Functional enhancement request: RADIUS authentication

Question

Functional enhancement request: RADIUS authentication

frankenstein91 opened this issue 4 years ago · comments

I find the multi-user support a great feature. I would like to use this function with a Radius server. My LAN and WLAN runs with Unifi hardware and IEEE 802.1x. So I already use a Radius Server in my network. I would like to give my family members the possibility for *.firstname.surname.local.

Thanks a lot

Pavel Tsakalidis · Answer 1 · Fri Apr 16 2021 00:39:00 GMT+0800 (China Standard Time)

RADIUS support has now been implemented in v1.1.0 - give it a go and let me know if there are any issues.

frankenstein91 · Answer 2 · Fri Apr 16 2021 03:38:13 GMT+0800 (China Standard Time)

did you update the documentation for setup or can you give me tips?

Pavel Tsakalidis · Answer 3 · Fri Apr 16 2021 03:49:06 GMT+0800 (China Standard Time)

Hi,

Login as an administrator, go to Settings > RADIUS, enter the server's IP, the port, and the secret.

I've only tested this with FreeRADIUS so hopefully it will work with your setup as well.

Let me know how it goes and I can tweak if it needed.

Thanks

frankenstein91 · Answer 4 · Fri Apr 16 2021 06:18:03 GMT+0800 (China Standard Time)

somehow i get this

Pavel Tsakalidis · Answer 5 · Sat Apr 17 2021 05:14:03 GMT+0800 (China Standard Time)

Apologies about that, I've now fixed the issue.

Pull the latest and greatest code, rebuild the Docker container, and it should work just fine.

frankenstein91 · Answer 6 · Sat Apr 17 2021 22:59:31 GMT+0800 (China Standard Time)

i think we have more problems in the docker...

  Building wheel for Flask-Bcrypt (setup.py): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /opt/snitchdns/venv/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-v3cs1cg0/Flask-Bcrypt/setup.py'"'"'; __file__='"'"'/tmp/pip-install-v3cs1cg0/Flask-Bcrypt/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-n1bo3oqc
       cwd: /tmp/pip-install-v3cs1cg0/Flask-Bcrypt/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for Flask-Bcrypt
  Running setup.py clean for Flask-Bcrypt
  Building wheel for Flask-Mail (setup.py): started
  Building wheel for Flask-Mail (setup.py): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /opt/snitchdns/venv/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-v3cs1cg0/Flask-Mail/setup.py'"'"'; __file__='"'"'/tmp/pip-install-v3cs1cg0/Flask-Mail/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-3wxgtwnp
       cwd: /tmp/pip-install-v3cs1cg0/Flask-Mail/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for Flask-Mail
  Running setup.py clean for Flask-Mail
  Building wheel for gunicorn (setup.py): started
  Building wheel for gunicorn (setup.py): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /opt/snitchdns/venv/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-v3cs1cg0/gunicorn/setup.py'"'"'; __file__='"'"'/tmp/pip-install-v3cs1cg0/gunicorn/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-jc7nc7es
       cwd: /tmp/pip-install-v3cs1cg0/gunicorn/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for gunicorn
  Running setup.py clean for gunicorn
  Building wheel for pywebpush (setup.py): started
  Building wheel for pywebpush (setup.py): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /opt/snitchdns/venv/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-v3cs1cg0/pywebpush/setup.py'"'"'; __file__='"'"'/tmp/pip-install-v3cs1cg0/pywebpush/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-q2jke50k
       cwd: /tmp/pip-install-v3cs1cg0/pywebpush/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for pywebpush
  Running setup.py clean for pywebpush
  Building wheel for psycopg2 (setup.py): started
  Building wheel for psycopg2 (setup.py): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /opt/snitchdns/venv/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-v3cs1cg0/psycopg2/setup.py'"'"'; __file__='"'"'/tmp/pip-install-v3cs1cg0/psycopg2/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-kcyhw2xt
       cwd: /tmp/pip-install-v3cs1cg0/psycopg2/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for psycopg2
  Running setup.py clean for psycopg2
  Building wheel for blinker (setup.py): started
  Building wheel for blinker (setup.py): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /opt/snitchdns/venv/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-v3cs1cg0/blinker/setup.py'"'"'; __file__='"'"'/tmp/pip-install-v3cs1cg0/blinker/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-buw_m2w5
       cwd: /tmp/pip-install-v3cs1cg0/blinker/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for blinker
  Running setup.py clean for blinker
  Building wheel for http-ece (setup.py): started
  Building wheel for http-ece (setup.py): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /opt/snitchdns/venv/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-v3cs1cg0/http-ece/setup.py'"'"'; __file__='"'"'/tmp/pip-install-v3cs1cg0/http-ece/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-sh_67l13
       cwd: /tmp/pip-install-v3cs1cg0/http-ece/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for http-ece
  Running setup.py clean for http-ece
  Building wheel for py-vapid (setup.py): started
  Building wheel for py-vapid (setup.py): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /opt/snitchdns/venv/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-v3cs1cg0/py-vapid/setup.py'"'"'; __file__='"'"'/tmp/pip-install-v3cs1cg0/py-vapid/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-vktaosjb
       cwd: /tmp/pip-install-v3cs1cg0/py-vapid/
  Complete output (6 lines):
  usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
     or: setup.py --help [cmd1 cmd2 ...]
     or: setup.py --help-commands
     or: setup.py cmd --help

