Setup FreeRadius on Centos 7.x and use Folio REST API Zeno Tajoli 27 Nov 2019 04:33 EST
Hi to all, as I write on slack channel #sys-ops, I do a basic test of setup FreeRadius to use Folio REST API as source for authorization and authentication. I want to use Freeradius to allow students to do Internet navigation (with Wifi). But I want to check username/password on Folio. I have username/password of students only inside Folio. I can see that it's work. The basic is to use module rlm_rest. I install also 'Daloradius' a web GUI for FreeRadius. To setup (on Centos 7.x): 1)Install Freeradius and Daloradius <https://computingforgeeks.com/installing-freeradius-and-daloradius-centos-7/> 2)Install module rlm_rest: https://networkradius.com/freeradius-packages/ 3)Basic config: su vi /etc/raddb/users DEFAULT Auth-Type := rest vi /etc/raddb/sites-enabled/default authorize { #REST module update control { &REST-HTTP-Header += "X-Okapi-Tenant: xxxx" } rest } authenticate { Auth-Type REST { update control { &REST-HTTP-Header += "X-Okapi-Tenant: xxxx" } rest } } vi /etc/raddb/mods-enabled/rest rest { tls { check_cert = no check_cert_cn = no } connect_uri = "https://okapi-xxx.yyy.com/" ... authorize { uri = "${..connect_uri}authn/login" method = 'post' body = 'json' data = '{"username":"%{User-Name}","password":"%{User-Password}"}' tls = ${..tls} } authenticate { uri = "${..connect_uri}authn/login" method = 'post' body = 'json' data = '{"username":"%{User-Name}","password":"%{User-Password}"}' tls = ${..tls} } ... } cd /var/log/radius/radacct chmod -R 777 127.0.0.1/ [probably specific of RH/Centos] 4)To test on command line: radtest <USERNAME> <PASSWORD> localhost 0 testing123 Sent Access-Request Id 150 from 0.0.0.0:50250 to 127.0.0.1:1812 length 79 User-Name = "<USERNAME>" User-Password = "<PASSWORD>" NAS-IP-Address = 54.72.52.58 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "<PASSWORD>" Received Access-Accept Id 150 from 127.0.0.1:1812 to 127.0.0.1:50250 length 20 Bye Zeno Tajoli -- Zeno Tajoli System Librarian @CULT Srl Via Quintino Sella, 33 - 00187 Roma Tel +39 06 89873504 - Fax +39 06 89873496 zeno.tajoli@atcult.it www.atcult.it Questo messaggio è destinato alle sole persone indicate e può contenere informazioni riservate. Ogni altro uso del messaggio è vietato. Se avete ricevuto questa e-mail per errore, siete pregati di cancellare l'originale e comunicarcelo immediatamente via e-mail all'indirizzo info@atcult.it