Is it possible to auto provision clients in ZeroShell?

Home Page Forums Network Management ZeroShell Is it possible to auto provision clients in ZeroShell?

This topic contains 4 replies, has 0 voices, and was last updated by  securenet 8 years, 11 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #41976

    securenet
    Member

    This question is not strictly a ZS inquiry…..

    I am trying to design a WiFi Network where the clients visit and local web page, enter the requires information and after pressing the submit button a Script is executed and Provisions the clients access to the network.

    For example:
    The script will create a User Account.
    The script will assign a Static IP Address.
    The script will add an entry in the Firewall, in the Out Chain for WAN Access.
    The script will add an entry to track network usage.
    add the clients information to a database.
    The script will do what ever I needed to be done.

    I am assuming that this is a lot of work and I am will to learn, I simply need to be pointed into the right direction.

    Thanks for any help that is offered.

    #48925

    yum
    Member

    Maybe it’s better to use existing billing system and only write some custom rules to communicate with zeroshell router? Backend scripts are located at folder /root/kerbynet.cgi/scripts/.

    #48926

    securenet
    Member

    Thanks You for the Info:

    Maybe it’s better to use existing billing system and only write some custom rules to communicate with zeroshell router? Backend scripts are located at folder /root/kerbynet.cgi/scripts/.

    To confess, I do not know anything about Programming or Scripting so I will be actively logging to information or someone that can assist. But what program can I run in a website that will communicate with the /root/kerbynet.cgi/scripts/.

    Example: Java, C++, Bash, Perl, PHP….

    If I know what is best then I would know who to look for, for help.

    #48927

    yum
    Member

    There are hundreds of bash scripts in that folder. They automate many operations, such as adding new firewall rules, QoS rules, managing network interfaces e.t.c.
    For example run

    /root/kerbynet.cgi/scripts/dhcp_addstatic 00 192.168.10.10 AA:BB:CC:DD:EE:FF

    to add new static DHCP entry.

    Remote execution of those commands can be done via ssh:

    ssh root@ZEROSHELL.IP.ADDRESS "/root/kerbynet.cgi/scripts/command_to_run ARG1 ARG2 ARG3"

    To enable remote login via ssh without typing root password you can do next steps (manual copied from page that cannot be found on the web anymore):

    SSH to you ZeroShell firewall and login as “admin” then drop to a shell “S”.

    In the “/Database” directory, create a directory called “startup”.

    Copy “/etc/ssh/sshd_config” to “/Database/startup/sshd_config”.

    Edit “/Database/startup/sshd_config” and comment out “AllowUsers admin”, then uncomment “#AuthorizedKeysFile .ssh/authorized_keys” and save the file eg.
    # AllowUsers admin
    AuthorizedKeysFile .ssh/authorized_keys

    On your other machine:
    Run “ssh-keygen -t rsa” to generate a public / private key pair, in “/root/.ssh/id_rsa”
    DO NOT ENTER A PASSPHRASE

    Copy the contents of “/root/.ssh/id_rsa.pub” using your fav editor to the ZeroShell “/Database/startup/.ssh/authorized_keys” file.

    Create a startup script, “/Database/startup/rc.local” and paste in the following (modify YOUR_ROOT_PASSWORD below)

    #!/bin/sh
    /bin/cp /Database/startup/sshd_config /etc/ssh/sshd_config
    /bin/cp -Rp /Database/startup/.ssh /root/.ssh
    echo “root:YOUR_ROOT_PASSWORD” | /usr/sbin/chpasswd /sbin/service sshd restart

    Login to your ZeroShell web admin and navigate to “Setup”, then “Startup”
    Enable the startup configuration and add “/Database/startup/rc.local” to the Pre-boot startup script and save it.

    Reboot your ZeroShell firewall.
    You should now be able to SSH in as “root” with the password set above and drop to a shell prompt.
    Check that an SSH connection from your LAN box to your ZeroShell firewall returns a “root@ZS root>” without prompting for a password eg.
    ssh -i /root/.ssh/id_dsa root@ZEROSHELL_IP

    This is not very secure but works for me.

    #48928

    TobiasK
    Member

    For the User Accounting you can try my scripts (Look in the Shell Code)
    Here you can find some automatic Tools to create Users with passwords…

    http://www.koenigtobias.de/Apple/Zeroshell/Eintrage/2010/1/15_Accounting_function_(Beta).html

    #48929

    Chrissy12
    Member

    Tobias has the right idea. This is much simpler than doing it manually…

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.