An experiment with FreeRADIUS. For each request, radius makes a HTTP GET on a webserver which answers a bit of json.
With this backend, you are free in your choice of database. You don’t have to change bind code, just write a little webserver.
Maintainers of FreeRADIUS rewrote this with a better support. The module is called rlm_rest.
require 'rubygems' require 'sinatra'get '/base/authenticate' do content_type "application/json"# mac address = params["mac"] # login = params["login"]'{"password" : "some NTLM password", "vlan" : "a vlan number"}' end
and in configuration file,
remotedb {
port = 8080
ip = 192.168.1.2
base = "/base"
}Easy? When I plug my network cable, radiusd asks my webserver
GET /base/authenticate?mac=[mac]&login=[login]Sinatra answers
{"password" : "some NTLM password", "vlan" : "a vlan number"}- Install the JSON library. apt-get install libjson0 on debian/ubuntu or manually install http://oss.metaparadigm.com/json-c/
- Copy the directory rlm_remotedb (this repository) into src/modules/
- Add “rlm_remotedb” in src/modules/stable
- ./configure
- make
- make install
- Create a file named remotedb in raddb/modules/ and insert this :
remotedb {
port = 8080
ip = 192.168.1.71
base = "/radius"
}- Ensure you have this in eap.conf (if you use inner-tunnel)
copy_request_to_tunnel = yes
use_tunneled_reply = yes- Add in your site configuration in authorize sub-section “remotedb”
- Run radiusd