Sunday, October 21, 2007

Polaroid Life - Pinhole shots PART 2


the 2nd pinhole shot:
weather: sunny and 25 C
veiw: 20 seconds
dev.:120 seconds
scanner: Umax 1220p


the 3rd pinhole shot:
weather: sunny and 25 C
veiw: 18 seconds
dev.:120 seconds
scanner: Umax 1220p

PS: I tried to use my old scanner to transfer these two films to digital format. But the colour of digital files are obversely different to the original films. They become a bit over expose ( or light than original ones) . Perhaps, I need to buy a new photo scanner to do the better job.

Saturday, October 20, 2007

Polaroid Life - my first pinhole shot


This is my first try to use a pinhole camera with a Polaroid film back. fortunately, the image is quite good and the whole process is not so difficult as I thought before I took it. According to introductions for both Fujifilm FP-100c and pinhole 100, this shot spent about 20 seconds to take the view and 120 seconds to develop the photo.

more information about the pinhole camera:
http://www.doctor-and.com/

Sunday, September 30, 2007

FreeBSD - Installation of NanaBSD

Prepare:
1. Transcend industrial 1GB CF
2. CF to IDE card
3. A HDD

Installation:
1. install a new Freebsd 6.2 on the HDD
2. install needed software from ports
3. cd /usr/src/tools/tools/nanobsd
4. mkdir Pkg
5. build packages from installed software
pkg_create -Rb package_name.tgz
6. vi localfile
add following codes
==========================================================
#!/bin/sh -e


# save pointer to packages, there should be $src/Pkg directory
# with packages ready to install
src=$(dirname `realpath $0`)
pkgs="$src/Pkg"

# go to Nano world
cd "$NANO_WORLDDIR"

# start from the beginning
dirs="usr/local tmp/Pkg var/db/pkg"
rm -rf $dirs
mkdir $dirs

trap "umount $pkgs" SIGHUP SIGINT SIGTERM
mount_nullfs -o ro "$pkgs" tmp/Pkg
chroot "$NANO_WORLDDIR" sh -c "cd /tmp/Pkg && pkg_add -vF *"
umount "$pkgs"
rmdir tmp/Pkg
===========================================================
7. edit nanobsd.sh
add customized function
cust_JwW(){
sh /usr/src/tools/tools/nanobsd/localfile
}

8. add config file
vi mynano.conf
transcend 1g
customize_cmd cust_JwW
customize_cmd cust_nobeastie

9. edit FlashDevice.sub
# fdisk da0
******* Working on device /dev/da0 *******
parameters extracted from in-core disklabel are:
cylinders=1985 heads=16 sectors/track=63 (1008 blks/cyl)

ps: 1985x16x63x512 = 1024450560

add above codes in the end of transcend section


transcend 1g|1024m|1024mb)
case $a2 in
122|122mb)
NANO_MEDIASIZE=`expr 1024450560 / 512`
NANO_HEADS=16
NANO_SECTS=63
;;

10. build nanobsd
sh nanobsd.sh -c mynano.conf

11. install nanobsd to CF card
cd /usr/obj/nanobsd.full
dd if=_.disk.full of=/dev/ad0 bs=64k

12. finish. insert the CF to IDE card to the 1st IDE slot and set the CF to master

PS. be careful the device name, da0 or ad0 ad2....



Wednesday, August 08, 2007

Polaroid Life - New bags for Polaroid SLR680 & Sx70 Sonar

給SLR680和Sonar專用的保護袋。不像是一般的Sx70有多種專用皮袋,原廠SLR680&Sonar的袋子很少見,大多是拿尺寸差不多的袋子充當(很醜),或是購買日本的Porter出的專門包(很貴,比一台相機還貴)。雖然偶而在Ebay上能看到有含保護袋的相機在拍賣,但對於已經擁有相機的我來說是不可能為了一個袋子再買一台相機的。再說,市面上能看到的袋子都是又醜又厚重的黑皮袋,一點都不適合外出攜帶(出門帶兩個袋子很不方便),原本我是用鏡頭布來包裹,但沒辦法包裹整個相機,且每次使用前和後都要花時間在打開和再包裹,實在很麻煩。還好,某天在網上閑晃時發現了有專門定製的保護袋,價錢上也不貴,一個加厚的雙層袋才210元,還有不同顏色可以選,一口氣就定了兩個給SLR680和Sonar。放入相機後體積也沒大多少,還可以放進背包裡,這樣就不用背兩個袋子出門了。

Bags for Polaroid SLR 680 and Sx70 Sonar. Unlike Sx70, it's quite hard to find a original leather bag/case for SLR680 or Sonar nowadays. It is a problem when I wanna carry a camera out to take photos. Searching the Internet, I found that there is a Japanese company, Porter, which sells some nice and special bags for 680 and sonar, however, I don't think it is worth to spend so much money on a bag. It is even expensive than buying a camera. Sometimes, there are some cameras sale with cases on Ebay. They might salved the problem but I don't need another camera. I used to use wrapping cloths, which are for camera lens, to protect and carry my SLR680 and sonar before buying these bags. Wrapping cloths are easy to use, but they are too small to wrap the entire camera, especially SLR680. In addition, I also need to spend time on pack and unpack the camera each time I wanna take a shoot or finish a shoot. I became lazier to take cameras out of bags. In last week, I found a seller who makes bags for customers on Yahoo's auction. I ordered two bags with gray and black in 25x10.5x3cm for both 680 and sonar. Have a look the photos, these two bags are perfectly matched with cameras. They are also have better look than original leather cases.



