nucleo000/radiusNucleo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

agregado de nuevos usuarios listo

Browse Source
This commit is contained in:
josedario87
2025-09-24 17:51:05 -06:00
parent 85886f1fed
commit 11b95c97a7
11 changed files with 275 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
freeradius/mods-available/rest
View File

@@ -25,4 +25,11 @@ rest {
method = "post"
body = "json"
}
# Post-auth: obtener atributos de respuesta (VLAN, etc.)
post-auth {
uri = "http://node:3000/post-auth"
method = "post"
body = "json"
}
}

11
freeradius/mods-available/rest_inner Normal file
View File

@@ -0,0 +1,11 @@
rest rest_inner {
connect_timeout = 4
read_timeout = 8
authorize {
uri = "http://node:3000/authorize-inner"
method = "post"
body = "json"
}
}

14
freeradius/mods-config/files/authorize
View File

@@ -1,3 +1,15 @@
# Managed by Node dashboard; do not edit manually
user1 Cleartext-Password := "contra1"
user2 Cleartext-Password := "contra2"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "2"
user2 Cleartext-Password := "contra2"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "3"
prueba2 Cleartext-Password := "contra2"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "2"

30
freeradius/mods-enabled/eap
View File

@@ -1,2 +1,30 @@
$INCLUDE /etc/freeradius/mods-available/eap
eap {
default_eap_type = peap
tls-config tls-common {
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
ca_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = /dev/urandom
fragment_size = 1024
include_length = yes
auto_chain = yes
}
tls {
tls = tls-common
}
peap {
tls = tls-common
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
mschapv2 {
}
}

25
freeradius/sites-enabled/default
View File

@@ -40,28 +40,7 @@ server default {
}
post-auth {
# Asignación de VLAN dinámica por usuario
if (&User-Name == "user1") {
update reply {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id := "2"
}
}
elsif (&User-Name == "user2") {
update reply {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id := "5"
}
}
else {
# Fallback opcional: comentar si no quieres valor por defecto
update reply {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id := "2"
}
}
# Obtener atributos de VLAN/otros desde el API
rest.post-auth
}
}

13
freeradius/sites-enabled/inner-tunnel
View File

@@ -6,16 +6,16 @@ server inner-tunnel {
}
authorize {
# Primero obtenemos credenciales del usuario desde el API
rest.authorize_inner_tunnel
# Luego dejamos que EAP procese (PEAP/MSCHAPv2)
# Obtener credenciales del usuario desde el API (debe devolver Cleartext-Password)
rest_inner
# Fallback/local: también consultar backend 'files' (user1/user2)
files
# Procesar EAP (PEAP) y MS-CHAPv2
eap
# mschap puede establecer Auth-Type si procede
mschap
}
authenticate {
# Autenticación EAP (PEAP/MSCHAPv2)
eap
Auth-Type MS-CHAP {
mschap
@@ -23,7 +23,6 @@ server inner-tunnel {
}
post-auth {
# Aquí podríamos añadir lógica adicional de auditoría si se desea
# No agregamos atributos de reply aquí; se añadirán en el outer post-auth
# Nada aquí; el outer post-auth añadirá VLAN
}
}

29
freeradius/startup.sh Executable file
View File

@@ -0,0 +1,29 @@
#!/bin/sh
set -eu
AUTH_FILE="/etc/freeradius/mods-config/files/authorize"
# Start FreeRADIUS in foreground
# Start in debug/foreground mode for logs
freeradius -X &
PID=$!
prev_mtime=""
poll_reload() {
while true; do
if [ -f "$AUTH_FILE" ]; then
mtime=$(stat -c %Y "$AUTH_FILE" 2>/dev/null || stat -f %m "$AUTH_FILE" 2>/dev/null || echo "")
if [ "${mtime}" != "${prev_mtime}" ] && [ -n "$mtime" ]; then
# File changed: send HUP to reload users
kill -HUP "$PID" 2>/dev/null || true
prev_mtime="$mtime"
fi
fi
sleep 2
done
}
poll_reload &
wait "$PID"