(TATiUC)

Final Year Project Session 2008/2009

Title Wi-Fi ADMINISTRATOR SYSTEM FOR TATi UNIVERSITY COLLEGE HOTEL

By Muhammad Azri Bin Omar 07A05025

Diploma in ICT (Networking) Faculty of Computer, Media & Technology Networking Department

WIRELESS ADMINISTRATOR SYSTEM FOR TATiUC HOTEL

DNT 3053 FINAL YEAR PROJECT

TATi UNIVERSITY COLLEGE JALAN PANCHOR, TELOK KALONG, 24000 KEMAMAN, TERENGGANU DARUL IMAN. TEL: 09-8633863 FAX: 09-8635863 WEBSITE: http//:www.tati.edu.com.my

ACKNOWLEDGEMENT First and foremost, thanks to God the Almighty for showing us inner peace and all blessing. I would like to express our gratitude to all those who gave us the possibility to complete this final project. We want to thanks all of TATiUC staffs especially to Department of Property Development and Management and Information Technology Service Center for giving us permission to commence this project in the first instance, to do the necessary research work and use departmental data. I am deeply indebted to my supervisor Mr. Tamizan Bin Abu Bakar who helps, stimulating suggestions and encouragement in all the time of research for and writing of this project. We would also like to thank our lecturers who guide with their brilliant and fabulous ideas towards this project. Our special thanks go to Mdm. Azliza Binti Yacob, Mdm Noor Suhana Binti Sulaiman, Mdm Nor Sukinah and Mr. Akhyari Bin Nasir. My parents who always inspire me to work hard and to be positive at all time. They also, deserve a special word of gratitude and dedicate from us. Last but not least, to my colleagues who support us in our research work, I want to thank you for all help, support, interest and valuable hints.

DECLARATION PROJECT:
Wi-Fi ADMINISTRATOR SYSTEM FOR TATiUC HOTEL

PREPARED BY: MUHAMMAD AZRI BIN OMAR (07A05025) As pre-requisite to Final Year Project to get Diploma in ICT (Networking), I state that this is my own work and has not been copied from other materials without reference. This report has been received for checking by supervisor

MR. TAMIZAN BIN ABU BAKAR Supervisor (Head of Department) Diploma in ICT (Networking) Faculty of Computer, Media & Technology Networking Department

CONTENTS Title Acknowledgement Declaration Abstract Contents 1.0 Introduction 1.1 Introduction to Final Year Project 1.2 Project Background 1.3 Literature Review 1.3.1 Fact Finding 1.3.2 The Current Problem and Solutions. 2.0 Project Definition 2.1 Project Objective 2.2 Project Scope 3.0 Methodology 3.1 System Development Methodologies 3.2 User Requirements 3.3 System Requirements 3.3.1 Hardware Requirements 3.3.2 Software Requirements 3.4 System Specification 3.4.1 Input Specification 3.4.2 Output Specification 3.4.3 Physical Connection 3.5 System Design 3.5.1 Flow Chart 3.5.2 Data Flow Diagram 3.5.3 Entity Relationship Diagram 3.5.4 Physical Database Design 4.0 System Configuration and Coding 4.1 Data Dictionary 4.2 Coding

5.0 Implementation 5.1 Unit Testing 5.2 Integration Testing 5.3 System Testing 6.0 Conclusion 6.1 System Advantages 6.2 System Disadvantages 6.3 System Justification

1.0

INTRODUCTION

Wi-Fi is by far the most economical and pervasive technology for next generation hotspots services, 802.11b (Wi-Fi) is currently the most successful implementation of 802.11. Its fast and easy to implement, offering a full range of standards-based product infrastructure. 802.11a, with its greater throughput than 802.11b, is more appropriate for video and multimedia applications. Products that support 802.11a are only beginning to appear and are likely to be more expensive than typical Wi-Fi solutions.