黑色與灰色

Friday, August 03, 2007

Polaroid Life - a new way to use 600 film on Sx70

有在玩Sx70系列的人都知道Sx70用的底片跟600型的主要差異在於背面底部中間的兩個凸出物。一般來說,會使用兩種方式來避免600型底片會卡住的問題:1. 將先前底片吐出的黑卡紙墊在底片下,然後一起塞入相機中,等進入一半後再將黑卡紙抽出,然後繼續塞入底片。2. 直接將那兩個凸出物除掉(斜口鉗剪掉或是刀片切掉, Photo1)。這兩種方法並不會很難使用,但卻很麻煩。試想,每次在塞入底片前都要事先除掉凸出物或是準備黑卡紙,這樣不是很麻煩嗎?實際上會造成卡住而塞不進去的原因在於底片室入口附近的一ㄇ字型鐵片Photo2,比較SLR680(可以直接使用600型底片, Photo3)的底片室,其鐵片形狀比較類似H型,因此重點便在中間的那一橫鐵片的位置。原本的想法是要將那一橫鐵片剪掉,但是不知道會不會影響功能(不知道功能為啥?頂底片盒??)而作罷,仔細再看其鐵片並非單純的平面,而是類似U字型,會卡到的部份就是U字型左側的那一豎,只要能除掉或是壓低它的高度就能順利的塞入底片。我的作法就是用尖嘴鉗將U字夾成一字(如圖所示, Photo4),果然! 現在再塞底片就不會卡住了。

I will try to translate my post into English from now. Just want to practise my English writing before I forget how to do it. If there is any mistake, please let me know.
Searching the Internet, you can find that there are two ways to use 600 film on the old Polaroid sx70. The first method is to use a "card"under cartridge. When you insert a 600 film into Sx70, putting a card under the cartridge. Then, before the cartridge is completely inserted, taking out the card and pushing the cartridge into the camera. The second way is to remove two bulges on the bottom of cartridge(see
Photo1). Before you put a film into the camera, using a pincer or knife to cut off the bulges. These two methods are quite easy to use 600 films on Sx70. However, for a lazy man like me, both of them make shooting becoming inconvenient when I need to change cartridges. Therefore, I find a easier way to use 600 film. Unlike SLR680/690(see Photo3), there is a piece of steel to prevent using unmatched film on Sx70(see Photo2). It causes 600 films cannot be inserted into Sx70. At the beginning, I tried to cut off it, but I thought it might be used as a function. ( I don't know what kind of function it could be. to push up the cartridge?) So, I used a pincer to scrunch the steel to flat it(see Photo4). It is hard to explain it in English for me. Please have a look the picture below. Now, 6oo film can be easily and smoothly inserted into Sx70 without any problem.



Photo1:

Photo2:

Photo3:

Photo4:

Sunday, July 29, 2007

Polaroid Life - Test shoots by SLR 680 & SLR 680 SE

1. Using Land Camera -1: 腳掌的來襲(自拍,難度頗高阿)
2. Using SLR 680 SE -1: 轉動中的電扇

3. Using SLR 680 SE -2: 吊娃娃(把國家搞爛了還一堆歪理,不吊著你逞罰一下怎麼可以)

3. Using SLR 680: 小壁虎

照片都是用GRD翻拍的,都是在P模式下不加閃光拍攝。顏色上看來最後一張好像是偏綠了,但是依照Polaroid的Q&A所寫:"If the film is too cold at the time of exposure, the image may have a blue tint. If the film is too hot, it may have a yellow tint. Fluorescent lighting can cause images to have a green tint."因此在室內日光燈下,這樣的表現應該算是正常的。第2,3張則是在下午時刻、室內未開燈的情況下拍攝,所拍的來的效果就有點偏暗,看起來也就比較黃一點。奇怪的是第一張,拍攝的時間就在第2,3張前幾分鐘,沒開閃光卻有著像是夜晚拍照開閃光燈的效果(被拍攝物過白,背景漆黑),也許是腳掌就直接曝曬在太陽光下所造成的現象。

New members of my Polaroid instant camera


在不知不覺中又買了三台Polaroid Instant Cameras, Sx70 Sonar , SLR 680, SLR 680 SE. 加上原有的跛腳680(最左邊的),就有了三台680......加上原先的Sx70 Land camera及Model 3,現在就只缺機皇690了,但他現在的價位真是高的有點離譜,只能等到降到200美元以下才有機會入手了

Saturday, July 14, 2007

Polaroid Life - New skin for Model 3

這是早已計畫許久的事情卻一直拖到今天才做,並不是很忙沒時間幫Polaroid換皮,只是很單純的"懶"。對於要使用的新皮也一直在考慮,原本想照舊使 用皮革材質,但想想這樣的換皮一點也不符合我的想法,要換就換個不一樣的才好。我買的Polaroid都是有缺陷的(不是有缺口就是有裂痕 ,外皮也多半是已經腐爛的),一般的玩家是不會想買的更不用說是要收藏的人,但也就是因為這樣在Ebay上才會便宜,反正只要是功能完整,外皮爛?自己換 就好,裂痕?用三秒膠黏一下再補齊也看不太出來,相機麻! 就是買來用的。
這次的實驗機是大家都不喜歡的Polaroid sx-70 Model 3,也是我原本想賣卻賣不掉的機子,既然賣不掉就留著用囉,反正這也是唯一使用測距對焦的sx-70啊。新的外皮用的是上"Yahoo拍賣"買的汽機車裝 飾用的碳纖維(Carbon)貼紙,一般分為仿的貼紙(這種便宜,但是仔細看來是很假),另一種就是所謂的"正卡夢"貼紙了(我選的,這種比較厚也可以拿 來強化Model3 的塑膠外殼,但是一張黑色的50x30cm要價900新台幣)。
更新步驟: 很簡單就照網路上的去做就好,要注意的是網路上提供的外皮是依照一般機型去量的,也就是說Model 3還要自己再修正,不過差異不大。這次的剪裁上還有很多沒裁好的地方,就等下次再修正囉。下次要換的就是"跛腳的Polaroid 680"(一邊的轉軸斷了)。
PS: 忘了先拍下換皮前的樣子,也懶的拍過程,就看看換完後的樣子就好,順便留作紀念。
1. 閃光燈下的樣子,反光的樣子還不賴吧!

