mirror of
https://github.com/hotspotbilling/phpnuxbill.git
synced 2025-02-22 22:43:35 +08:00
Created FreeRadius Rest (markdown)
iBNu Maksum
parent
88d4ca24fa
commit
89898cda50
1 changed files with 212 additions and 0 deletions
212
FreeRadius-Rest.md
Normal file
212
FreeRadius-Rest.md
Normal file
|
|
@ -0,0 +1,212 @@
|
|||
Freeradius REST API is configuration to make Freeradius talk to PHPNuxBill via HTTP Connection, configuration is simple more simple
|
||||
|
||||
# Installing freeradius
|
||||
|
||||
```bash
|
||||
apt-get -y install freeradius freeradius-rest
|
||||
```
|
||||
|
||||
edit clients.conf
|
||||
|
||||
```bash
|
||||
nano /etc/freeradius/3.0/clients.conf
|
||||
```
|
||||
|
||||
Add your Mikrotik IP or your Public IP, this is example, everytime you add/edit Client, restart freeradius
|
||||
|
||||
```bash
|
||||
client myRouterA {
|
||||
ipaddr = 10.0.1.0/24
|
||||
secret = verysecret
|
||||
}
|
||||
|
||||
client myRouterB {
|
||||
ipaddr = 10.0.2.0/24
|
||||
secret = secretvery
|
||||
}
|
||||
```
|
||||
|
||||
edit clients.conf
|
||||
|
||||
```bash
|
||||
nano /etc/freeradius/3.0/mods-enabled/rest
|
||||
```
|
||||
|
||||
use this configuration, change `phpnuxbill.domain` with your domain
|
||||
|
||||
```bash
|
||||
rest {
|
||||
tls {
|
||||
# ca_file = ${certdir}/ca.pem
|
||||
# ca_info_file = ${certdir}/cacert_bundle.pem
|
||||
# ca_path = ${certdir}
|
||||
check_cert = no
|
||||
check_cert_cn = no
|
||||
}
|
||||
connect_uri = "https://phpnuxbill.domain/radius.php"
|
||||
|
||||
authenticate {
|
||||
uri = "${..connect_uri}?action=authenticate"
|
||||
method = 'post'
|
||||
body = 'post'
|
||||
data = "username=%{urlquote:%{User-Name}}&password=%{urlquote:%{User-Password}}&macAddr=%{urlquote:%{Calling-Station-Id}}&nasip=%{urlquote:%{NAS-IP-Address}}"
|
||||
tls = ${..tls}
|
||||
}
|
||||
|
||||
authorize {
|
||||
uri = "${..connect_uri}?action=authorize"
|
||||
method = 'post'
|
||||
body = 'post'
|
||||
data = "username=%{urlquote:%{User-Name}}&password=%{urlquote:%{User-Password}}&macAddr=%{urlquote:%{Calling-Station-Id}}&nasip=%{urlquote:%{NAS-IP-Address}}"
|
||||
tls = ${..tls}
|
||||
}
|
||||
|
||||
accounting {
|
||||
uri = "${..connect_uri}?action=accounting"
|
||||
method = 'post'
|
||||
body = 'post'
|
||||
data = "username=%{urlquote:%{User-Name}}&nasIpAddress=%{urlquote:%{NAS-IP-Address}}&nasid=%{urlquote:%{NAS-Identifier}}\
|
||||
&acctSessionId=%{urlquote:%{Acct-Session-Id}}&macAddr=%{urlquote:%{Calling-Station-Id}}&acctSessionTime=%{urlquote:%{Acct-Session-Time}}\
|
||||
&acctInputOctets=%{urlquote:%{Acct-Input-Octets}}&acctOutputOctets=%{urlquote:%{Acct-Output-Octets}}\
|
||||
&acctInputGigawords=%{urlquote:%{Acct-Input-Gigawords}}&acctOutputGigawords=%{urlquote:%{Acct-Output-Gigawords}}\
|
||||
&acctInputPackets=%{urlquote:%{Acct-Input-Packets}}&acctOutputPackets=%{urlquote:%{Acct-Output-Packets}}\
|
||||
&nasPortId=%{urlquote:%{NAS-Port-Id}}&framedIPAddress=%{urlquote:%{Framed-IP-Address}}\
