RLM_Rest and Dynamic Clients

Nick Cappelletti nick at switchtower.com
Fri Jul 17 14:08:26 CEST 2015 

Alan,

Thanks for the response.   I’ve read over the dynamic clients a few times, and understand how reading from a file, reading from a DB, and how the LDAP integration works, but I’m still trying to grasp the concept of the REST integration and how to keep the number of requests down to a minimum.  With the LDAP and SQL integration, I know that to grab the FreeRADIUS-Client-Shortname and FreeRADIUS-Client-Secret that we need for our clients, they’re all separate queries and with the number of devices we have on our network (2000+), and the large number of logins we have, I’m afraid I would end up DOS’ing the web server the API sits on with said requests.

The other questions I have is: how to configure the rest module.  I’ve seen the demo perl server, found a server fault pages explaining how to get ‘authorize’ to work (http://serverfault.com/questions/597393/configuring-rlm-rest-module-in-freeradius <http://serverfault.com/questions/597393/configuring-rlm-rest-module-in-freeradius>), and read through the comments in the source, and I could make an educated guess on how to configure the dynamic-clients, but without knowing for sure, I’d be grasping at straws trying to get it to work.  The best that I could come up with was:

server dynamic_clients {
    authorize {
        if ("%{rest: https://url?ipaddress='%{Packet-Src-IP-Address}'}") {
            update control {
                &FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
                &FreeRADIUS-Client-Shortname = "%{rest: https://url?ipaddress='%{Packet-Src-IP-Address}'&return=shortname}"
                &FreeRADIUS-Client-Secret = "%{rest: https://url?ipaddress='%{Packet-Src-IP-Address}'}&return=secret"
            }

        }
        ok
    }
}


Sorry for the ignorance, I try not to post to mailings lists unless I truly can’t find the information I need.

—Nick

> On Jul 16, 2015, at 1:41 PM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Jul 16, 2015, at 1:29 PM, Nick Cappelletti <nick at switchtower.com> wrote:
>> I was curious if there was a way to include dynamic-clients via the rest api module in FreeRADIUS. 
> 
>  Read raddb/sites-available/dynamic-clients
> 
>  Then, use the rest module in that virtual server.  Have the rest module return the attributes needed to define a client.
> 
>  The server doesn't care where it gets those attributes from.  So long as they exist, it can create a dynamic client.
> 
>  Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list