2. 未開閃光的正面,這樣比較清楚
3. 反面
4.開啟後
5.另一角度

Sunday, July 01, 2007

Polaroid Life - Modify my SX70 Land Camera & Model 3

由於SX70的底片現在越來越不好買,而且也比600 film的貴上不少,因此趁有空也有人可以幫忙的機會下把原有的SX70 Land Camera 與 想賣而賣不掉的 Model 3 進行改機。根據George網站的說法,只要將原有的電容改用1/4大小的即可,而在我的 Land Camera上的原電容是800pF的、Model 3上的則為850pF,因此決定使用180pF的。我的算法是150/640而非150/600,因為600 film的ISO應該是640,但實際上並沒差多少。
以下便是改機後的測試照,在大太陽下似乎還是有點過曝,不過這是還沒有調整Ev值
的結果,往後再加上減光鏡或調整Ev值,應該能有不錯的表現。

PS: 感謝 Jackie 和 Joe 的幫忙!



Monday, June 11, 2007

Old Photo - Melton Hall@Jubilee Campus

Melton hall - the University of Nottingham 提供給在Jubilee campus研究生的宿舍,09/2004~09/2005的一整年就是待在這裡,當時號稱全校最高檔的宿舍,因為每間房都有個人衛浴設施,每星期也都有人來打掃,再加上距離系所不到五分鐘的路程在寒冷的冬天是很吸引人的,不過缺點就是貴....
對我來說,一切都很好。不僅用餐時能欣賞外面人工湖上的鳥類戲水,偶而還能看到躲在遠處張望的狐狸,很能享受沒課的空閒時。唯一的缺點就是被分配到了"印度區",週遭有一半以上的印度同學,對於他們的生活習慣我只能搖頭....實在是太髒了,並不是用手抓東西吃的原因,而是不太洗碗盤,只沖沖水就直接用了,又常常把東西放到發霉不丟,總之就是生活習慣很差,還好英國很少有蟑螂螞蟻的,不然就慘了。

Sunday, June 10, 2007

Old Photo - Library@Jubilee Campus

2oo5年冬天,還在Nottingham唸書時拍攝的照片,當時用的相機還是Panasonic Fz20,現在已讓渡到大姐的手上了。圖中像碗一樣的的建築物則是這個校園的圖書館,應該是這校園的地標吧!? 當初只是為了對英國的冬天及唸書的地方做個紀念所拍,現在看來卻充滿的不少的回憶,雖然很少在這棟圖書館唸書,但是因為就住在旁邊的宿舍,因此晚餐後常來 這裡散步、餵食動物,幾乎是天天都看的到它。

















補充第二張圖是春夏時的傍晚所拍,同樣的地點,不同的感受...

Saturday, June 09, 2007

GR Digital - Moai



Moai - 就大家都有聽過或是看過照片的復活島摩艾像。這是5月初去大英博物館時所拍攝的,一直以來都很喜歡這類的物品,可惜的是逛遍了博物館內外的禮品店也沒發現有賣類似的小紀念品(但是買了些其他的,有機會再拍幾張貼上來),只好拍幾張作作紀念。其實Moai看起來還蠻嚴肅的,還有點憂鬱的感覺,不曉得到底是望著遠方(第一張)還是盯著下面的人看(第二張的感覺就想是在盯著下方的那兩位參觀者,而這兩位也正巧低著頭讀著解說牌,好像是屈服在Moai的威迫之下)。

Friday, June 08, 2007

GR Digital - 飛天豬 與 鱷魚蠋台

很有趣的裝飾品,上圖的飛天豬是大姊家中的裝飾品,乍看之下並沒有啥特別之處,但是仔細看各個重要的特徵都由簡單的線條輕易的達成,帶有著簡單中不失重點;加上翅膀,又顯示著平凡中帶點特別。所使用的材料也並非一般常見的陶土或是木雕,而是由沉甸甸的鐵塊所構成的,各人倒是蠻喜歡的。
下圖則是大姊朋友家中發現的飾品,原本以為是隻蜥蜴,沒想到卻是隻鱷魚。左右看來來頗為對稱,顏色也頗為亮眼,拿還做蠟燭台還真是合適。

Thursday, June 07, 2007

GR Digital - Mr. Coffee VS. Starbucks coffee



Mr. Coffee VS. Starbucks coffee.....
Mr. Coffee只是台小小咖啡三輪車,上面卻是一應俱全各種常見的咖啡都有,甚至跟台灣的行動咖啡車有的比,提供的桌椅也如同三輪車一般簡便-就一張簡單的 桌子連椅子都沒有,卻也符合行動咖啡的本意....簡單、方便、喝完就走,也帶著點露天咖啡的感覺。不解的是為何挑在Starbucks的前面??難道是 擺明了說我提供的咖啡比你好喝?還是提供的服務更快速??

Ps : 這家Starbucks coffee位啥是藍色的?不是綠色? 先前還看過黑色的麥當勞,難道是加盟店??

Wednesday, June 06, 2007

GR Digital - 西班牙海鮮燴飯??


Portobello road market在接近中午時出現的攤販,煮的應該是"西班牙海鮮燴飯"吧!!逛了這麼多的英國市集也很少看到這樣的攤販,一般都是漢堡、熱狗或是Fish&Chips之類的餐車,這種有現場烹飪秀的熱食還真是少見,拍照時老闆還說以前都是要收錢的,現在因為太多人拍了,要是收錢就來不及作生意了.....。不過當時因為不餓也就沒買來吃,現在想想還真可惜,吃了起碼可以多點心得。

Tuesday, June 05, 2007

GR Digital - 街燈


這是在英國鄉間小鎮上的教堂前所拍攝的,其實原本也沒有刻意的想要拍,只是要進去教堂的門口時忽然的抬頭,也就順便照了下來。真的是很佩服外國人,連個不起眼的街燈都能設計的與四周環境相融合,整個的感覺就像是時間還停留在十八、九世紀的年代.....

