TOUGHRADIUS
Wiki
  • README
  • Security Update: XSS Vulnerability Fix
  • config
  • docker
  • freeRADIUS integration
  • tr069
    • tr069_events
  • common
    • XMLX
  • docs
    • documents
      • Explanation of nouns
      • Mikrotik TR069 Client Setup for ToughRADIUS
      • ToughRADIUS Defined TR069 Preset Template
      • Introduction to BRAS
      • The Cisco BRAS device is connected to the ToughRADIUS server
      • ToughRADIUS Configuration
      • database
      • ToughRADIUS Docker Quick Deployment
      • ToughRADIUS 对 EAP 认证方法的支持
      • FreeRadius rest module Configuration
      • freeRADIUS integration
      • ## H3C 设备配置对接 ToughRADIUS
      • Huawei device configuration and interconnection ToughRADIUS
      • ToughRADIUS Quick start
      • ToughRADIUS 常见问题
      • Docker-compose 部署
      • ToughRADIUS Data Model
      • tr069_cert
      • Event type (meaning corresponding to EVENT CODE)
      • Mikrotik TR069 Client Setup for ToughRADIUS
      • zh-cn
        • ToughRADIUS 快速安装指南
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. docs
  2. documents

FreeRadius rest module Configuration

PreviousToughRADIUS 对 EAP 认证方法的支持NextfreeRADIUS integration

Last updated 1 year ago

Was this helpful?

This is the core configuration of the ToughRadius REST API, you need to pay attention to the parameters sent here, these parameters are all parameters supported by ToughRadius

If you are interconnecting with a private network, you do not need to configure TLS, but if you are connecting to a public network, it is recommended to use TLS encryption

Be careful not to omit this configuration section when displaying it, every part is important!


rest {
	tls {
#		ca_file	= ${certdir}/cacert.pem
#		ca_path	= ${certdir}
#		certificate_file        = /path/to/radius.crt
#		private_key_file	= /path/to/radius.key
#		private_key_password	= "supersecret"
#		random_file		= /dev/urandom
		check_cert = no
		check_cert_cn = no
	}
	connect_uri = $ENV{FREERADIUS_API_URL}
	connect_timeout = 6.0
    authorize {
                #uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?action=authorize"
                uri = "${..connect_uri}/freeradius/authorize"
                method = 'post'
                body = 'post'
                data = "username=%{urlquote:%{User-Name}}&nasip=%{urlquote:%{NAS-IP-Address}}&nasid=%{urlquote:%{NAS-Identifier}}"
                #tls = ${..tls}
    }

    authenticate {
                #uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?action=authenticate"
                uri = "${..connect_uri}/freeradius/authenticate"
                method = 'post'
                body = 'post'
                data = "username=%{urlquote:%{User-Name}}&nasip=%{urlquote:%{NAS-IP-Address}}&nasid=%{urlquote:%{NAS-Identifier}}"
                #force_to = 'plain'
                #tls = ${..tls}
    }


    accounting {
                #uri = "${..connect_uri}/user/%{User-Name}/sessions/%{Acct-Unique-Session-ID}"
                uri = "${..connect_uri}/freeradius/accounting"
                method = 'post'
                body = 'post'
                data = "username=%{urlquote:%{User-Name}}&nasip=%{urlquote:%{NAS-IP-Address}}&nasid=%{urlquote:%{NAS-Identifier}}\
&acctSessionId=%{urlquote:%{Acct-Session-Id}}&macAddr=%{urlquote:%{Calling-Station-Id}}&acctSessionTime=%{urlquote:%{Acct-Session-Time}}\
&acctInputOctets=%{urlquote:%{Acct-Input-Octets}}&acctOutputOctets=%{urlquote:%{Acct-Output-Octets}}\
&acctInputGigawords=%{urlquote:%{Acct-Input-Gigawords}}&acctOutputGigawords=%{urlquote:%{Acct-Output-Gigawords}}\
&acctInputPackets=%{urlquote:%{Acct-Input-Packets}}&acctOutputPackets=%{urlquote:%{Acct-Output-Packets}}\
&nasPortId=%{urlquote:%{NAS-Port-Id}}&framedIPAddress=%{urlquote:%{Framed-IP-Address}}\
&sessionTimeout=%{urlquote:%{Session-Timeout}}&framedIPNetmask=%{urlquote:%{Framed-IP-Netmask}}\
&acctStatusType=%{urlquote:%{Acct-Status-Type}}"
    }

    post-auth {
                #uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?action=post-auth"
                uri = "${..connect_uri}/freeradius/postauth"
                method = 'post'
                body = 'post'
                #tls = ${..tls}
    }

	pool {
		start = ${thread[pool].start_servers}
		min = ${thread[pool].min_spare_servers}
		max = ${thread[pool].max_servers}
		spare = ${thread[pool].max_spare_servers}
		uses = 0
		retry_delay = 30
		lifetime = 0
		idle_timeout = 60
	}
}
FreeRadius configuration case