# Sinatra SImple Network Access Tool with RAdius RADIUS-based network access is common in prosumer/office networks for requiring pre-registered MAC adddresses and/or selectively assigning VLANs to devices based on MAC address. Typically, FreeRADIUS is used, however its flexibility and complexity is burdensome when only MAC-based authentication is required. Such a setup _requires_ pre-registered MAC addresses, which can be difficult with IoT and consumer devices; and configuration of a default VLAN for unrecongnised MAC addresses is difficult. Certain vendors' router hardware can provide simplistic RADIUS servers, e.g. a Ubiquiti Unifi Dream Machine, but they do not provide default VLAN assignment. It is also useful to be vendor agnostic. Sinatra provides for this simple use case: - A simple NodeJS-based RADIUS server that provides (MAC-based) authentication, in any format. - A simple REST API to add/update/delete reqistered users (MAC addresses). - A Dockerfile (and docker-compose) to encapsulate the server within a docker container. - Optional default VLAN support to support unknown MAC addresses, e.g. into a guest network. # Configuration Optional configuration is via environment variables. ### SINATRA_PORT_RADIUS_AUTH Sets the listening port for RADIUS authentication. Default: 1812 ### SINATRA_PORT_RADIUS_ACCT Sets the listening port for RADIUS accounting Default: 1813 ### SINATRA_PORT_API Sets the listening port for the API Default: 8088 ### SINATRA_STORAGE Sets the storage type and location for data. The format is type://location. Supported types are: ##### json Uses a serialised JSON data file. e.g. json://./data Default: json://./data ### SINATRA_CLIENT_SECRET Sets the shared secret for RADIUS clients Default: password ### SINATRA_DEFAULT_VLAN Sets the default VLAN ID for unauthenticated users. If false, users must pass authentication. Default: false ### SINATRA_MAC_AUTH_ONLY Sets whether usernames and passwords should be processed as MAC addresses. If true, then all input formats are normalised to lowercase alphanumeric strings, e.g. aabbccddeeff Default: false ### SINATRA_SESSION_DURATION Sets the RADIUS session duration in seconds. Default: 600 ### SINATRA_TIME_RULES Sets whether time rules are to be processed. If true, then all registered users must have at least one 'allow' rule defined. Default: false # Feature roadmap - Mass-import from CSV - Connection accounting (with REST API endpoints for data access)