Friday, June 01, 2007

GR Digital - Sherlock Holmes


英國名偵探 - 夏洛克‧福爾摩斯(Sherlock Holmes),這是英國地鐵站 Baker Street 的佈置。 在小說裡,福爾摩斯就住在221B Baker steet,因此這一站就是以他為主題,在附近的Pub裡還有一種以他的名字命名的啤酒,有機會可以去試試。
ps. 曾經看過一本非原作的小說,內容描述福爾摩斯在追查'倫敦開膛手-傑克',最後的結果居然是福爾摩斯就是傑克,真是夠會掰的了...

Monday, May 21, 2007

Polaroid Life - Tower Bridge



倫敦塔橋 - 也是倫敦有名的地標之一,遊客必到之處.

來到這裡時還下著不小的雨(連polaroid都拍的到雨了,可見不小吧),幸運的是只在這裡幾分鐘,卻因為有帆船(載觀光客的)經過而使得橋面升起了,不過可惜的是即可拍的解析度不夠, 所以看不清楚船的類型與樣子.

Polaroid Life - Portobello Road Market



波特貝羅市集(Portobello Road Market),據說是目前世界上最大的市集,位於著名的Notting Hill,只有周六日才有攤販聚集, 其他時候因為攤販不多因此人潮也不如假日多.

這裡的建築物不知道是為了觀光還是啥原因,每棟的顏色都不同,同一段的顏色也不會重複.跟英國其他地方的建築比起來,雖然樣式上較樸素,但整體上卻活潑了不少.


說它是世界上最大的市集,到底有多大呢?我從早上10點到達後一直逛到下午2:30左右才離開, 其中後面1/5的市集因為人較少,我也沒去. 逛到後面很多店都是走馬看花,有很多重複的,但是仔細看也能發現不少每家攤販獨特的物品,喜歡逛這種混合著老舊與新穎物品市集的人,絕對不能錯過.

Polaroid Life - Grenadier Guards



另一項著名的英國象徵 - 英國衛兵.

替他拍照時,其實有很多觀光客也都在拍,有得還直接站到他旁邊去了,他應該覺得很無耐吧,既不能亂動也不能笑,還好能三不五時的出來走走,巡邏一下.

Sunday, May 20, 2007

Polaroid Life - Double-Decker bus



這也是聞名世界的英國產物-紅色雙層巴士,去年(2006)看到新聞報導因為維修與使用上的不便,已經逐漸淘汰這種巴士了,沒想到在市集旁還停了一台做裝飾.

稍後在街上也看到了幾部仍在營運中的巴士,跟現在新的雙層巴士一比真是有代表性,可惜已經逐漸走入歷史了.

Polaroid Life - English Breakfast



十分豐富的英式早餐, 有蘑菇、黑布丁(這好像應該是蘇格蘭食物吧!?)、培根、馬鈴薯餅、香腸、炒蛋、烤蕃茄、黃豆醬,吃的超飽的,可惜的是這家店早餐沒飲料,所以點了杯拿鐵.

要是將炒蛋換成荷包蛋更好!混著黃豆醬和其他食物一起吃,超棒的!

Polaroid Life - Big Ben



英國著名的建築物- 大鵬鐘(Big Ben),真不知道是誰翻譯出來的名字,曾經還看過翻成"大笨鐘".(我是看旅遊書才知道中文的翻譯)

每次到倫敦的天氣都不好,這次更糟,居然還下起雨了,陰暗的天氣雖然讓照片都灰灰黑黑的,但卻更有"霧都"的感覺.

Polaroid Life - Barbour


在英國的Barbour看到的有趣景象,小黃牌上標示著"禁止停車(at any time)",但是旁邊卻停了一匹馬,好像說著不能停車但是可以停"馬"

Asterisk + Openser + Freeradius + Mysql (3)

*Other

14. Firewall
vi /etc/sysconfig/iptables
add:
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5070 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 7890 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 35000:65000 -j ACCEPT

# restart firewall
/etc/init.d/iptables restart

15. Automatically start on boot time
vi /etc/rc.d/rc.local
add:
/usr/local/bin/rtpproxy -l x.x.x.x -s udp:localhost:7890
/usr/local/sbin/radiusd
/usr/local/sbin/openser start

PS: Asterisk was set to start as demand by "make config"

16. Add users
/usr/local/sbin/openserctl add

add group
/usr/local/sbin/openserctl acl grant
ps users should be in "voicemail" group if they wanna the voicemail function

then add user data into /usr/local/etc/radda/users

restart Freeradius

17. Storage
voicemail will be saved in database ( asterisk -> voicemessages )
and /var/spool/asterisk/voicemail/default/XXXX < account no. also in root's mail ( /var/mail/root ) *reference: http://www.frontios.com/freeradius.html http://www.openser.org/docs/openser-radius-1.0.x.html http://www.voip-info.org/wiki/view/Realtime+Integration+Of+Asterisk+With+OpenSER http://www.openser.org/dokuwiki/doku.php/asterisk:realtime-integration

Asterisk + Openser + Freeradius + Mysql (2)

*Configuration

10. Radiusclient-ng configuration
vi clients.conf
add:
x.x.x.x testing123
localhost testing123

vi radiusclient.conf
edit:
authserver localhost <--- recommended! using x.x.x.x is slower and easy to fail
acctserver localhost <--- recommended! using 5x.x.x.x is slower and easy to fail

