$Id: INSTALL 1 2005-11-22 20:32:00Z ggw $ This is a production release of the mysqlRadius OpenISP subsytem. It is currently being used in production by many ISP's, so we decided to keep releasing what we have so far, even though not much documentation and migration tools are available. Also the multilevel admin system (Root,Admin,Reseller,Customer) has not been tested yet. Root level use seems to work fine. mysqlRadacct is also available for direct to MySQL radius accounting info logging and some basic report generation as well as autohold account and smtp- after-auth for mysqlSendmail controlled SMTP servers. mysqlRadacct requires the installation of our patched Cistron 1.6.6 radiusd. The patch, Cistron 1.6.6 source and mysqlRadacct should all be available at the http://openisp.net/mysqlRadius project home page. Now this all comes with mysqlRadacct tar.gz. We are available to help you get this powerful radius management system working so contact us if you need help. We have also used it to setup RADIUS proxy services. It was very easy. (Large ISP selling national dialup POPs to smaller ISP's with own RADIUS server.) --- Prerequisites MySQL server and client libs installed and running on same server as the application. You must know the root password. Firewall and otherwise protect your mySQL ports. Must have a running Apache server on the same server with cgi capabilities. Should be SSL enabled if possible (see below for intranet or other just "testing" non-SSL setup) Cistron radiusd 1.6.6 compiled and installed on your server. We recommend using our mysqlRadacct and mysqlSendmail aware modified version. --- Example BASH Install Instructions shell> tar xzf mysqlRadiusN.M.tar.gz (Where N.M is the last release from openisp.net site) shell> cd mysqlRadius shell> export CGIDIR=/apache/cgi-bin/ (or whatever your Apache cgi-bin dir is) shell> vi local.h shell> make shell> make install (Only if make worked clean...you may bring down a working application!) shell> export ISMROOT=/home/joe (or whatever dir the mysql application project dir is in) --- New installs only shell> /cgi-bin/mysqlRadius.cgi Initialize (This will setup application and allow you to login as user "Root" password "wsxedc") --- SSL Setup If you have an SSL server handy edit local.h remove commented out: //#define SSLONLY like so... #define SSLONLY Then shell>make clean shell>make install --- Upgrading to 1.3+ safe shell> /cgi-bin/mysqlRadius.cgi UpgradeSchema (This will ALTER some mySQL tables, non-destructively) --- Read More Please continue with deployment and operation instructions in docs/tutorial.html --- Standard OpenISP setup and backup operations (Loose instructions adjust to fit for your particular setup) shell>useradd -d openisp -s /bin/nologin (this may have been done standard in mysqlISP setup) shell>mkdir -p ~openisp/mysqlRadius/data shell>chown mysql ~openisp/mysqlRadius/data shell>crontab -e Adding the following: Where mysqlpasswd is replaced by YOUR real mysql root passwd. # #mysqlRadius # ##backup 20 3 * * * export ISMROOT=~openisp;/cgi-bin/mysqlRadius.cgi Backup mysqlpasswd > /dev/null --- Other backup ideas You should probably cross server backup all your OpenISP module data like shown below. Note that this involves using GRANT ALL mysql statements and a very secure internal ISP LAN. See mysql manual. Think about ISP organization with edge servers with 2 NICs and an ISP admin firewall zone with the mysql database server or replication cluster servers. All servers should have internal mirror backup drives or other cheap fast and reliable backup system (NFS and cpio in ISP admin firewall zone?) shell>crontab -e Add something like the following after setting up mysql for remote access from ONLY the IP in question in a VERY secure LAN (non routable IP's...switched hubs...behind firewall...etc) #Extra backup of mysqlRadius data only even days, using mysqldump from 192.168.100.23 20 4 * * */2 /usr/local/mysql/bin/mysqldump -e -h 192.168.0.43 -u mysqlradius -pwsxedc --all mysqlradius > ~openisp/mysqlRadius/data/dumpall.txt --- Loose your data and your fired Don't be lazy backup and rebackup and database warehouse your mission critical data ALWAYS! Need help contact us! --- Legalese This doc is GPL. Don't forget to give us credit when you quote this stuff. (C) 2003-2004 Gary Wallis. --- Thanks Cistron Internet Services. Michael Hilton. Ron Fenlon. Miquel a real RADIUS guru. (But...Get that dang FreeRadius server stable and the mysql support flexible and cleaner.) --- vim:tw=78