, i don't understand what you mean, you said no ... not quiet. What make you unquiet ?

I have friends who are from Colombia and Argentina, both of them speak Spanish. I do understand a bit Spanish but not to speak or write it. My four friends are more confortable speaking french, they have some problem undestanding English but they know how to cope with that. I thought that English speaking was your main language cause you speak it very well.

So if there is something who make you unquiet, you just have to write it, and i'll see what can i do.

André

that such ... after leaving a little aside authpuppy and gateway ... I'm picking up, I want to know how they fared in this theme have been some significant progress with the gateway.
Work on this subject, if anyone has interest.

Hello, I apologize if I'm making something stupid during the configuration process.

I have the following type of equipment:
1 - Authentication server - Authpuppy (ServerA Ubuntu 12)
2 - Gateway wifidog-client (ServerB Centos 5.8)
3 - Clients

The serverA this addressed with the ip 192.168.1.20
ServerB has two network cards:
- Eth0 192.168.1.15/24
- Eth1 172.16.0.1/16
The clients has address 172.16.0.2-5/16

After setting at the gateway wifidog.conf and start with the command wifidog-f-d 7 I have the following response:

##########
]
[7][Mon Jul 23 15:13:16 2012](ping_thread.c:226) Auth Server Says: Pong
[7][Mon Jul 23 15:14:15 2012](auth.c:79) Running fw_counter()
[7][Mon Jul 23 15:14:15 2012](firewall.c:212) Locking client list
[7][Mon Jul 23 15:14:15 2012](firewall.c:212) Client list locked
[7][Mon Jul 23 15:14:15 2012](firewall.c:300) Unlocking client list
[7][Mon Jul 23 15:14:15 2012](firewall.c:300) Client list unlocked
[7][Mon Jul 23 15:14:16 2012](ping_thread.c:78) Running ping()
[7][Mon Jul 23 15:14:16 2012](ping_thread.c:114) Entering ping()
[7][Mon Jul 23 15:14:16 2012](centralserver.c:168) Locking config
[7][Mon Jul 23 15:14:16 2012](centralserver.c:168) Config locked
[7][Mon Jul 23 15:14:16 2012](centralserver.c:210) Level 1: Calculated 1 auth servers in list
[7][Mon Jul 23 15:14:16 2012](centralserver.c:225) Level 1: Resolving auth server [192.168.1.20]
[7][Mon Jul 23 15:14:16 2012](util.c:120) Locking wd_gethostbyname()
[7][Mon Jul 23 15:14:16 2012](util.c:120) wd_gethostbyname() locked
[7][Mon Jul 23 15:14:16 2012](util.c:135) Unlocking wd_gethostbyname()
[7][Mon Jul 23 15:14:16 2012](util.c:135) wd_gethostbyname() unlocked
[7][Mon Jul 23 15:14:16 2012](centralserver.c:279) Level 1: Resolving auth server [192.168.1.20] succeeded = [192.168.1.20]
[7][Mon Jul 23 15:14:16 2012](centralserver.c:304) Level 1: Connecting to auth server 192.168.1.20:80
[7][Mon Jul 23 15:14:16 2012](centralserver.c:330) Level 1: Successfully connected to auth server 192.168.1.20:80
[7][Mon Jul 23 15:14:16 2012](centralserver.c:170) Unlocking config
[7][Mon Jul 23 15:14:16 2012](centralserver.c:170) Config unlocked
[7][Mon Jul 23 15:14:16 2012](centralserver.c:177) Connected to auth server
[7][Mon Jul 23 15:14:16 2012](ping_thread.c:165) HTTP Request to Server: [GET /ping/?gw_id=prueba&sys_uptime=1207&sys_memfree=236272&sys_load=0.00&wifidog_uptime=121 HTTP/1.0
User-Agent: WiFiDog 1.1.2
Host: 192.168.1.20

