Setup FreeRadius on Centos 7.x and use Folio REST API

Setup FreeRadius on Centos 7.x and use Folio REST API Zeno Tajoli 27 Nov 2019 04:33 EST
Hi to all,

as I write on slack channel #sys-ops,  I do a basic test of setup
FreeRadius to use Folio REST API as source for authorization and
authentication.

I want to use Freeradius to allow students to do Internet navigation
(with Wifi). But I want to check username/password on Folio. I have
username/password of students only inside Folio.

I can see that it's work. The basic is to use module rlm_rest.
I install also 'Daloradius' a web GUI for FreeRadius.

To setup (on Centos 7.x):

1)Install Freeradius and  Daloradius
<https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/>
2)Install module rlm_rest: https://networkradius.com/freeradius-packages/
3)Basic config:
su

vi /etc/raddb/users
DEFAULT Auth-Type := rest

vi /etc/raddb/sites-enabled/default
authorize {
	#REST module
         update control { &REST-HTTP-Header += "X-Okapi-Tenant: xxxx"  }
         rest
}

authenticate {
	Auth-Type REST {
		update control { &REST-HTTP-Header += "X-Okapi-Tenant: xxxx"  }
                 rest
         }
}
vi /etc/raddb/mods-enabled/rest
rest {
	tls {
		check_cert = no
		check_cert_cn = no
	}
	connect_uri = "https://okapi-xxx.yyy.com/"
	...
	authorize {
         	uri = "${..connect_uri}authn/login"
                 method = 'post'
                 body = 'json'
                 data =
'{"username":"%{User-Name}","password":"%{User-Password}"}'
                	tls = ${..tls}
		}

	authenticate {
		uri = "${..connect_uri}authn/login"
                 method = 'post'
                 body = 'json'
                 data =
'{"username":"%{User-Name}","password":"%{User-Password}"}'
                 tls = ${..tls}
		}
		...
}

cd /var/log/radius/radacct
chmod -R 777 127.0.0.1/
[probably specific of RH/Centos]

4)To test on command line:
radtest <USERNAME> <PASSWORD> localhost 0 testing123
Sent Access-Request Id 150 from 0.0.0.0:50250 to 127.0.0.1:1812 length 79
         User-Name = "<USERNAME>"
         User-Password = "<PASSWORD>"
         NAS-IP-Address = 54.72.52.58
         NAS-Port = 0
         Message-Authenticator = 0x00
         Cleartext-Password = "<PASSWORD>"
Received Access-Accept Id 150 from 127.0.0.1:1812 to 127.0.0.1:50250
length 20

Bye
Zeno Tajoli

--
Zeno Tajoli
System Librarian

@CULT Srl
Via Quintino Sella, 33 - 00187 Roma
Tel +39 06 89873504 - Fax +39 06 89873496
zeno.tajoli@atcult.it

www.atcult.it

Questo messaggio è destinato alle sole persone indicate e può contenere
informazioni riservate.
Ogni altro uso del messaggio è vietato. Se avete ricevuto questa e-mail
per errore, siete pregati
di cancellare l'originale e comunicarcelo immediatamente via e-mail
all'indirizzo info@atcult.it