1.1

INTRODUCTION TO FINAL YEAR PROJECT

Final Year Project is an important task to be completed for the skill diploma courses which are required for all final year students. Here, each student is assigned a supervisor who gives supports, guidance and guidelines. Then the final year project will decide whether the student is qualified to be graduated or not. For this final year project, the concerned student decided to do the task given individually or grouped. To finish the project, the student has met with his supervisor frequently for at least once a week. Somehow some other lecturers opinions and advices are taken into consideration to make the project be a successful one. The purpose of my project is to develop a Wi-Fi Administrator System for the new TATiUC Hotel. Project management and monitoring is very important for every project. Starting from project planning, I will do project scheduling using Gantt chart. After completion of the project, I need to submit documentation in a form of dissertation.

1.2

PROJECT BACKGROUND

1.3

LITERATURE VIEW

A book: Julie C Meloni (2003). Sams Teach Yourself PHP,MySQL, and Apache in 24 Hours by Sams Publishing. Kings Information Co., Ltd( 2004). Siri DIY Lanjutan : Mengongsi Rangkaian Tanpa Wayar Wi-Fi. : Venton Publishing (M) Sdn Bhd.

2.0

PROJECT DEFINITION 2.1 PROJECT OBJECTIVE

The main objective of the problem is build a network that using Wi-Fi that provide a secured connection, easy controlling system and manage the user that called WiFi Administrator System. To control and monitor the user. This system are able the administrator to control the user used. The RADIUS will disconnect the user when they reach their maximum session time where stored in database. Administrator able disables the user connection. To reduce cost buying the Hotspot product. This system is 100% develop using open source software that completely free. Generate Income provide the internet service. Hotel may charge for the service depends on the plan, session time and the speed that subscribes by the user. Internet service may the factor of the feasibility to attract the customer to come again.

Prevent the non-customer (unauthorized) used the internet connection illegal. This system are avoids the illegal user and also provide the security of the TATiUC Hotel network.

2.2

PROJECT SCOPE

This project is mainly for the TATiUC Hotel customer used. The Wi-Fi Administrator system may support the number of the maximum 200 and above of user. The

administrator of the Wi-Fi generally is the staff of the hotel. Develop using 100% of open source software. The Administrator has the full power to control the Wi-Fi user. This service only implement on all area of Hotel that depend on the coverage of Wi-Fi signal. The customers only need to bring their own notebook or any wireless support device that able to surf internet. Support of resent browser used.

3.0

METHODOLOGY 3.1 SYSTEM DEVELOPMENT METHODOLOGIES

System Development Life Cycle

Structure analysis uses a technique call the System Development Life Cycle (SDLC) to plan and managed the system process. Although it is primarily identified with structured analysis, the SDLC describes the activities and function of the system fit into particular methodology. The SDLC model includes the following steps:System planning System analysis Find out all the information about Hotspot and how its work. Find all the information about the Hotspot product and solution.

System design System implementation

System operation and support

3.2

USER REQUIREMENT

User requirements are based on what the user needs through the delivering of what they are request. Below are the results from the feasibility study on the proposal system. HARDWARE a) Wireless (802.11a,b,g) and internet Support Device. DESCRIPTION Notebook, PDA, Mobile PC. Windows 98,2000,ME, XP, Mobile or latest Support in Symbian OS (Mobile PC) Pentium III, Pentium 4, or highest (Notebook). Modem or LAN internet support.

SOFTWARE a) Browser Support

DESCRIPTION Mozilla Firefox version 2.0 or latest. Internet Explorer (IE) version 6 or latest. Flash Player Installed. ActiveX installed for IE. Support in Opera and Safari Environment.

3.2 SYSTEM REQUIREMENT 3.2.1 Hardware Requirement

HARDWARE a) Personal Computer

DESCRIPTION Work as Hotspot Server Pentium III, Pentium 4, or highest. Modem or LAN internet support. 512 MB or higher RAM. 2 Unit Network Interface Card Depend on the Coverage area needed. Bridge Connection. Using Wireless Distribution System (WDS).