vi dictionary add: $INCLUDE /usr/local/etc/radiusclient-ng/dictionary.openser cp /usr/local/etc/openser/dictionary.radius /usr/local/etc/radiusclient-ng/dictionary.openser 11. Openser configuration dictionary.radius mv /usr/local/etc/openser/dictionary.radius /usr/local/etc/openser/dictionary.radius.bak vi /usr/local/etc/openser/dictionary.radius add: #### Attributes ### #ATTRIBUTE User-Name 1 string # RFC2865 #ATTRIBUTE Service-Type 6 integer # RFC2865 #ATTRIBUTE Called-Station-Id 30 string # RFC2865, acc #ATTRIBUTE Calling-Station-Id 31 string # RFC2865, acc #ATTRIBUTE Acct-Status-Type 40 integer # RFC2865, acc #ATTRIBUTE Acct-Session-Id 44 string # RFC2865, acc ATTRIBUTE Password 2 string ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc ATTRIBUTE Sip-Src-IP 108 string # Proprietary, acc ATTRIBUTE Sip-Src-Port 109 string # Proprietary, acc ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius ATTRIBUTE Digest-User-Password 1073 string # by jww ### CISCO Vendor Specific Attributes ### #VENDOR Cisco 9 #ATTRIBUTE Cisco-AVPair 1 string Cisco # VSA, auth_radius ### Acct-Status-Type Values ### VALUE Acct-Status-Type Start 1 # RFC2866, acc VALUE Acct-Status-Type Stop 2 # RFC2866, acc VALUE Acct-Status-Type Failed 15 # RFC2866, acc ### Service-Type Values ### VALUE Service-Type Call-Check 10 # RFC2865, uri_radius VALUE Service-Type Group-Check 12 # Proprietary, group_radius VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius VALUE Sip-Method INVITE 1 # Proprietary, acc VALUE Sip-Method CANCEL 2 # Proprietary, acc VALUE Sip-Method ACK 4 # Proprietary, acc VALUE Sip-Method BYE 8 # Proprietary, acc VALUE Auth-Type DIGEST 1050 mv /usr/local/etc/openser/openser.conf /usr/local/etc/openser/openser.conf.bak vi /usr/local/etc/openser/openser.conf add: # ----------- global configuration parameters ------------------------ debug=7 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 listen=59.125.160.36 fifo="/tmp/openser_fifo" #fifo_db_url="mysql://openser:openserrw@localhost/openser" # ------------------ module loading ---------------------------------- mpath="/usr/local/lib/openser/modules" loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "avpops.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "xlog.so" loadmodule "uri.so" loadmodule "acc.so" loadmodule "auth.so" loadmodule "auth_radius.so" loadmodule "group_radius.so" loadmodule "avp_radius.so" loadmodule "nathelper.so" loadmodule "group.so" # ------------DB auth ---------------------- #loadmodule "auth_db.so" #modparam("auth_db", "password_column","password") # -------------Voicemail -------------------- #tm timeout for voicemail params modparam("tm", "fr_timer", 25) modparam("tm", "fr_inv_timer", 25) modparam("tm", "noisy_ctimer", 1) # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser") modparam("usrloc", "db_mode", 2) # -- acc params -- modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 2) modparam("acc", "log_flag", 1) modparam("acc", "log_missed_flag", 1) modparam("acc", "service_type", 15) modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") modparam("acc|auth_radius|group_radius|avp_radius", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("registrar", "default_expires", 60) modparam("registrar", "min_expires", 30) modparam("registrar", "nat_flag", 6) modparam("registrar", "sip_natping_flag", 7) # -------Nat Helper --------------------- modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890") #modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock") modparam("nathelper", "sipping_method", "INFO") # -- group_radius params -- modparam("group_radius", "use_domain", 1) # -- avpops params -- modparam("avpops", "avp_aliases", "day=i:101;time=i:102") modparam("avpops", "avp_table", "usr_preferences") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};

# NAT detection
route(2);

# check if user is suspended
if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
{
if (radius_is_user_in("From", "suspended")) {
sl_send_reply("403", "Forbidden - suspended");
exit;
};
};

# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol

if (!method=="REGISTER"){
record_route();
}


# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
if(method == "BYE" || method == "CANCEL" )
{
# log it all the time
acc_rad_request("200 ok");
acc_log_request("200 ok");
}
route(1);
};


if (!uri==myself) {
# check if user is allowed to do voip calls to other domains
if(method == "INVITE" || method == "MESSAGE") {
if (!radius_is_user_in("From", "voip")) {
sl_send_reply("403", "Forbidden VoIP");
exit;
};
};
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};

# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
# authenticate registers
if (method=="REGISTER") {
if (!radius_www_authorize("x.x.x.x")) {
www_challenge("x.x.x.x", "0");
exit;
};

# check the src ip address
#if(!avp_check("$avp(i:2)", "eq/$src_ip/ig")) {
# sl_send_reply("403", "Forbidden IP");
# exit;
#};

if (isflagset(5)) {
setflag(6);
# if you want OPTIONS natpings uncomment next
# setflag(7);
};

save("location");
exit;
};

# calls to pstn
#if(uri=~"sip:00[1-9][0-9]+@") {
# if(is_method("INVITE") && !has_totag()) {
# if (!radius_is_user_in("From", "pstn")) {
# sl_send_reply("403", "Forbidden PSTN");
# exit;
# };
# };
# #set gateway address
# rewritehostport("x.x.x.x:5090");
# route(1);
#};

# requests for Media server
if(is_method("INVITE") && !has_totag() && uri=~"sip:\*9") {
route(3);
exit;
}

# mark transaction if user is in voicemail group
if(is_method("INVITE") && !has_totag()
&& is_user_in("Request-URI","voicemail"))
{
xdbg("user [$ru] has voicemail redirection enabled\n");
# backup R-URI
avp_write("$ruri", "$avp(i:10)");
setflag(2);
};

# load callee's avps
if(avp_load_radius("callee")){
# check if user has time filter enabled
if(avp_check("$avp(i:3)", "eq/i:1")){
# print time in an avp
avp_printf("$avp(i:100)", "$Tf");
# extract day
avp_subst("$avp(i:100)/$avp(i:101)", "/(.{3}) .+/*\1*/");
if(!avp_check("$avp(i:6)", "fm/$day")) {
sl_send_reply("403", "Forbidden - day");
exit;
};

