Initial stack: FreeRADIUS + Node API + docker-compose

freeradius/clients.conf

@@ -0,0 +1,7 @@
+client unifi {
+    ipaddr = %{env:RADIUS_CLIENTS_CIDR}
+    secret = %{env:RADIUS_SHARED_SECRET}
+    require_message_authenticator = no
+    nastype = other
+}
+

freeradius/mods-available/rest

@@ -0,0 +1,22 @@
+rest {
+    # Timeouts
+    connect_timeout = 4
+    read_timeout = 8
+
+    # Authorize: llama al API Node
+    authorize {
+        uri = "%{env:REST_ENDPOINT:-http://node:3000}/authorize"
+        method = "post"
+        body = "json"
+        # send_all = yes -> envía todos los atributos del paquete
+        # por defecto rlm_rest ya serializa atributos en JSON
+    }
+
+    # Accounting: opcional
+    accounting {
+        uri = "%{env:REST_ENDPOINT:-http://node:3000}/accounting"
+        method = "post"
+        body = "json"
+    }
+}
+

freeradius/sites-enabled/default

@@ -0,0 +1,43 @@
+server default {
+    listen {
+        type = auth
+        ipaddr = *
+        port = 1812
+    }
+
+    listen {
+        type = acct
+        ipaddr = *
+        port = 1813
+    }
+
+    authorize {
+        # Llama a la API REST para decidir y añadir atributos
+        rest
+
+        # Si la API no estableció Auth-Type, aceptamos por defecto (demo)
+        if (!&control:Auth-Type) {
+            update control {
+                Auth-Type := Accept
+            }
+        }
+    }
+
+    authenticate {
+        # Aceptar todo cuando control:Auth-Type := Accept
+        Auth-Type Accept {
+            ok
+        }
+    }
+
+    accounting {
+        rest
+        ok
+    }
+
+    post-auth {
+        # Aquí podríamos volver a llamar a REST para atributos dinámicos
+        # rest
+    }
+}
+