FreeRADIUS plugin #190
FreeRADIUS plugin #190
Conversation
net/freeradius3/Makefile
Outdated
| PLUGIN_NAME= freeradius3 | ||
| PLUGIN_VERSION= 0.0.1 | ||
| PLUGIN_COMMENT= Freeradius3 | ||
| PLUGIN_DEPENDS= talloc python2 gdbm |
There was a problem hiding this comment.
without reading on, curious why the depends?
There was a problem hiding this comment.
Hm, these were the dependencies when installing freeradius, don't know if it's required here also
There was a problem hiding this comment.
well, for one it should have "freeradius3", the rest is automatic...
There was a problem hiding this comment.
(you're building package os-freeradius, which depends on package freeradius3)
net/freeradius3/Makefile
Outdated
| @@ -0,0 +1,7 @@ | |||
| PLUGIN_NAME= freeradius3 | |||
There was a problem hiding this comment.
probably prefer "freeradius", which might be some work...
There was a problem hiding this comment.
Sure, I can rename it in the code. Grabbed the naming from pfSense, perhaps some enthusiast wants to implement also Freeradius2. :)
| @@ -0,0 +1,15 @@ | |||
| #!/bin/sh | |||
There was a problem hiding this comment.
note to self: check against freebsd freeradius3 pkg-plist
There was a problem hiding this comment.
I just copied it, is there some action required from my side?
net/freeradius3/pkg-descr
Outdated
| @@ -0,0 +1,9 @@ | |||
| FreeRADIUS includes a RADIUS server, a BSD licensed client library, a PAM library, and an Apache module. In most cases, the word FreeRADIUS refers to the RADIUS server. | |||
There was a problem hiding this comment.
Line breaks for 70ish characters please :)
| @@ -0,0 +1,5 @@ | |||
| <menu> | |||
| <Routing cssClass="fa fa-map-signs" order="45"> | |||
There was a problem hiding this comment.
Done, stupid copy+past :)
|
I did some final newline fixes which resulted from copy+paste and added a button to "General" for VLAN assignment. So for now it supports:
These should be the most common scenarios for Radius so I'd like to let the userbase test and ask them for their use cases to add their wishes. Whats missing:
|
| @@ -0,0 +1,7 @@ | |||
| PLUGIN_NAME= freeradius | |||
| PLUGIN_VERSION= 0.3.0 | |||
There was a problem hiding this comment.
just FYI: as long as the pull request is open you don't have to necessarily bump the version more than once. we also have PLUGIN_REVISION= which can be set to a numeric value for bugfixes, that's why most plugins only have X.Y, not X.Y.Z. But @fabianfrz likes three version numbers and that's perfectly fine here... only want to explain :)
There was a problem hiding this comment.
I'm fine with both, let's keep it this way.
| PLUGIN_NAME= freeradius | ||
| PLUGIN_VERSION= 0.3.0 | ||
| PLUGIN_COMMENT= RADIUS Authentication, Authorization and Accounting Server | ||
| PLUGIN_DEPENDS= freeradius3 |
There was a problem hiding this comment.
also FYI, freeradius3 has been bumped to 3.0.14 in the ports tree two days ago
|
|
||
| if (isset($config['OPNsense']['freeradius']['general']['enabled']) && $config['OPNsense']['freeradius']['general']['enabled'] == 1) { | ||
| $services[] = array( | ||
| 'description' => gettext('FreeRADIUS lets you run a local radius service instance.'), |
There was a problem hiding this comment.
I think this is too long, simply "FreeRADIUS" is ok as it is shown in the dashboard service widget.
| { | ||
| if ($this->request->isPost()) { | ||
| $backend = new Backend(); | ||
| $response = $backend->configdRun("freeradius start", true); |
There was a problem hiding this comment.
why detach here? better not to even if it takes a few seconds
There was a problem hiding this comment.
What exactly does that mean? You are speaking to a copy+paster :)
There was a problem hiding this comment.
"true" means start the service asynchronously as a background job, the controller will return immediately but the service status may not be ready yet. if copy+paste, try without it.
