I'm building a flask based web-service tobe backend of freeradius Have no problem on Authorization and accounting
Now I want to use freeradius dynamic client with this web-service
My Freeradius version
root@freeradius ~# freeradius -v
radiusd: FreeRADIUS Version 3.0.21, for host x86_64-pc-linux-gnu, built on Sep 3 2021 at 14:47:35
FreeRADIUS Version 3.0.21
Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
dynamic-client site config
root@freeradius ~# cat /etc/freeradius/3.0/sites-available/dynamic-clients
#
# Define a network where clients may be dynamically defined.
client dynamic {
ipaddr = 192.168.56.0/24
# Define the virtual server used to discover dynamic clients.
dynamic_clients = dynamic_clients
lifetime = 3600
}
#
# This is the virtual server referenced above by "dynamic_clients".
server dynamic_clients {
#
# The only contents of the virtual server is the "authorize" section.
authorize {
rest
}
}
rlm_rest config
root@freeradius ~# cat /etc/freeradius/3.0/mods-enabled/rest
rest {
#
# This subsection configures the tls related items
# that control how FreeRADIUS connects to a HTTPS
# server.
#
tls {
}
connect_timeout = 10.0
authorize {
uri = "http://127.0.0.1:5000/radius/authorize"
method = 'post'
body = JSON
#tls = ${..tls}
}
authenticate {
}
# Preacct/Accounting/Post-auth/Pre-Proxy/Post-Proxy
#
# Code Meaning Process body Module code
# 204 no content no ok
# 2xx successful yes ok/updated
# 5xx server error no fail
# xxx - no invalid
preacct {
}
accounting {
uri = "http://127.0.0.1:5000/radius/accounting"
method = 'post'
body = JSON
#tls = ${..tls}
}
post-auth {
}
pre-proxy {
}
post-proxy {
}
#
# The connection pool is new for 3.0, and will be used in many
# modules, for all kinds of connection-related activity.
#
pool {
start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}
uses = 0
retry_delay = 30
lifetime = 0
idle_timeout = 60
}
}
part of flask script that will handle all authorization
@app.route('/radius/authorize', methods=['GET', 'POST'])
def handle_radius_authorize():
if request.method == 'GET' :
return "<p>This is radius Authorize</p>"
radius_data = request.json
print(f'app.auth:{radius_data}')
radius_vserver = request.headers.get('X-Freeradius-Server', None)
try :
if radius_vserver == 'dynamic_clients':
result = proc_dynclient(radius_data)
else:
result = proc_authorize(radius_data)
jresponse = json.dumps(result['response'])
print(f'\nAuthorize Resp:\n{jresponse}\n')
return jsonify(result['response']), result['status']
except Exception as e:
print(traceback.format_exc())
return jsonify({}), 500
but when the radius client (a mikrotik PPPoE server) make a connection to free radius , the flask script didn't receive any post data. the debug console said
app.auth:{}
DynClient:
{}
while the FreeRadiuis debug said
Sat Dec 2 03:49:45 2023 : Debug: (0) server dynamic_clients {
Sat Dec 2 03:49:45 2023 : Debug: (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/dynmic-clients
Sat Dec 2 03:49:45 2023 : Debug: (0) authorize {
Sat Dec 2 03:49:45 2023 : Debug: (0) modsingle[authorize]: calling rest (rlm_rest)
Sat Dec 2 03:49:45 2023 : Debug: rlm_rest (rest): Reserved connection (0)
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: Expanding URI components
Sat Dec 2 03:49:45 2023 : Debug: http://127.0.0.1:5000
Sat Dec 2 03:49:45 2023 : Debug: Parsed xlat tree:
Sat Dec 2 03:49:45 2023 : Debug: literal --> http://127.0.0.1:5000
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: EXPAND http://127.0.0.1:5000
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: --> http://127.0.0.1:5000
Sat Dec 2 03:49:45 2023 : Debug: /radius/authorize
Sat Dec 2 03:49:45 2023 : Debug: Parsed xlat tree:
Sat Dec 2 03:49:45 2023 : Debug: literal --> /radius/authorize
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: EXPAND /radius/authorize
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: --> /radius/authorize
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: Sending HTTP POST to "http://127.0.0.1:5000/radius/authorize"
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: Adding custom headers:
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: X-FreeRADIUS-Section: authorize
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: X-FreeRADIUS-Server: dynamic_clients
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: Request body content-type will be "application/json"
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: JSON Data: {}
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: Returning 2 bytes of JSON data
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: Processing response header
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: Status : 500 (INTERNAL SERVER ERROR)
Sat Dec 2 03:49:45 2023 : Debug: (0) rest: Type : json (application/json)
Sat Dec 2 03:49:45 2023 : ERROR: (0) rest: Server returned:
Sat Dec 2 03:49:45 2023 : ERROR: (0) rest: {}
Sat Dec 2 03:49:45 2023 : Debug: rlm_rest (rest): Released connection (0)
Why FreeRadius lokks like did not endcode any data to json for the rest-backend? Is there any configuration fault? how to fix it?
Note: Some years ago I also played the same thing ... and as far as i remember freeradius will will give me (at least) kind of 'Packet-Src-IP-Address' in JSON format
Sincerely
-bino-