b) Access Point 802.11 a,b,g

3.2.2 SOFTWARE

Software Requirement DESCRIPTION CentOS 4.8 (Final) Installed in Server Mode. MySQL Server Ver. 4.1.22 Keep database user / customer information. FreeRADIUS Server Ver. 2.0.5 Control user session. Reject un-authorized user. Coova Chilli 1.0.12 Assign client DHCP. Walled garden captive portal login page. For the Web page, and work as the web server VNC 4.2.3 Google putty Ntop Macromedia Dreamweaver MX 2004 Gedit Text Editor Vi Text Editor Adobe Photoshop CS3 Paint Microsoft Office Word 2008

a) Server Operating System (OS) b) MySQL Server

c) RADIUS Server

d) Coova Chilli

e) Apache Server f) Remote Monitoring

g) Coding Editor

h) Graphic Editor i) Documentation

3.3 SYSTEM SPECIFICATION

3.3.1

INPUT SERVICE

The interface of this system, have been develop using the Macromedia Dreamweaver MX 2004. Its containing 4 page exclude login page that using the Coova Chilli captive portal. There are Index.htm form.php status.php location.htm login.php (administrator login form)

Main page (Index.htm)

Home

Figure ## For the first time hotel client connected in the open SSID name TATiUC Hotel Wi-Fi or any name that have been set in the Access Point (AP), They will assign by the system DHCP IP address start from 10.0.0.11 and above. Then when they open the browser, the system will redirect to this main page index.htm. This system didnt allow the client start the surfing the internet. If they already have the username and password, they can click-on Login to authenticate and start surfing until their time is over.

Login (10.0.0.1:3990/uam)

This Login page is provided by Coova that use for authentication. This login page will authenticate the user that only enable by the administrator and control by the RADIUS server.

Registration Form (form.php)

Register

The first time clients need to self-register their information and subscribe the plan either Prepaid Plan or the Flat Rate plan and the Speed Plan. All this information will stored in database. After the registration finished by client, they still cannot have the internet access, but they need to inform the Wi-Fi Administrator (Hotel Lobby) to enable their used manually.

This is description of the form: Prepaid Plan. The prepaid plan provides service for hour login. This system only block the access when the client reach their limit maximum session time that control by Coova Chilli and RADIUS server that read from database. The system provides the service for client 1 5 hour to subscribe. This system also disconnected the user automatically when they idle for 5 minute. Then they may continue login to use the service with plus 5 more minute session time. Flat Rate Plan

Flat Rate plan able the client uses the internet limit by days. Same as the Prepaid Plan, they may disconnected the client when reach their limit of session time. User may subscribe from 10, 20, 30 and 60 days unlimited access.

Speed Plan Client may request for the speed that they need to choose. This system provides also provide the bandwidth control of the user. This is to avoid the loss of bandwidth and the internet connection may slow.

User Status (status.php)

User Status

User Status page used for client to check their balance session time. They may login using their username and password. This system will compared the username and password stored in database. If match, user will see their information query.

Location (location.htm)

Location

This page is for the Ads and promotion purpose. With interactive Google maps that show the hotel location. The client may use this map as a reference and best guide for the foreign visitor. This system only allows the user to use the Goggle Maps only. Other searching process service is denied. The map is using the Google maps API Version 3 (Google code). http://code.google.com/apis/maps/documentation/v3/.

Administrator System Interface (Administrator Only)

Administrator Login Form (login.php)

This authentication page is to provide security of the client information. This form is an authentication for administrator. The username and password of admin didnt store in database but in the one global configuration script named config.php (attached in configuration script).

Administrator Managing Menu (manage.php)

Figure ## After wifi administrator authenticate in the login.php (Figure ##) success, this page will be redirected to them. In this page, administrator able to manage their client base on the client subscriber plan either Prepaid or Flat rate plan. Administrator are able to register new user when click-on the Register link on the left site of the interface and will be redirect to form.php (figure ##). They also able to monitor the traffic when click-on the Traffic Monitoring link also on the left side of this interface to start the traffic monitoring tool via Ntop on the browser. See Ntop Screenshot, (Figure ##)

Figure ## 3.4.1 OUTPUT SERVICE

Client Output Interface. User Information After login through the Coova Chilli Captive Portal.

