Hi Bino and welcome, we use the rml-rest module of freeradius to authorize users via a REST API <https://github.com/openwisp/django-freeradius/blob/master/django_freeradius/api/views.py>, although it is still possible to use radius checks as well as described here: https://django-freeradius.readthedocs.io/en/latest/general/freeradius.html#using-radius-checks-for-authorization-information
If you need to see the freeradius configuration required to make this work, it's also shown in the same page I just linked. Cheers Federico On Thu, Oct 25, 2018 at 11:00 AM Bino Oetomo <wowo...@gmail.com> wrote: > Dear All. > > I just found your great django-freeradius today. > > Actualy, I wrote a django application with the same function as yours back > in october 2016. > I guarantee there is a bunch of noodle script in it, away away from 'good > enough' to be published. > > Currently, those up is used in-house. > it also serve as a backend for freeradius DHCP. > it's full 'rest', so that freeradius didn't need mysql access. > > BUT ... errhhh > I don't satisfied with my app (and or system). > Most important things that I hate from it :It need to provide > 'Clear-Text-Password' to FreeRadius. > > Looks like your app don't need to give 'Clear-Text-Password' attribute to > FreeRadius, could you please tell me how you do it ? > > Here is my FreeRadius rest config : > > rest { > # > # This subsection configures the tls related items > # that control how FreeRADIUS connects to a HTTPS > # server. > # > tls { > } > > my_uri = "http://127.0.0.1:8000/hotspot/" > my_uri_acct = "http://127.0.0.1:8001/hotspot/" > authorize { > uri = "${..my_uri}" > method = 'post' > body = 'json' > tls = ${..tls} > } > authenticate { > uri = "${..my_uri}" > method = 'post' > body = 'json' > tls = ${..tls} > } > accounting { > uri = "${..my_uri_acct}" > method = 'post' > body = 'json' > tls = ${..tls} > } > post-auth { > #uri = > "${..my_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?action=post-auth" > uri = "${..my_uri}" > method = 'post' > body = 'json' > tls = ${..tls} > } > > pool { > start = ${thread[pool].start_servers} > > min = ${thread[pool].min_spare_servers} > > max = ${thread[pool].max_servers} > > spare = ${thread[pool].max_spare_servers} > > uses = 0 > > retry_delay = 30 > > lifetime = 0 > > idle_timeout = 60 > > } > } > > > > > > and here is some from default site config > > authorize { > rest > mschap > pap > eap > } > authenticate { > pap > mschap > eap > } > > preacct { > preprocess > acct_unique > suffix > files > } > > > accounting { > rest > detail > exec > } > > post-auth { > update { > &reply: += &session-state: > } > -sql > exec > remove_reply_message_if_eap > Post-Auth-Type REJECT { > # log failed authentications in SQL, too. > -sql > attr_filter.access_reject > > # Insert EAP-Failure message if the request was > # rejected by policy instead of because of an > # authentication failure > eap > > # Remove reply message if the response contains an EAP-Message > remove_reply_message_if_eap > } > } > > > > Sincerely > -bino- > > -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to openwisp+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.