radius-http-json

How it works ?

An experiment with FreeRADIUS. For each request, radius makes a HTTP GET on a webserver which answers a bit of json.
With this backend, you are free in your choice of database. You don’t have to change bind code, just write a little webserver.

Maintainers of FreeRADIUS rewrote this with a better support. The module is called rlm_rest.

require 'rubygems'
require 'sinatra'

get '/base/authenticate' do
  content_type "application/json"
  
  # mac address = params["mac"]
  # login = params["login"]

  '{"password" : "some NTLM password", "vlan" : "a vlan number"}'
end

and in configuration file,

remotedb {
	port = 8080
	ip = 192.168.1.2
	base = "/base"
}

Easy? When I plug my network cable, radiusd asks my webserver

GET /base/authenticate?mac=[mac]&login=[login]

Sinatra answers

{"password" : "some NTLM password", "vlan" : "a vlan number"}

Install

  • Install the JSON library. apt-get install libjson0 on debian/ubuntu or manually install http://oss.metaparadigm.com/json-c/
  • Copy the directory rlm_remotedb (this repository) into src/modules/
  • Add “rlm_remotedb” in src/modules/stable
  • ./configure
  • make
  • make install
  • Create a file named remotedb in raddb/modules/ and insert this :
remotedb {
	port = 8080
	ip = 192.168.1.71
	base = "/radius"
}

  • Ensure you have this in eap.conf (if you use inner-tunnel)
copy_request_to_tunnel = yes
use_tunneled_reply = yes

  • Add in your site configuration in authorize sub-section “remotedb”
  • Run radiusd