radius auth (RESt or script execution) & creating user on systems

Alan DeKok aland at deployingradius.com
Mon May 29 21:03:45 CEST 2017


On May 29, 2017, at 2:31 PM, Janis Heller <janis.heller at outlook.de> wrote:
> 
> I’ve got two question, question number 2 is not directly related to FreeRADIUS but I hope for some ideas.
> 
> 1.)
> I’m using FreeRADIUS at the moment with the REST functionality, this means, when a new auth request is made a GET request is performed by the RADIUS server, sending username, password and station ID to a PHP script which is checking the user data and allowing or denying the access by returning the result of the check to radius. This PHP script is making some database checks (I know there’s a module for FreeRADIUS, but my database passwords are hashed in a special way and I need to make a few checks for each user). What way is recommended, using the rest functionality or let radius call the script directly and sending the username, password and station ID as parameters, when calling the script?
> -I’m using radius for example for DANTE, using DANTE (SOCKS5 server), every single request made by a user will result in an RADIUS request too. That’s why I ask.

  I'd use the rlm_rest module in v3.  It supports all of this natively.

> 2.)
> I’m using the same FreeRADIUS server to manage my SSH logins too. This works fine, but I need to create every user account on each machine, before the login using RADIUS for auth is working fine. It’s not the job of RADIUS to create user accounts, but what’s the best way to create these user accounts, without using a LDAP backend? My idea was to use a cronjob which will check for new user accounts in a database and update them in case of need.

  You need to put user accounts into LDAP.

  Alan DeKok.




More information about the Freeradius-Users mailing list