]
[7][Mon Jul 23 15:14:16 2012](ping_thread.c:169) Reading response
[7][Mon Jul 23 15:14:16 2012](ping_thread.c:197) Read 289 bytes, total now 289
[7][Mon Jul 23 15:14:16 2012](ping_thread.c:215) Done reading reply, total 289 bytes
[7][Mon Jul 23 15:14:16 2012](ping_thread.c:219) HTTP Response from Server: [HTTP/1.0 200 OK
Date: Sun, 22 Jul 2012 04:08:27 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.3.10-1ubuntu3.2
Set-Cookie: authpuppy=6jukjbv8bbbu67ivd83iubqga2; path=/
Vary: Accept-Encoding
Content-Length: 5
Connection: close
Content-Type: text/html; charset=utf-8

#############################################################################

And I modified the iptables rules to:

#############################################################################

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 127.0.0.0/8 127.0.0.0/8
ACCEPT icmp -- anywhere anywhere limit: avg 5/sec burst 5
ACCEPT all -- 172.16.0.0/16 anywhere
ACCEPT udp -- anywhere anywhere udp spt:domain dpts:1024:65535
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 5/sec burst 5
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
WiFiDog_WIFI2Internet all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 172.16.0.1 anywhere
ACCEPT tcp -- 192.168.1.15 anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere
ACCEPT all -- 127.0.0.0/8 127.0.0.0/8
ACCEPT icmp -- anywhere anywhere limit: avg 5/sec burst 5
ACCEPT all -- anywhere 172.16.0.0/16
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED

Chain WiFiDog_AuthServers (1 references)
target prot opt source destination
ACCEPT all -- anywhere 192.168.1.20

Chain WiFiDog_Global (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 69.90.89.192/27
ACCEPT udp -- anywhere 69.90.85.0/27
ACCEPT tcp -- anywhere 69.90.89.205 tcp dpt:http

Chain WiFiDog_Known (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain WiFiDog_Locked (1 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain WiFiDog_Unknown (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain WiFiDog_Validate (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere

Chain WiFiDog_WIFI2Internet (1 references)
target prot opt source destination
WiFiDog_AuthServers all -- anywhere anywhere
WiFiDog_Locked all -- anywhere anywhere MARK match 0x254
WiFiDog_Global all -- anywhere anywhere
WiFiDog_Validate all -- anywhere anywhere MARK match 0x1
WiFiDog_Known all -- anywhere anywhere MARK match 0x2
WiFiDog_Unknown all -- anywhere anywhere

##############################################################################

the question is not redirected to the portal user authentication and need to know if someone else go through this and see what I'm not doing.

My wifidog.conf is this:

# $Header: /cvsroot/wifidog/wifidog/wifidog.conf,v 1.24 2005/04/28 23:26:30 minaguib Exp $
# WiFiDog Configuration file

# Parameter: GatewayID
# Default: default
# Optional but essential for monitoring purposes
#
# Set this to the template ID on the auth server
# this is used to give a customized login page to the clients
# If none is supplied, the default login page will be used.

GatewayID prueba

# Parameter: ExternalInterface
# Default: NONE
# Optional
#
# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise

ExternalInterface eth0

# Parameter: GatewayInterface
# Default: NONE
# Mandatory
#
# Set this to the internal interface. Typically br0 for OpenWrt, and eth1 otherwise

GatewayInterface eth1

# Parameter: GatewayAddress
# Default: Find it from GatewayInterface
# Optional
#
# Set this to the internal IP address of the gateway

GatewayAddress 172.16.0.1

# Parameter: AuthServMaxTries
# Default: 1
# Optional
#
# Sets the number of auth servers the gateway will attempt to contact when a request fails.
# this number should be equal to the number of AuthServer lines in this
# configuration but it should probably not exceed 3.

