Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
MongoDB for FreeRADIUS
branch: master

README.md

MongoDB module for FreeRADIUS

This module allow you to use MongoDB as FreeRADIUS backend (instead of a LDAP). Please consider using other module since this one is not maintained anymore.

How it works ?

Each time your radius receives a authorization request, FreeRADIUS will check user credentials stored in MongoDB.

The request looks like :

{
    "mac": "00-11-22-33-44-55",
    "username": "john"
}

If a document matches, MongoDB will return :

{
    .. some data ..
    "password": "secret"
    .. some data ..
}

FreeRADIUS will now compare given password and MongoDB password (only cleartext password).

Install

  • Copy the directory rlm_mongo/ into src/modules/
  • Add "rlm_mongo" in src/modules/stable
  • Build as usual
    • ./configure
    • make
    • make install
  • Edit your configuration
    • Create a file named mongo in raddb/modules/ and insert your configuration (see below)
    • Add in your site configuration in authorize sub-section "mongo"
  • Run radiusd

Configuration

mongo {
    port = "27017"
    ip = "192.168.1.181"

    base =  "production.users"
    username_field = "username"
    password_field = "password"

    # Check mac address (optionnal)
    # mac_field = "mac"

    # Check enable account (optionnal)
    # enable_field = "activate"
}

Tips

If you use rlm_mongo in inner-tunnel and mac filter, ensure you have this in eap.conf : copy_request_to_tunnel = yes

If you want to use NTLM password, only replace Cleartext-Password by NT-Password in rlm_mongo.c

Credits

Guillaume Rose, Roman Shterenzon

Something went wrong with that request. Please try again.