Dear Federico sir. I really appreciate your very fast response.
I think I misunderstood the docs. So, basically it's freeradius's requirement to all backend to provide 'clear-text-password' right ? If that so, How you provide it since I don't see any 'clear text' field in your models? How you get 'clear text' password from django password storage ? Note : Currently, since my app only support PAP ... i just use django.contrib.auth.authenticate ... and whenever valid I just use that PAP password as 'Clear-Text-Password' attribute. But if I want CHAP ... my App will not got clear-text-password from Freeradius call ... we need to 'count' it. So I will not able to use 'django.contrib.auth.authenticate' to authenticate user agains django user table. Sincerely -bino- On Thursday, October 25, 2018 at 4:22:07 PM UTC+7, Federico Capoano wrote: > > Hi Bino and welcome, > > we use the rml-rest module of freeradius to authorize users via a REST API > <https://github.com/openwisp/django-freeradius/blob/master/django_freeradius/api/views.py>, > > although it is still possible to use radius checks as well as described > here: > > https://django-freeradius.readthedocs.io/en/latest/general/freeradius.html#using-radius-checks-for-authorization-information > > If you need to see the freeradius configuration required to make this > work, it's also shown in the same page I just linked. > > Cheers > Federico > > On Thu, Oct 25, 2018 at 11:00 AM Bino Oetomo <[email protected] > <javascript:>> wrote: > >> Dear All. >> >> I just found your great django-freeradius today. >> >> Actualy, I wrote a django application with the same function as yours >> back in october 2016. >> I guarantee there is a bunch of noodle script in it, away away from 'good >> enough' to be published. >> >> Currently, those up is used in-house. >> it also serve as a backend for freeradius DHCP. >> it's full 'rest', so that freeradius didn't need mysql access. >> >> BUT ... errhhh >> I don't satisfied with my app (and or system). >> Most important things that I hate from it :It need to provide >> 'Clear-Text-Password' to FreeRadius. >> >> Looks like your app don't need to give 'Clear-Text-Password' attribute to >> FreeRadius, could you please tell me how you do it ? >> >> Here is my FreeRadius rest config : >> >> rest { >> # >> # This subsection configures the tls related items >> # that control how FreeRADIUS connects to a HTTPS >> # server. >> # >> tls { >> } >> >> my_uri = "http://127.0.0.1:8000/hotspot/"; >> my_uri_acct = "http://127.0.0.1:8001/hotspot/"; >> authorize { >> uri = "${..my_uri}" >> method = 'post' >> body = 'json' >> tls = ${..tls} >> } >> authenticate { >> uri = "${..my_uri}" >> method = 'post' >> body = 'json' >> tls = ${..tls} >> } >> accounting { >> uri = "${..my_uri_acct}" >> method = 'post' >> body = 'json' >> tls = ${..tls} >> } >> post-auth { >> #uri = >> "${..my_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?action=post-auth" >> uri = "${..my_uri}" >> method = 'post' >> body = 'json' >> tls = ${..tls} >> } >> >> pool { >> start = ${thread[pool].start_servers} >> >> min = ${thread[pool].min_spare_servers} >> >> max = ${thread[pool].max_servers} >> >> spare = ${thread[pool].max_spare_servers} >> >> uses = 0 >> >> retry_delay = 30 >> >> lifetime = 0 >> >> idle_timeout = 60 >> >> } >> } >> >> >> >> >> >> and here is some from default site config >> >> authorize { >> rest >> mschap >> pap >> eap >> } >> authenticate { >> pap >> mschap >> eap >> } >> >> preacct { >> preprocess >> acct_unique >> suffix >> files >> } >> >> >> accounting { >> rest >> detail >> exec >> } >> >> post-auth { >> update { >> &reply: += &session-state: >> } >> -sql >> exec >> remove_reply_message_if_eap >> Post-Auth-Type REJECT { >> # log failed authentications in SQL, too. >> -sql >> attr_filter.access_reject >> >> # Insert EAP-Failure message if the request was >> # rejected by policy instead of because of an >> # authentication failure >> eap >> >> # Remove reply message if the response contains an EAP-Message >> remove_reply_message_if_eap >> } >> } >> >> >> >> Sincerely >> -bino- >> >> -- >> You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