# AuthServMaxTries 3

# Parameter: AuthServer
# Default: NONE
# Mandatory
#
# Set this to the hostname or IP of your auth server, the path where
# WiFiDog-auth resides and optionally as a second argument, the port it
# listens on.
#AuthServer {
# Hostname (Mandatory; Default: NONE)
# SSLAvailable (Optional; Default: no; Possible values: yes, no)
# SSLPort 443 (Optional; Default: 443)
# HTTPPort 80 (Optional; Default: 80)
# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
#}

AuthServer {
    Hostname 192.168.1.20
    SSLAvailable no
    Path /
}

#AuthServer {
# Hostname auth2.ilesansfil.org
# SSLAvailable yes
# Path /
#}

#AuthServer {
# Hostname auth3.ilesansfil.org
# SSLAvailable yes
# Path /
#}

# Parameter: Daemon
# Default: 1
# Optional
#
# Set this to true if you want to run as a daemon
# Daemon 1

# Parameter: GatewayPort
# Default: 2060
# Optional
#
# Listen on this port
GatewayPort 2060

# Parameter: HTTPDName
# Default: WiFiDog
# Optional
#
# Define what name the HTTPD server will respond
HTTPDName WiFiDog

# Parameter: HTTPDMaxConn
# Default: 10
# Optional
#
# How many sockets to listen to
# HTTPDMaxConn 10

# Parameter: CheckInterval
# Default: 60
# Optional
#
# How many seconds should we wait between timeout checks
CheckInterval 60

# Parameter: ClientTimeout
# Default: 5
# Optional
#
# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
# The timeout will be INTERVAL * TIMEOUT
ClientTimeout 5

# Parameter: FirewallRuleSet
# Default: none
# Mandatory
#
# Groups a number of FirewallRule statements together.

# Parameter: FirewallRule
# Default: none
#
# Define one firewall rule in a rule set.

# Rule Set: global
#
# Used for rules to be applied to all other rulesets except locked.
# This is the default config for the Teliphone service.
FirewallRuleSet global {
    FirewallRule allow udp to 69.90.89.192/27
    FirewallRule allow udp to 69.90.85.0/27
    FirewallRule allow tcp port 80 to 69.90.89.205
}

# Rule Set: validating-users
#
# Used for new users validating their account
FirewallRuleSet validating-users {
    FirewallRule block tcp port 25
    FirewallRule allow to 0.0.0.0/0
}

# Rule Set: known-users
#
# Used for normal validated users.
FirewallRuleSet known-users {
    FirewallRule allow to 0.0.0.0/0
}

# Rule Set: unknown-users
#
# Used for unvalidated users, this is the ruleset that gets redirected.
#
# XXX The redirect code adds the Default DROP clause.
FirewallRuleSet unknown-users {
    FirewallRule allow udp port 53
    FirewallRule allow tcp port 53
    FirewallRule allow udp port 67
    FirewallRule allow tcp port 67
}

# Rule Set: locked-users
#
# Used for users that have been locked out.
FirewallRuleSet locked-users {
    FirewallRule block to 0.0.0.0/0
}

--problem solved---

Dear Deimer,

I just configure wifidog gateway only (without authpuppy yet)

when I run

wifidog -f 0d 7

I get below error message: -

[6][Tue Oct 1 22:19:29 2013][1791](conf.c:638) Reading configuration file '/usr/local/etc/wifidog.conf'
[7][Tue Oct 1 22:19:29 2013][1791](conf.c:676) Parsing token: , value: GatewayID
[3][Tue Oct 1 22:19:29 2013][1791](conf.c:209) /usr/local/etc/wifidog.conf: line 15: Bad configuration option:
[3][Tue Oct 1 22:19:29 2013][1791](conf.c:728) Bad option on line 15 in /usr/local/etc/wifidog.conf.
[3][Tue Oct 1 22:19:29 2013][1791](conf.c:729) Exiting...

Please advise what's goes wrong.