  error: invalid command 'bdist_wheel'
  ----------------------------------------
  ERROR: Failed building wheel for py-vapid
  Running setup.py clean for py-vapid
Failed to build Flask-Bcrypt Flask-Mail gunicorn pywebpush psycopg2 blinker http-ece py-vapid
ERROR: requests 2.25.1 has requirement idna<3,>=2.5, but you'll have idna 3.1 which is incompatible.

frankenstein91 · Answer 7 · Sat Apr 17 2021 23:08:58 GMT+0800 (China Standard Time)

Unfortunately the radius connection does not work

'ascii' codec can't encode character '\xa7' in position 3: ordinal not in range(128)
Traceback (most recent call last):
File "/opt/snitchdns/venv/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/opt/snitchdns/venv/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/snitchdns/venv/lib/python3.8/site-packages/flask_login/utils.py", line 272, in decorated_view
return func(*args, **kwargs)
File "/opt/snitchdns/app/lib/base/decorators.py", line 14, in wrapped_view
return f(**kwargs)
File "/opt/snitchdns/app/controllers/config/system/radius.py", line 54, in radius_test
if not radius.test_connection():
File "/opt/snitchdns/app/lib/users/auth/radius.py", line 83, in test_connection
client = self.__get_client()
File "/opt/snitchdns/app/lib/users/auth/radius.py", line 99, in __get_client
return Client(server=self.host, authport=self.port, secret=self.secret.encode('ascii'), dict=Dictionary(self.dictionary), retries=1)
UnicodeEncodeError: 'ascii' codec can't encode character '\xa7' in position 3: ordinal not in range(128)

Pavel Tsakalidis · Answer 8 · Sun Apr 18 2021 19:14:32 GMT+0800 (China Standard Time)

Hello (again!)

Previously I had only tested passwords with 7-bit ascii, but have now pushed a fix to treat everything as utf-8. I've done an end-to-end test and it now seems to be working fine (hopefully we're getting there!).

Please delete any existing images/containers/volumes of SnitchDNS, and give it another go.

Thanks

frankenstein91 · Answer 9 · Sun Apr 18 2021 20:56:37 GMT+0800 (China Standard Time)

The function works as I imagined it would. I will soon transfer it from my test network to my productive network.

Thank you

Pavel Tsakalidis · Answer 10 · Sun Apr 18 2021 20:59:38 GMT+0800 (China Standard Time)

Glad we got that sorted!