|
||||
&sessionTimeout=%{urlquote:%{Session-Timeout}}&framedIPNetmask=%{urlquote:%{Framed-IP-Netmask}}\
|
||||
&acctStatusType=%{urlquote:%{Acct-Status-Type}}&nasPortType=%{urlquote:%{NAS-Port-Type}}"
|
||||
tls = ${..tls}
|
||||
}
|
||||
|
||||
post-auth {
|
||||
uri = "${..connect_uri}?action=post-auth"
|
||||
method = 'post'
|
||||
body = 'post'
|
||||
data = "username=%{urlquote:%{User-Name}}"
|
||||
tls = ${..tls}
|
||||
}
|
||||
|
||||
pool {
|
||||
start = ${thread[pool].start_servers}
|
||||
min = ${thread[pool].min_spare_servers}
|
||||
max = ${thread[pool].max_servers}
|
||||
spare = ${thread[pool].max_spare_servers}
|
||||
uses = 0
|
||||
retry_delay = 30
|
||||
lifetime = 0
|
||||
idle_timeout = 60
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
edit sites
|
||||
|
||||
```bash
|
||||
nano /etc/freeradius/3.0/sites-enabled/default
|
||||
```
|
||||
|
||||
Configure just like this, don't delete others
|
||||
|
||||
```
|
||||
authorize {
|
||||
# filter_username
|
||||
# filter_password
|
||||
# preprocess
|
||||
# operator-name
|
||||
# cui
|
||||
# auth_log
|
||||
rest
|
||||
if (ok) {
|
||||
update control {
|
||||
Auth-Type := rest
|
||||
}
|
||||
}
|
||||
|
||||
....
|
||||
}
|
||||
|
||||
authenticate {
|
||||
Auth-Type rest {
|
||||
rest {
|
||||
updated = 1
|
||||
}
|
||||
if (updated) {
|
||||
ok
|
||||
}
|
||||
}
|
||||
Auth-Type rest {
|
||||
rest
|
||||
}
|
||||
|
||||
....
|
||||
}
|
||||
|
||||
accounting {
|
||||
detail
|
||||
rest
|
||||
|
||||
....
|
||||
}
|
||||
|
||||
session {
|
||||
radutmp
|
||||
|
||||
....
|
||||
}
|
||||
|
||||
post-auth {
|
||||
if (reply:Group-Name) {
|
||||
update control {
|
||||
&Group := "%{reply:Group-Name}"
|
||||
}
|
||||
}
|
||||
if (reply:Mikrotik-Rate-Limit) {
|
||||
update reply {
|
||||
Mikrotik-Rate-Limit := "%{reply:Mikrotik-Rate-Limit}"
|
||||
}
|
||||
}
|
||||
if (reply:Expiration) {
|
||||
update reply {
|
||||
Expiration := "%{reply:Expiration}"
|
||||
}
|
||||
}
|
||||
update {
|
||||
&reply: += &session-state:
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
```
|
||||
|
||||
restart services
|
||||
|
||||
```bash
|
||||
systemctl restart freeradius.service
|
||||
```
|
||||
|
||||
|
||||
## DEBUG
|
||||
|
||||
To check if someting wrong, stop freeradius
|
||||
|
||||
```bash
|
||||
systemctl stop freeradius.service
|
||||
```
|
||||
|
||||
Activate log in Mikrotik
|
||||
|
||||
```bash
|
||||
/system logging add topics=radius,debug action=memory
|
||||
```
|
||||
|
||||
run radius just like this
|
||||
|
||||
```bash
|
||||
freeradius -X
|
||||
```
|
||||
|
||||
then try to login
|
||||
|
||||
## Example configuration at Mikrotik
|
||||
|
||||
make timeout to 3000, it will show any error from freeradius when login
|
||||
|
||||
<img width="385" alt="Tangkapan Layar 2024-07-04 pukul 14 48 28" src="https://github.com/hotspotbilling/phpnuxbill/assets/811955/61f51286-1c93-4845-b9d3-bf769899cf95">
|
||||
Loading…
Reference in a new issue