Thank you very much

Danny

My configuration files as below: --

# $Header: /cvsroot/wifidog/wifidog/wifidog.conf,v 1.24 2005/04/28 23:26:30 minaguib Exp $
# WiFiDog Configuration file
#
# Parameter: GatewayID
# Default: default
# Optional but essential for monitoring purposes
#
# Set this to the template ID on the auth server
# this is used to give a customized login page to the clients
# If none is supplied, the default login page will be used.
#
GatewayID testnode
#
# Parameter: ExternalInterface
# Default: NONE
# Optional
#
# Set this to the external interface. Typically vlan1 for OpenWrt, and eth0 or ppp0 otherwise
#
ExternalInterface eth0
#
# Parameter: GatewayInterface
# Default: NONE
# Mandatory
#
# Set this to the internal interface. Typically br0 for OpenWrt, and eth1 otherwise
#
GatewayInterface eth1
#
# Parameter: GatewayAddress
# Default: Find it from GatewayInterface
# Optional
#
# Set this to the internal IP address of the gateway
#
# GatewayAddress 192.168.1.1
#
# Parameter: AuthServMaxTries
# Default: 1
# Optional
#
# Sets the number of auth servers the gateway will attempt to contact when a request fails.
# this number should be equal to the number of AuthServer lines in this
# configuration but it should probably not exceed 3.
#
# AuthServMaxTries 3
#
# Parameter: AuthServer
# Default: NONE
# Mandatory
#
# Set this to the hostname or IP of your auth server, the path where
# WiFiDog-auth resides and optionally as a second argument, the port it
# listens on.
#AuthServer {
# Hostname (Mandatory; Default: NONE)
# SSLAvailable (Optional; Default: no; Possible values: yes, no)
# SSLPort 443 (Optional; Default: 443)
# HTTPPort 80 (Optional; Default: 80)
# Path wifidog/ (Optional; Default: /wifidog/ Note: The path must be both prefixed and suffixed by /. Use a single / for server root.)
#}
#
AuthServer {
Hostname 192.168.1.10
SSLAvailable no
Path /wifidog-auth-1.0.0_m2/wifidog/
}
#
#AuthServer {
# Hostname auth2.ilesansfil.org
# SSLAvailable yes
# Path /
#}
#
#AuthServer {
# Hostname auth3.ilesansfil.org
# SSLAvailable yes
# Path /
#}
#
# Parameter: Daemon
# Default: 1
# Optional
#
# Set this to true if you want to run as a daemon
# Daemon 1
#
# Parameter: GatewayPort
# Default: 2060
# Optional
#
# Listen on this port
# GatewayPort 2060
#
# Parameter: HTTPDName
# Default: WiFiDog
# Optional
#
# Define what name the HTTPD server will respond
# HTTPDName WiFiDog
#
# Parameter: HTTPDMaxConn
# Default: 10
# Optional
#
# How many sockets to listen to
# HTTPDMaxConn 10
#
# Parameter: CheckInterval
# Default: 60
# Optional
#
# How many seconds should we wait between timeout checks
CheckInterval 60
#
# Parameter: ClientTimeout
# Default: 5
# Optional
#
# Set this to the desired of number of CheckInterval of inactivity before a client is logged out
# The timeout will be INTERVAL * TIMEOUT
ClientTimeout 10
#
# Parameter: FirewallRuleSet
# Default: none
# Mandatory
#
# Groups a number of FirewallRule statements together.
#
# Parameter: FirewallRule
# Default: none
#
# Define one firewall rule in a rule set.
#
# Rule Set: global
#
# Used for rules to be applied to all other rulesets except locked.
# This is the default config for the Teliphone service.
FirewallRuleSet global {
FirewallRule allow udp to 69.90.89.192/27
FirewallRule allow udp to 69.90.85.0/27
FirewallRule allow tcp port 80 to 69.90.89.205
}
#
# Rule Set: validating-users
#
# Used for new users validating their account
FirewallRuleSet validating-users {
FirewallRule block tcp port 25
FirewallRule allow to 0.0.0.0/0
}
#
# Rule Set: known-users
#
# Used for normal validated users.
FirewallRuleSet known-users {
FirewallRule allow to 0.0.0.0/0
}
#
# Rule Set: unknown-users
#
# Used for unvalidated users, this is the ruleset that gets redirected.
#
# XXX The redirect code adds the Default DROP clause.
FirewallRuleSet unknown-users {
FirewallRule allow udp port 53
FirewallRule allow tcp port 53
FirewallRule allow udp port 67
FirewallRule allow tcp port 67
}
#
# Rule Set: locked-users
#
# Used for users that have been locked out.
FirewallRuleSet locked-users {
FirewallRule block to 0.0.0.0/0