# extract 'hours:minutes'
avp_subst("$avp(i:100)/$avp(i:102)", "/(.{10}) (.{5}):.+/\2/");
if((is_avp_set("$avp(i:4)") && avp_check("$avp(i:4)", "gt/$time"))
|| (is_avp_set("$avp(i:5)") && avp_check("$avp(i:5)", "lt/$time"))) {
sl_send_reply("403", "Forbidden - time");
exit;
};
};
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
if(isflagset(2)) {
# route to Asterisk Media Server
prefix("1");
rewritehostport("127.0.0.1:5070");
route(1);
} else {
# log to acc as missed call
acc_rad_request("404 Not Found");
acc_log_request("404 Not Found");
sl_send_reply("404", "Not Found");
exit;
}
};
append_hf("P-hint: usrloc applied\r\n");
};

route(1);
}

# generic forward
route[1] {

# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP

if(isflagset(2)){
t_on_failure("1");
};

if (subst_uri('/(sip:.*);nat=yes/\1/')){
setflag(6);
};

if (isflagset(5)||isflagset(6)) {
route(4);
}

if (!t_relay()) {
sl_reply_error();
};
exit;
}

route[2]{
force_rport();
if (nat_uac_test("19")) {
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
};
setflag(5);
};
}

# voicemail access
# - *98 - listen caller's voice messages, being prompted for pin
# - *981 - listen voice messages, being promted for mailbox and pin
# - *98XXXX - leave voice message to XXXX
#
route[3] {
# direct voicemail
if (uri =~ "sip:\*98@" ) {
rewriteuser("1");
xdbg("voicemail access\n");
} else if (uri =~ "sip:\*981@" ) {
strip(4);
rewriteuser("11");
} else if (uri =~ "sip:\*98.+@" ) {
strip(3);
prefix("1");
} else {
xlog("unknown media extension $rU\n");
sl_send_reply("404", "Unknown media service");
exit;
}

# route to Asterisk Media Server
rewritehostport("127.0.0.1:5070");
route(1);
}

route[4] {
if (is_method("BYE|CANCEL")) {
unforce_rtp_proxy();
} else if (is_method("INVITE")){
force_rtp_proxy();
t_on_failure("2");
};
if (isflagset(5))
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
t_on_reply("1");
}


onreply_route[1] {
if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
force_rtp_proxy();
}
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');

if (isflagset(6)) {
fix_nated_contact();
}
exit;
}


failure_route[1]{
if (t_was_cancelled()) {
xdbg("transaction was cancelled by UAC\n");
return;
}
# restore initial uri
avp_pushto("$ruri", "$avp(i:10)");
prefix("1");
# route to Asterisk Media Server
rewritehostport("127.0.0.1:5070");
resetflag(2);
route(1);
}

failure_route[2] {
if (isflagset(6) || isflagset(5)) {
unforce_rtp_proxy();
}
}

#

mv /usr/local/etc/openser/openserctlrc /usr/local/etc/openser/openserctlrc.bak
vi /usr/local/etc/openser/openserctlrc
add:
# $Id: openserctlrc,v 1.2 2006/07/05 19:37:20 miconda Exp $
#
# openser control tool resource file
#
# here you can set variables used in the openserctl

## your SIP domain
SIP_DOMAIN=x.x.x.x

## database type: MYSQL or PGSQL, by defaulte none is loaded
DBENGINE=MYSQL

## database host
DBHOST=localhost

## database name
DBNAME=openser

## database read/write user
DBRWUSER=openser

## database read only user
DBROUSER=openserro

## password for database read only user
DBROPW=openserro

## database super user
DBROOTUSER="root"

## type of aliases used: DB - database aliases; UL - usrloc aliases
## - default: none
ALIASES_TYPE="DB"

## control engine: FIFO or UNIXSOCK
## - default FIFO
CTLENGINE="FIFO"

## path to FIFO file
# OSER_FIFO="FIFO"

## check ACL names; default on (1); off (0)
VERIFY_ACL=1

## ACL names - if VERIFY_ACL is set, only the ACL names from below list
## are accepted
ACL_GROUPS="local ld int voicemail free-pstn"

## verbose - debug purposes - default '0'
VERBOSE=1



12. Freeradius configuration
cp /usr/local/etc/raddb/radiusd.conf /usr/local/etc/raddb/radiusd.conf.bak
vi /usr/local/etc/raddb/radiusd.conf
add:
modules {
...
#
# The 'digest' module currently has no configuration.
#
# "Digest" authentication against a Cisco SIP server.
# See 'doc/rfc/draft-sterman-aaa-sip-00.txt' for details
# on performing digest authentication for Cisco SIP servers.
#
digest {
}
...
}
authorize {
...
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authenticate' section.
digest
...
}
...
authenticate {
...
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
digest
...
}

cp /usr/local/etc/raddb/directionary /usr/local/etc/raddb/directionary.bak
vi directionary
add
$INCLUDE /usr/local/etc/radiusclient-ng/dictionary.openser


cp /usr/local/etc/raddb/clients.conf /usr/local/etc/raddb/clients.conf
vi clients.conf
add:
client x.x.x.x {
secret = testing123
shortname = x.x.x.x
nastype = other
}


cp /usr/local/etc/raddb/users /usr/local/etc/raddb/users
vi uesrs
edit:
#DEFAULT Auth-Type = System
# Fall-Through = 1

add: (example)
### --- avps ---
0003@x.x.x.x Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#0",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"

0005@x.x.x.x Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#0",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Free"
# #3#1= enable the time-base checking

### --- group checking ---
0003@x.x.x.x Auth-Type := Accept, Sip-Group == "voip", Service-Type == "Group-Check"
Reply-Message = "Authorized"
0003@x.x.x.x Auth-Type := Accept, Sip-Group == "pstn", Service-Type == "Group-Check"
Reply-Message = "Authorized"

0005@x.x.x.x Auth-Type := Accept, Sip-Group == "voip", Service-Type == "Group-Check"
Reply-Message = "Authorized"
0005@x.x.x.x Auth-Type := Accept, Sip-Group == "pstn", Service-Type == "Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"

### --- user authentication ---
0003@x.x.x.x Auth-Type := Digest, User-Password == "0003"
Sip-Avp += "rpid:0003",
Sip-Avp += "#2:x.x.x.x",
Reply-Message = "Authenticated"