There was a problem hiding this comment.
cd plugins && fgrep configdRun -r * | grep start
returns always lines with "true" when there's start. Keep it so? :)
There was a problem hiding this comment.
Perhaps some more pkg maintainers than me do just copy+paste :P
| { | ||
| public function indexAction() | ||
| { | ||
| $this->view->title = gettext("FreeRADIUS-Clients"); |
There was a problem hiding this comment.
No hyphen "-" in composite string
| <id>user.description</id> | ||
| <label>Description</label> | ||
| <type>text</type> | ||
| <help>Surname, Lastname, or anything you need to describe.</help> |
There was a problem hiding this comment.
Surname, and "last name" are the same. Vorname is "given name" if you meant that. No capitalisation of works in English beyond the first word mostly.
| <id>user.vlan</id> | ||
| <label>VLAN ID</label> | ||
| <type>text</type> | ||
| <help>VLAN ID the user get's in, e.g. for 802.1X, leave empty if you don't know what it is.</help> |
| <id>general.vlanassign</id> | ||
| <label>Enable VLAN assignment</label> | ||
| <type>checkbox</type> | ||
| <help>This allows you to dynamically assign VLANs on your physical switchports.</help> |
| <menu> | ||
| <Services> | ||
| <FreeRADIUS VisibleName="FreeRADIUS" cssClass="fa fa-address-book-o"> | ||
| <General VisibleName="General" cssClass="fa fa-address-book-o fa-fw" url="/ui/freeradius/general/index" order="10"/> |
| @@ -0,0 +1,15 @@ | |||
| #!/bin/sh | |||
There was a problem hiding this comment.
Note to self: I will slightly change this after merge if it needs adjustment.
| @@ -0,0 +1,9 @@ | |||
| <menu> | |||
| <Services> | |||
| <FreeRADIUS VisibleName="FreeRADIUS" cssClass="fa fa-address-book-o"> | |||
There was a problem hiding this comment.
PS: VisibleName is automatic if it matches the node name, so you don't need it at all here.
|
@fichtner Is there something missing in Menu.xml since there's no icon displayed? |
|
symbol missing from our font awesome version? I can take a look after merge if you want |
|
Possibly, yes. For me it's mergeable now. Thanks for taking the time to review @fichtner and @fabianfrz 👍 |
|
@mimugmail thanks again! 👍 |
|
@mimugmail we don't have font awesome 4.7 yet... |
|
icon fixed via opnsense/core@92d1886 |
|
is there anyone to told me how to install radius on opnsense as you develops? |
|
it's easily available from the firmware: plugin menu in 17.7 :) |
|
thanks for your worthwhile effort. |
|
@rout3rx @mimugmail may be working on AV integration (c-icap/av_scan/clamav) but anti spam is currently not planned. |
|
sorry, excuse me i can ask a small question in this board? how can i apply bandwidth limit or user traffic limitation on users in freeradius? |
|
Against what service so you want to authenticate? Tell ne the attribute
named and I'll check how to add them
Am 06.08.2017 5:17 nachm. schrieb "rout3rx" <notifications@github.com>:
… sorry, excuse me i can ask a small question in this board? how can i apply
bandwidth limit or user traffic limitation on users in freeradius?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#190 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ATfeoWuLtO-viCWYVkEM6sGzgA0QuKI2ks5sVdkkgaJpZM4OKjuY>
.
|
|
when i want create share internet via PPTP or PPPoE connections, i want to apply some restriction like time of connection, bandwidth and traffic quota. |
|
This requires accounting setup and such, we maybe getting a bit ahead of our schedule in providing one step after another in RADIUS integration. But it's perfectly possible to set this up manually with the package (not the plugin). |
|
is it possible to add? or can i add more option in freeradius config file? |
|
Only when managed without the plugin. Just do a pkg install freeradius3 via CLI and go ahead in /usr/local/etc/raddb |
Hi,
here's a first start for a new Freeradius3 plugin.
Building and installing the package works but it's not getting installed under services (need help @fichtner ).
At the moment it's more or less a copy of Quagga / General from @fabianfrz and only PoC-quality.
I'm gonna add clients.conf and users for basic configuration, but it would be nice to check functionality via UI.
Any hints for linking the package?
Thanks!