This page will appear after the authentication is granted by the RADIUS server. Its shown information about:
Connected Logout

Session ID 4b0a0a2200000001 Max Session Time unlimited Max Idle Time 05m00s Start Time Mon Nov 23 2009 12:18:00 GMT+0800 (Malay Peninsula Standard Time) Session Time 01m30s Idle Time 00s Downloaded 21 Kilobytes Uploaded 37.53 Kilobytes Original URL http://en-us.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

Figure ##

User management page (Administrator)

Prepaid Plan (/prepaid/manage.php)

Figure ## This is output interface for the administrator to manage the Prepaid plan subscriber. Administrator are able to view the user session time and may edit and delete the user. Administrators also use this page to enable the register user in the Wi-Fi Access Colum manually. There are information appeared are called from database. Administrator is able to edit, delete adding and modify of the user information. Administrator may disconnect the client anytime.

Edit and delete Form for Prepaid Plan

Prepaid Edit form ( /prepaid/edit.php?#id=#)

Figure ## Figure ## above shown the Edit form that will use for the administrator to modify the user information if the user want to extend or adding their session time and save to the database.

Prepaid Delete form ( /flatrate/delete.php?#id=#)

Figure ## Figure ## above shown the delete form that will use for the administrator to delete the user information in the database.

Flat Rate Plan (/flatrate/manage.php)

Figure ##

This is an output interface for the administrator to manage the Flat Rate plan subscriber. Administrator are able to view the user session time and may edit and delete the user. Administrators also use this page to enable the register user in the Wi-Fi Access Colum manually. There are information appeared are also called from database. Same as the Prepaid plan, an Administrator is able to edit, delete adding and modify of the user information. Administrator may disconnect the client anytime.

Edit and delete Form for Flat Rate Plan

Flat Rate Edit form (/flatrate/edit.php?#id=#)

Figure ## Figure ## above shown the Edit form that will use for the administrator to modify the user information if the user want to extend or adding their session time and save to the database.

Flat Rate Delete form (/flatrate/delete.php?#id=#)

Figure ## Figure ## above shown the delete form that will use for the administrator to delete the user information in the database.

3.4.2

Physical Connection

Figure ##

Internet

eth1

eth 0

Access Point

Client

3.5 SYSTEM DESIGN

3.5.1

Flow Chart 3.5.1.1 Client Flow Chart

Start

Connected to AP

DHCP Request Assign Open Browser

Not Assign

Register? No Register Form

Yes

Contact Admin

Login

No

Admin Enable? Yes Radius + MySQL

Internet Access

End

3.5.1.2 Administrator Flow Chart

Start

Login Granted Admin Menu

Denied

Select Plan

Enable User

Register New

Modify Client

Stored In Database

RADIUS Server

Logout

End

3.5.2

Data Flow Diagram

3.5.3

Entity Relationship Diagram

3.5.4

Physical Database Design

4.0

SYSTEM CONFIGURATION AND CODING 4.1 DATA DICTIONARY

4.2

CONFIGURATION

Interface Configuration Eth 0 (/etc/sysconfig/network-scripts/ifcfg-eth0) Connect to Internet

# edit file : vi /etc/sysconfig/network-scripts/ifcfg-eth0 # Setting untuk network card 1 DHCP (Network TATiUC) DEVICE=eth0 BOOTPROTO=dhcp HWADDR=00:05:5D:4B:FD:5C ONBOOT=yes TYPE=Ethernet #...Setting untuk streamyx Disable #DEVICE=eth0 #ONBOOT=yes #NETMASK=255.255.255.0 #IPADDR=192.168.1.2 #GATEWAY=192.168.1.1 #TYPE=Ethernet USERCTL=no IPV6INIT=no PEERDNS=yes

Eth 1 (/etc/sysconfig/network-scripts/ifcfg-eth1) Connect to Client

# edit file : vi /etc/sysconfig/network-scripts/ifcfg-eth1 # Setting untuk network card 2 DEVICE=eth1 HWADDR=00:0F:FE:3A:24:93 BOOTPROTO=static BROADCAST=10.0.0.255 IPADDR=10.0.0.1 NETMASK=255.255.255.0 NETWORK=10.0.0.0 ONBOOT=yes TYPE=Ethernet

IP Tables Configuration (/root/firewall.sh)

