使用python对freeradius进行扩展
安装:
yum -y install libtalloc-devel
yum -y install python-devel
wget -c ftp://ftp.freeradius.org/pub/freeradius/old/freeradius-server-3.0.11.tar.gz
tar zxvf freeradius-server-3.0.11.tar.gz
cd freeradius-server-3.0.11
./configure
make
make install
ldconfig
默认配置安装在 /usr/local/etc/raddb/
配置:
ln -s /usr/local/etc/raddb/mods-available/python /usr/local/etc/raddb/mods-enabled/python
编辑/usr/local/etc/raddb/mods-enabled/python 去掉 #func_authorize = authorize 和#func_authenticate = authenticate
的注释,表示使用授权模块功能
指定python的路径 export PYTHONPATH='/usr/local/etc/raddb/mods-config/python'
/usr/local/etc/raddb/sites-available/default
添加如下内容:
authorize {
python
}
authenticate {
Auth-Type Python {
python
}
}
修改默认认证方式为python
在 /usr/local/etc/raddb/users line:64修改为
DEFAULT Auth-Type := Python
将freeradius源代码下的 src/modules/rlm_python/example.py src/modules/rlm_python/radiusd.py 复制到 /usr/local/etc/raddb/mods-config/python 下
执行 radiusd -X 开始运行
测试执行 radtest user1 passw0rd localhost 0 testing123
参考文献:
freeradius3安装和python拓展需求
http://blog.csdn.net/orangleliu/article/details/50637701
对接双因子
http://www.freebuf.com/articles/es/152236.html
官方文档
http://wiki.freeradius.org/modules/Rlm_python
安装建立软连接
http://blog.csdn.net/huntinux/article/details/52892221
原文件内容:
/usr/local/etc/raddb/mods-enabled/python
#
# Make sure the PYTHONPATH environmental variable contains the
# directory(s) for the modules listed below.
#
# Uncomment any func_* which are included in your module. If
# rlm_python is called for a section which does not have
# a function defined, it will return NOOP.
#
python {
module = example
mod_instantiate = ${.module}
# func_instantiate = instantiate
mod_detach = ${.module}
# func_detach = instantiate
mod_authorize = ${.module}
func_authorize = authorize
mod_authenticate = ${.module}
func_authenticate = authenticate
mod_preacct = ${.module}
# func_preacct = preacct
mod_accounting = ${.module}
# func_accounting = accounting
mod_checksimul = ${.module}
# func_checksimul = checksimul
mod_pre_proxy = ${.module}
# func_pre_proxy = pre_proxy
mod_post_proxy = ${.module}
# func_post_proxy = post_proxy
mod_post_auth = ${.module}
#func_post_auth = post_auth
mod_recv_coa = ${.module}
# func_recv_coa = recv_coa
mod_send_coa = ${.module}
# func_send_coa = send_coa
}
example.py
#! /usr/bin/env python
#
# Python module example file
# Miguel A.L. Paraz <[email protected]>
#
# $Id: dd5b0b88243ea2919634d1ae519f5825f0560c93 $
import radiusd
def instantiate(p):
print "*** instantiate ***"
print p
def authenticate(p):
print "********* python authenticate *******"
print
radiusd.radlog(radiusd.L_INFO, '*******8 python authenticate ********')
print p
print
reply = (('Reply-Message', ':=', 'Hello from rlm_python'),
('My-Local-String', ':=', 'http://baidu.com'),)
print p
config = (('User-Password', '123'),)
return (radiusd.RLM_MODULE_REJECT,reply,config)
def authorize(p):
print "*** authorize ***"
print
radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***')
print
reply = (('Reply-Message', ':=', 'Hello from rlm_python'),
('My-Local-String', ':=', 'http://baidu.com'),)
print p
config = (('Cleartext-Password', '123'),)
return (radiusd.RLM_MODULE_OK,reply,config)
def preacct(p):
print "*** preacct ***"
print p
return radiusd.RLM_MODULE_OK
def accounting(p):
print "*** accounting ***"
radiusd.radlog(radiusd.L_INFO, '*** radlog call in accounting (0) ***')
print
print p
return radiusd.RLM_MODULE_OK
def pre_proxy(p):
print "*** pre_proxy ***"
print p
return radiusd.RLM_MODULE_OK
def post_proxy(p):
print "*** post_proxy ***"
print p
return radiusd.RLM_MODULE_OK
def post_auth(p):
print "*** post_auth ***"
print p
#reply = (('Reply-Message', ':=', 'Hello from rlm_python'),
# ('My-Local-String', ':=', 'http://baidu.com'),)
print p
#config = (('', 'benu123'),)
return radiusd.RLM_MODULE_OK
def recv_coa(p):
print "*** recv_coa ***"
print p
return radiusd.RLM_MODULE_OK
def send_coa(p):
print "*** send_coa ***"
print p
return radiusd.RLM_MODULE_OK
def detach():
print "*** goodbye from example.py ***"
return radiusd.RLM_MODULE_OK