79 lines
2.4 KiB
Markdown
Executable File
79 lines
2.4 KiB
Markdown
Executable File
# Sinatra
|
|
|
|
SImple Network Access Tool with RAdius
|
|
|
|
RADIUS-based network access is common in prosumer/office networks for requiring pre-registered MAC adddresses and/or selectively assigning VLANs to devices based on MAC address.
|
|
|
|
Typically, FreeRADIUS is used, however its flexibility and complexity is burdensome when only MAC-based authentication is required.
|
|
Such a setup _requires_ pre-registered MAC addresses, which can be difficult with IoT and consumer devices; and configuration of a default VLAN for unrecongnised MAC addresses is difficult.
|
|
|
|
Certain vendors' router hardware can provide simplistic RADIUS servers, e.g. a Ubiquiti Unifi Dream Machine, but they do not provide default VLAN assignment. It is also useful to be vendor agnostic.
|
|
|
|
Sinatra provides for this simple use case:
|
|
|
|
- A simple NodeJS-based RADIUS server that provides (MAC-based) authentication, in any format.
|
|
- A simple REST API to add/update/delete reqistered users (MAC addresses).
|
|
- A Dockerfile (and docker-compose) to encapsulate the server within a docker container.
|
|
- Optional default VLAN support to support unknown MAC addresses, e.g. into a guest network.
|
|
|
|
# Configuration
|
|
|
|
Optional configuration is via environment variables.
|
|
|
|
### SINATRA_PORT_RADIUS_AUTH
|
|
Sets the listening port for RADIUS authentication.
|
|
|
|
Default: 1812
|
|
|
|
### SINATRA_PORT_RADIUS_ACCT
|
|
Sets the listening port for RADIUS accounting
|
|
|
|
Default: 1813
|
|
|
|
### SINATRA_PORT_API
|
|
Sets the listening port for the API
|
|
|
|
Default: 8088
|
|
|
|
### SINATRA_STORAGE
|
|
Sets the storage type and location for data. The format is type://location.
|
|
|
|
Supported types are:
|
|
|
|
##### json
|
|
Uses a serialised JSON data file. e.g. json://./data
|
|
|
|
Default: json://./data
|
|
|
|
### SINATRA_CLIENT_SECRET
|
|
Sets the shared secret for RADIUS clients
|
|
|
|
Default: password
|
|
|
|
### SINATRA_DEFAULT_VLAN
|
|
Sets the default VLAN ID for unauthenticated users. If false, users must pass authentication.
|
|
|
|
Default: false
|
|
|
|
### SINATRA_MAC_AUTH_ONLY
|
|
Sets whether usernames and passwords should be processed as MAC addresses.
|
|
If true, then all input formats are normalised to lowercase alphanumeric strings, e.g. aabbccddeeff
|
|
|
|
Default: false
|
|
|
|
### SINATRA_SESSION_DURATION
|
|
Sets the RADIUS session duration in seconds.
|
|
|
|
Default: 600
|
|
|
|
### SINATRA_TIME_RULES
|
|
Sets whether time rules are to be processed.
|
|
If true, then all registered users must have at least one 'allow' rule defined.
|
|
|
|
Default: false
|
|
|
|
# Feature roadmap
|
|
|
|
- Mass-import from CSV
|
|
- Connection accounting (with REST API endpoints for data access)
|