0005@x.x.x.x Auth-Type := Digest, User-Password == "0005"
Sip-Avp += "rpid:0005",
Sip-Avp += "#2:x.x.x.x",
Reply-Message = "Authenticated"


13. Asterisk configuration
edit /etc/asterisk/sip.conf
bindport=5070 ; UDP Port to bind to (SIP standard port is 5060)
bindaddr=x.x.x.x
checkmwi=10

[openser]
type=friend
context=default
host=localhost
insecure=very

edit /etc/asterisk/extconfig.conf
;for Mysql driver (asterisk add-on needed)
;sipusers => mysql,asterisk,sipusers
;sippeers => mysql,asterisk,sipusers
;voicemail => mysql,asterisk,vmusers

;for odbc driver (unixODBC needed )
sipusers => odbc,asterisk,sipusers
sippeers => odbc,asterisk,sipusers
voicemail => odbc,asterisk,vmusers

PS cannot use both two drivers as the same time!
for storing voicemail into database, ODBC is required.

;edit /etc/asterisk/res_mysql.conf insert:
;[general]
;dbhost = localhost
;dbname = asterisk
;dbuser = asterisk (or root)
;dbpass = asterisk (or root-password if user is root)
;dbport = 3306

edit /etc/asterisk/res_odbc.conf:
[asterisk]
enabled => yes
dsn => MySQL-asterisk
username => asterisk
password => asterisk
pre-connect => yes

vi /etc/odbc.ini
[MySQL-asterisk]
Description = MySQL Asterisk database
Trace = Off
TraceFile = stderr
Driver = MySQL
SERVER = localhost
USER = asterisk
PASSWORD = asterisk
PORT = 3306
DATABASE = asterisk

vi /etc/odbcinst.ini
[MySQL]
Description = MySQL driver
Driver = /usr/lib/libmyodbc3.so
Setup = /usr/lib/libodbcmyS.so
CPTimeout =
CPReuse =
UsageCount = 1

edit /etc/asterisk/extensions.conf
exten => 1,1,Ringing
exten => 1,2,VoicemailMain(${CALLERID(num)})
exten => 1,3,Hangup

exten => 11,1,Ringing
exten => 11,2,VoicemailMain()
exten => 11,3,Hangup

exten => _1XXXX,1,Ringing
;exten => _1XXXX,2,MailboxExists(${EXTEN:1})
;exten => _1XXXX,3,Playback(invalid)
;exten => _1XXXX,4,Hangup
;exten => _1XXXX,103,Voicemail(u${EXTEN:1})
;exten => _1XXXX,104,Hangup
exten => _1XXXX,2,Voicemail(u${EXTEN:1})
exten => _1XXXX,3,Hangup

Friday, April 06, 2007

FreeBSD - Portupgrade

FreeBSD 用 portupgrade 升級 ports

摘自 O’Reilly ONLamp.com 的 BSD DevCenter FreeBSD Basics 系列文章。

  1. 先更新 ports:cvsup -g -L 2 ports-supfile
  2. 再更新 ports 資料庫:/usr/local/sbin/portsdb -Uu
  3. 然後列出需升級的 port:/usr/local/sbin/portversion -l "<"
  4. 最後升級有裝的 port:/usr/local/sbin/portupgrade -arR
  5. 如果有提示就執行:/usr/local/sbin/pkgdb -F
  6. 如果天塌下來了就:/usr/local/sbin/pkgdb -fu

其他關於 portupgrade 的小筆記:

  • 每次 cvsup 更新 ports 之後就要跑一次 portsdb -Uu
  • pkgdb -fu 時無論如何都不要中斷動作
  • 可以用 pkg_which 查詢各檔案所屬 ports:pkg_which filename
  • 查某個 port 來源目錄:pkg_which -o kdemultimedia-3.1.3
  • 只上網抓回所需檔案但尚不升級:portupgrade -aFrR
  • 模擬而不實際升級:portupgrade -anrR
  • 指定記錄檔:portupgrade -rR portname -l logfile
reference:
http://moonfire.twbbs.org/15

Wednesday, March 14, 2007

Asterisk + Openser + Freeradius + Mysql (1)

*Installation

1. Binding one new IP address on eth0 (for SIP server only)
2. your system has following packages check
gcc or icc, bison or yacc, flex, zlib, zlib-devel, MySQL and MySQL-devel.
command: rpm -qa |grep xxxx

3. unixODBC installation
install unixODBC-dev and libmyodbc

4. FreeRadius installation
download freeradius-1.1.4.tar.gz
cd /usr/src
tar zxvf freeradius-1.1.4.tar.gz
cd freeradius-1.1.4
./configure
make
make install

5. Radiusclient-ng installation
download radiusclient-ng-0.5.2.tar.gz
cd /usr/src
tar zxvf radiusclient-ng-0.5.2.tar.gz
cd radiusclient-ng-0.5.2
./configure
make
make install

6. OPENSER installation
cd /usr/src
wget http://www.openser.org/pub/openser/1.1.1/src/openser-1.1.1-tls_src.tar.gz
tar zxvf openser-1.1.1-tls_src.tar.gz
cd openser-1.1.1-tls

cd modules/acc
vi Makefiles
uncomment acc.........

