A bit of help using the rlm_rest module with django-freeradius
Marty E. Plummer
hanetzer at startmail.com
Sun Nov 18 04:10:09 CET 2018
Greetings all. Let me first say I'm a huge newbie on this whole subject
and have not used freeradius with any more than the default configs and
some user lines along the line of "bob Cleartext-Password := password",
but I've been working on putting together a docker cluster/whatever
using freeradius, postgresql, and a small django project using
django-freeradius to manage users and such. I've tried, to the best of
my ability, to configure freeradius to use rest with their api endpoints
to authenticate users, but I can't get anything other than radtest to
work.
If you clone https://bitbucket.org/hanetzer/radius.git and
docker-compose up --build, you should get a close approximation of my
current setup. You will also need a .env file in the repo's root, which
has a format like this:
DATABASE_URL=db://postgres:changeme@db/postgres #not yet configurable
DJANGO_DEBUG=false # whether DEBUG=True or not in django
DJANGO_FREERADIUS_API_TOKEN=longasstokenhere # django-freeradius thing
DJANGO_MANAGEPY_COLLECTSTATIC=off #django thing, not yet right so you may get glitchy assets on the admin site
DJANGO_MANAGEPY_MAKEMIGRATIONS=on
DJANGO_MANAGEPY_MIGRATE=on # apply changes to the postgresql db to set up schemas
DJANGO_SETTINGS_MODULE=radius.settings # needed for now
POSTGRES_DB=postgres # not yet configurable
POSTGRES_PASSWORD=changeme # not yet configurable
POSTGRES_USER=postgres # not yet configurable
SECRET_KEY=somesecretkey # django specific
FREERADIUS_SECRET=testing123 # havent' got all the spots yet so best to stick to this value
The setup is supposed to make a json post to api/v1/... which contains,
among other things, { "user":"%{User-Name}", "password":"%{User-Password}" }.
But, %{User-Password} always evaluates to "", an empty string. A manual curl to
the api endpoints works, however.
You'll need to enter the docker container running the webserver like
this 'docker exec -it radius_freeradius_xxxxxx sh' and source /venv/bin/activate,
at which point you run ./manage.py createsuperuser. Follow the prompts
and the admin/root user will be created. You can add a testing normal
user with ./manage.py batch_add_users --name test --file some.csv, where
some.csv contains the following:
username,cleartext$password,username at somehost.com,FirstName,LastName
the password must either be encrypted using the django scheme or
prefaced with the cleartext$ token.
You can access the admin interface and login with the superuser
credentials created above with the url http://localhost:8000/admin
If anyone could provide any help/suggestions on this matter I'd greately
appreciate it.
Marty
More information about the Freeradius-Users
mailing list