# firewall.sh /sbin/iptables -F /sbin/iptables -t nat -F /sbin/iptables -t mangle -F /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD -i eth1 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward

chilli.conf (/usr/local/etc/chilli/config)
HS_WANIF=eth0 # WAN Interface toward the Internet HS_LANIF=eth1 # Subscriber Interface for client devices HS_NETWORK=10.0.0.1 # HotSpot Network (must include HS_UAMLISTEN) HS_NETMASK=255.255.255.0 # HotSpot Network Netmask HS_UAMLISTEN=10.0.0.1 # HotSpot IP Address (on subscriber network) HS_UAMPORT=3990 # HotSpot Port (on subscriber network) HS_NASID=hotspot HS_RADIUS=127.0.0.1 HS_RADSECRET=testing123 HS_UAMSERVER=10.0.0.1 HS_UAMFORMAT=http://\$HS_UAMSERVER/uam HS_UAMHOMEPAGE=http://\$HS_UAMSERVER/hotspot/index.php.htm HS_USE_MAP=on # Short hand for allowing the required google HS_DEFIDLETIMEOUT=300 # Default idle-timeout if not defined by RADIUS (0 for unlimited) HS_MODE=hotspot HS_TYPE=chillispot HS_WWWDIR=/usr/local/etc/chilli/www HS_WWWBIN=/usr/local/etc/chilli/wwwsh HS_PROVIDER=Hotspot HS_PROVIDER_LINK=http://10.0.0.1/ HS_LOC_NAME="HotSpot" # WISPr Location Name and used in portal

RADIUS Configuration. (/usr/local/etc/raddb/radius/radius.conf)

prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct # Location of config and logfiles. confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd # Should likely be ${localstatedir}/lib/radiusd db_dir = $(raddbdir) libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 # Useful range of values: 2 to 10 # cleanup_delay = 5 # Useful range of values: 256 to infinity # max_requests = 1024 # The server ignore all "listen" section if you are using '-i' and '-p' # on the command line. # listen { type = auth # dotted quad (1.2.3.4) ipaddr = * port = 0 } listen { ipaddr = * # ipv6addr = :: port = 0 type = acct # interface = eth0 # clients = per_socket_clients } hostname_lookups = no

# allowed values: {no, yes} # allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = no auth_badpass = no auth_goodpass = no } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf snmp = no $INCLUDE snmp.conf thread pool { start_servers = 5 # For more information, see 'max_request_time', above. # max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 }

modules { # INSTEAD of the original 'name'. configuration $INCLUDE ${confdir}/modules/ $INCLUDE eap.conf $INCLUDE sql.conf $INCLUDE sql/mysql/counter.conf } # hotspot by azri sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct where UserName='%{%k}'" } instantiate { exec expr # daily expiration logintime # hotspot by azri noresetcounter } $INCLUDE policy.conf See the 'radutmp'

$INCLUDE sites-enabled/ #########################END RADIUSD CONF##################

SQL Configuration in RADIUS (

sql { database = "mysql" driver = "rlm_sql_${database}" # Connection info: server = "localhost" login = "root" password = "" # Database table configuration for everything except Oracle radius_db = "radius" # If you are using Oracle then use this instead # radius_db = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT _DATA=(SID=your_sid)))" acct_table1 = "radacct" acct_table2 = "radacct" # Allow for storing data after authentication postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" # Table to keep group info usergroup_table = "radusergroup" # If set to 'yes' (default) we read the group tables # If set to 'no' the user MUST have Fall-Through = Yes in the radreply table # read_groups = yes # Remove stale session if checkrad does not see a double login deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 table) nas_table = "nas" $INCLUDE sql/${database}/dialup.conf }

###############END Configuration#########################

Client.conf in RADIUS. (/usr/local/etc/raddb/radius/client.conf)

client localhost { secret }

= testing123

5.0

IMPLEMENTATION 5.1 UNIT TESTING

5.2

INTEGRATION TESTING

5.3

SYSTEM TESTING

6.0

CONCLUSION

6.1

SYSTEM ADVANTAGES

6.2

SYSTEM DISADVANTAGES

6.3

SYSTEM JUSTIFICATION