To enable Radius accounting, edit the “modules/acc/Makefile” and uncomment
the part related to Radius accounting. You can comment the part related to
SQL (database) accounting.
Next, edit “Makefile” and remove from “exclude_modules” all modules that
have “_radius” in their name. You can remove from “exclude_modules” the
“mysql” module as well -- the configuration file for OpenSER presented in
this document uses it.

make all
make install


7. RtpProxy installation
cd /usr/src
wget http://ftp.iptel.org/pub/rtpproxy/rtpproxy-0.3.tar.gz
tar zxvf rtpproxy-0.3.tar.gz
cd rtpproxy
./configure
make
make install

run /usr/local/bin/rtpproxy -l 59.125.160.36 -s udp:localhost:7890

8. Asterisk Installation
cd /usr/src
wget http://ftp.digium.com/pub/asterisk/asterisk-1.4.1.tar.gz
tar zxvf asterisk-1.4.1.tar.gz
cd asterisk-1.4.1

Edit 'apps/app_voicemail.c' and change the size of memeber 'uniqueid' in 'struct ast_vm_user' to 128


/* Structure for linked list of users */
struct ast_vm_user {
char context[AST_MAX_CONTEXT]; /* Voicemail context */
char mailbox[AST_MAX_EXTENSION];/* Mailbox id, unique within vm context
char password[80]; /* Secret pin code, numbers only */
char fullname[80]; /* Full name, for directory app */
char email[80]; /* E-mail address */
char pager[80]; /* E-mail address to pager (no attachme
char serveremail[80]; /* From: Mail address */
char mailcmd[160]; /* Configurable mail command */
char language[MAX_LANGUAGE]; /* Config: Language setting */
char zonetag[80]; /* Time zone */
char callback[80];
char dialout[80];
char uniqueid[128]; /* Unique integer identifier */ <<<<<========== here!!! char exit[80]; unsigned int flags; /* VM_ flags */ int saydurationm; int maxmsg; /* Maximum number of msgs per folder fo struct ast_vm_user *next; }; ./configure --with-odbc make menuselect enable "ODBC for voicemail" make make install # boot start make config 9. Database Create OpenSER Database /usr/local/sbin/openser_mysql.sh create Create FreeRadius Database mysql -uroot -p radius <>

use asterisk;
CREATE TABLE `voicemessages` (
`id` int(11) NOT NULL auto_increment,
`msgnum` int(11) NOT NULL default '0',
`dir` varchar(80) default '',
`context` varchar(80) default '',
`macrocontext` varchar(80) default '',
`callerid` varchar(40) default '',
`origtime` varchar(40) default '',
`duration` varchar(20) default '',
`mailboxuser` varchar(80) default '',
`mailboxcontext` varchar(80) default '',
`recording` longblob,
PRIMARY KEY (`id`),
KEY `dir` (`dir`)
) ENGINE=MyISAM;

CREATE VIEW vmusers AS
SELECT phplib_id as uniqueid,
username as customer_id,
'default' as context,
username as mailbox,
vmail_password as password,
CONCAT(first_name,' ',last_name) as fullname,
email_address as email,
NULL as pager,
datetime_created as stamp
FROM openser.subscriber;

CREATE VIEW sipusers AS
SELECT username as name,
username,
'friend' as type,
NULL as secret,
domain as host,
CONCAT(rpid, ' ','<',username,'>') as callerid,
'default' as context,
username as mailbox,
'yes' as nat,
'no' as qualify,
username as fromuser,
NULL as authuser,
domain as fromdomain,
NULL as insecure,
'no' as canreinvite,
NULL as disallow,
NULL as allow,
NULL as restrictcid,
domain as defaultip,
domain as ipaddr,
'5060' as port,
NULL as regseconds
FROM openser.subscriber;

# if you wanna use another account not root
GRANT ALL ON asterisk.* to asterisk@localhost IDENTIFIED BY 'some_password';

Tuesday, January 09, 2007

LINUX - Nocat

* based on Debian
1.
apt-get install iptables perl libdbi-perl libdbd-mysql-perl libdigest-md5-perl libnet-netmask-perl pgp apache-ssl

2.
tar xvzf NoCatAuth-0.82.tar.gz
cd NoCatAuth-0.82
mkdir /usr/local/nocat
make PREFIX=/usr/local/nocat/gateway gateway (使用iptables要先修改bin/detect-fw.sh 讓程式可以跑在kernel 2.16以上的OS,預設是2.4)

3.
make PREFIX=/usr/local/nocat/authserv authserv
make PREFIX=/usr/local/nocat/authserv pgpkey <-- 在passphrase時不要輸入任何資料
cp
/usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gateway/pgp/
chown -R www-data:www-data /usr/local/nocat/authserv/pgp/
chown -R www-data:www-data /usr/local/nocat/authserv/etc/
chown -R www-data:www-data /usr/local/nocat/authserv/cgi-bin/

4.
/usr/local/nocat/gateway/nocat.conf :
AuthServiceAddr 192.168.4.51
ExternalDevice eth0
InternalDevice eth1
LocalNetwork 192.168.4.0/24
DNSAddr 111.222.333.444
IncludePorts 22 80 443
LogFacility internal

5.
/usr/local/nocat/authserv/nocat.conf :

LocalNetwork 192.168.4.0/24
設定認證方式
DataSource Passwd
UserFile /usr/local/nocat/authserv/etc/passwd
GroupUserFile /usr/local/nocat/authserv/etc/group
GroupAdminFile /usr/local/nocat/authserv/etc/groupadm


6. cert
cd /etc/ssl/certs openssl req -new > nocat.cert.csr
openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in nocat.cert.csr -out nocat.cert.cert -req -signkey new.cert.key -days 365

7.
/etc/apache-ssl/httpd.conf :

因為images已經有被使用過Alias所以
將 alias /images/ /usr/share/images/ 改成 alias /images/ /usr/local/nocat/authserv/htdocs/images/

LoadModule env_module /usr/lib/apache/1.3/mod_env.so

(virtualhost 192.168.4.51) <-()要改成<>
ServerName 192.168.4.51 SSLCertificateFile /etc/ssl/certs/nocat.cert.cert SSLCertificateKeyFile /etc/ssl/certs/new.cert.key DocumentRoot /usr/local/nocat/authserv/htdocs Include /usr/local/nocat/authserv/httpd.conf
(/virtualHost)

8.
start apache-ssl:

/etc/init.d/apache-ssl restart

9.
Add users
/usr/local/nocat/authserv/bin/admintool -c username password

10.
start gateway
/usr/local/nocat/gateway/bin/gateway


Reference:
http://ginfo.egim-mrs.fr/wiki/doku.php?id=howtos:nocat
http://www.wi-fiplanet.com/tutorials/article.php/3286631