Created FreeRadius Rest (markdown)

2024-07-06 21:43:34 +07:00 · 2024-07-06 21:43:34 +07:00 · 89898cda50
commit 89898cda50
parent 88d4ca24fa
1 changed files with 212 additions and 0 deletions
--- a/FreeRadius-Rest.md
+++ b/FreeRadius-Rest.md
@ -0,0 +1,212 @@
 Freeradius REST API is configuration to make Freeradius talk to PHPNuxBill via HTTP Connection, configuration is simple more simple
 # Installing freeradius
 ```bash
 apt-get -y install freeradius freeradius-rest
 ```
 edit clients.conf
 ```bash
 nano /etc/freeradius/3.0/clients.conf
 ```
 Add your Mikrotik IP or your Public IP, this is example, everytime you add/edit Client, restart freeradius
 ```bash
 client myRouterA {
 	ipaddr		= 10.0.1.0/24
 	secret		= verysecret
 }
 client myRouterB {
 	ipaddr		= 10.0.2.0/24
 	secret		= secretvery
 }
 ```
 edit clients.conf
 ```bash
 nano /etc/freeradius/3.0/mods-enabled/rest
 ```
 use this configuration, change `phpnuxbill.domain` with your domain
 ```bash
 rest {
    tls {
        # ca_file = ${certdir}/ca.pem
 		# ca_info_file = ${certdir}/cacert_bundle.pem
 		# ca_path = ${certdir}
        check_cert = no
        check_cert_cn = no
    }
 	connect_uri = "https://phpnuxbill.domain/radius.php"
 	authenticate {
 		uri = "${..connect_uri}?action=authenticate"
        method = 'post'
        body = 'post'
        data = "username=%{urlquote:%{User-Name}}&password=%{urlquote:%{User-Password}}&macAddr=%{urlquote:%{Calling-Station-Id}}&nasip=%{urlquote:%{NAS-IP-Address}}"
 		tls = ${..tls}
 	}
    authorize {
            uri = "${..connect_uri}?action=authorize"
            method = 'post'
            body = 'post'
            data = "username=%{urlquote:%{User-Name}}&password=%{urlquote:%{User-Password}}&macAddr=%{urlquote:%{Calling-Station-Id}}&nasip=%{urlquote:%{NAS-IP-Address}}"
 		tls = ${..tls}
    }
 	accounting {
 		uri = "${..connect_uri}?action=accounting"
 		method = 'post'
 		body = 'post'
        data = "username=%{urlquote:%{User-Name}}&nasIpAddress=%{urlquote:%{NAS-IP-Address}}&nasid=%{urlquote:%{NAS-Identifier}}\
 &acctSessionId=%{urlquote:%{Acct-Session-Id}}&macAddr=%{urlquote:%{Calling-Station-Id}}&acctSessionTime=%{urlquote:%{Acct-Session-Time}}\
 &acctInputOctets=%{urlquote:%{Acct-Input-Octets}}&acctOutputOctets=%{urlquote:%{Acct-Output-Octets}}\
 &acctInputGigawords=%{urlquote:%{Acct-Input-Gigawords}}&acctOutputGigawords=%{urlquote:%{Acct-Output-Gigawords}}\
 &acctInputPackets=%{urlquote:%{Acct-Input-Packets}}&acctOutputPackets=%{urlquote:%{Acct-Output-Packets}}\
 &nasPortId=%{urlquote:%{NAS-Port-Id}}&framedIPAddress=%{urlquote:%{Framed-IP-Address}}\
 &sessionTimeout=%{urlquote:%{Session-Timeout}}&framedIPNetmask=%{urlquote:%{Framed-IP-Netmask}}\
 &acctStatusType=%{urlquote:%{Acct-Status-Type}}&nasPortType=%{urlquote:%{NAS-Port-Type}}"
 		tls = ${..tls}
 	}
    post-auth {
        uri = "${..connect_uri}?action=post-auth"
        method = 'post'
        body = 'post'
        data = "username=%{urlquote:%{User-Name}}"
 		tls = ${..tls}
    }
 	pool {
 		start = ${thread[pool].start_servers}
 		min = ${thread[pool].min_spare_servers}
 		max = ${thread[pool].max_servers}
 		spare = ${thread[pool].max_spare_servers}
 		uses = 0
 		retry_delay = 30
 		lifetime = 0
 		idle_timeout = 60
 	}
 }
 ```
 edit sites
 ```bash
 nano /etc/freeradius/3.0/sites-enabled/default 
 ```
 Configure just like this, don't delete others
 ```
 authorize {
 #   filter_username
 #	filter_password
 #	preprocess
 #	operator-name
 #	cui
 #	auth_log
 	rest
    if (ok) {
        update control {
            Auth-Type := rest
        }
    }
    ....
 }
 authenticate {
    Auth-Type rest {
        rest {
            updated = 1
        }
        if (updated) {
            ok
        }
    }
 	Auth-Type rest {
 		rest
 	}
    ....
 }
 accounting {
 	detail
 	rest
    ....
 }
 session {
 	radutmp
    ....
 }
 post-auth {
 	if (reply:Group-Name) {
        update control {
            &Group := "%{reply:Group-Name}"
        }
    }
    if (reply:Mikrotik-Rate-Limit) {
        update reply {
            Mikrotik-Rate-Limit := "%{reply:Mikrotik-Rate-Limit}"
        }
    }
    if (reply:Expiration) {
        update reply {
            Expiration := "%{reply:Expiration}"
        }
    }
 	update {
 		&reply: += &session-state:
 	}
 }
 ```
 restart services
 ```bash
 systemctl restart freeradius.service
 ```
 ## DEBUG
 To check if someting wrong, stop freeradius
 ```bash
 systemctl stop freeradius.service
 ```
 Activate log in Mikrotik
 ```bash
 /system logging add topics=radius,debug action=memory
 ```
 run radius just like this
 ```bash
 freeradius -X
 ```
 then try to login
 ## Example configuration at Mikrotik
 make timeout to 3000, it will show any error from freeradius when login
 <img width="385" alt="Tangkapan Layar 2024-07-04 pukul 14 48 28" src="https://github.com/hotspotbilling/phpnuxbill/assets/811955/61f51286-1c93-4845-b9d3-bf769899cf95">