[openwisp] Django-FreeRadius

[Bino Oetomo]

Dear All.

I just found your great django-freeradius today.

Actualy, I wrote a django application with the same function as yours back 
in october 2016.
I guarantee there is a bunch of noodle script in it, away away from 'good 
enough' to be published.

Currently, those up is used in-house.
it also serve as a backend for freeradius DHCP.
it's full 'rest', so that freeradius didn't need mysql access.

BUT ... errhhh
I don't satisfied with my app (and or system).
Most important things that I hate from it :It need to provide 
'Clear-Text-Password' to FreeRadius.

Looks like your app don't need to give 'Clear-Text-Password' attribute to 
FreeRadius, could you please tell me how you do it ?

Here is my FreeRadius rest config :

rest {
    #
    #  This subsection configures the tls related items
    #  that control how FreeRADIUS connects to a HTTPS
    #  server.
    #
    tls {
    }

    my_uri = "http://127.0.0.1:8000/hotspot/";
    my_uri_acct = "http://127.0.0.1:8001/hotspot/";
    authorize {
        uri = "${..my_uri}"
        method = 'post'
        body = 'json'
        tls = ${..tls}
    }
    authenticate {
        uri = "${..my_uri}"
        method = 'post'
        body = 'json'
        tls = ${..tls}
    }
    accounting {
        uri = "${..my_uri_acct}"
        method = 'post'
        body = 'json'
        tls = ${..tls}
    }
    post-auth {
        #uri = 
"${..my_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?action=post-auth"
        uri = "${..my_uri}"
        method = 'post'
        body = 'json'
        tls = ${..tls}
    }

    pool {
        start = ${thread[pool].start_servers}

        min = ${thread[pool].min_spare_servers}

        max = ${thread[pool].max_servers}

        spare = ${thread[pool].max_spare_servers}

        uses = 0

        retry_delay = 30

        lifetime = 0

        idle_timeout = 60

    }
}





and here is some from default site config

authorize {
    rest
    mschap
    pap
    eap
}
authenticate {
    pap
    mschap
    eap
}

preacct {
    preprocess
    acct_unique
    suffix
    files
}


accounting {
    rest
    detail
    exec
}

post-auth {
    update {
        &reply: += &session-state:
    }
    -sql
    exec
    remove_reply_message_if_eap
    Post-Auth-Type REJECT {
        # log failed authentications in SQL, too.
        -sql
        attr_filter.access_reject

        # Insert EAP-Failure message if the request was
        # rejected by policy instead of because of an
        # authentication failure
        eap

        #  Remove reply message if the response contains an EAP-Message
        remove_reply_message_if_eap
    }
}



Sincerely
-bino-

-- 
You received this message because you are subscribed to the Google Groups 
"OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to openwisp+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.