-
-
Notifications
You must be signed in to change notification settings - Fork 872
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
providers/radius: simple radius outpost #1796
Conversation
1ecb994
to
a5ffde2
Compare
✔️ Deploy Preview for authentik ready! 🔨 Explore the source changes: 1ecb994 🔍 Inspect the deploy log: https://app.netlify.com/sites/authentik/deploys/619288d34f83ec0007a59ed9 😎 Browse the preview: https://deploy-preview-1796--authentik.netlify.app |
✅ Deploy Preview for authentik ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #1796 +/- ##
==========================================
- Coverage 92.77% 92.75% -0.01%
==========================================
Files 501 505 +4
Lines 25617 25688 +71
==========================================
+ Hits 23764 23825 +61
- Misses 1853 1863 +10
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 5 files with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
8c79a1a
to
605ed94
Compare
ea3ce9b
to
b2d2e7c
Compare
authentik/providers/radius/models.py
Outdated
) | ||
|
||
client_networks = models.TextField( | ||
default="0.0.0.0/0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is that going to be both IPv6 and IPv4? or only IPv4?
@BeryJu Care to explain why this has been closed? Was eagerly waiting for this :( |
I was just renaming some branches for cleanup, I forgot that closes the PR for it too. Also this probably wont happen for a while since all radius implementations that use anything but the very basic features require access to unhashed passwords somewhere wihch I dont want to save. |
a5ffde2
to
71760c8
Compare
@BeryJu could you share with us what is the status of the Radius outpost? What are the plans of authentik regarding it? I've spend a week trying to configure freeradius and authentik with the ldap outpost for a VPN with DUO, and realized that working with ldap is two limiting. Even though you are only implementing clear text passwords, I think that it would be better than having to rely on the ldap outpost. |
Would love to see radius support too. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
71760c8
to
d5affd5
Compare
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>
d5affd5
to
4e088fe
Compare
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-outpost-radius-v2-1679327525-4fd4a97
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s For arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-outpost-radius-v2-1679327525-4fd4a97-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s Afterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-outpost-radius-v2-1679327525-4fd4a97 For arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-outpost-radius-v2-1679327525-4fd4a97-arm64 Afterwards, run the upgrade commands from the latest release notes. |
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
02dde23
to
d9c87dd
Compare
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
A simple radius outpost that only supports username/password authentication (using the same flow executor as the ldap outpost), no support for CHAP as that would require reversible password storage, no support for TLS as there are multiple ways to implement that but none are supported by the current go library