alis/Sinatra
1
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity
Sinatra/README.md
Alex Rennie-Lis f051bed335 Multiple changes and documentation.
2024-06-08 11:11:20 +01:00

2.4 KiB
Executable File
Raw Blame History

Sinatra

SImple Network Access Tool with RAdius

RADIUS-based network access is common in prosumer/office networks for requiring pre-registered MAC adddresses and/or selectively assigning VLANs to devices based on MAC address.

Typically, FreeRADIUS is used, however its flexibility and complexity is burdensome when only MAC-based authentication is required. Such a setup requires pre-registered MAC addresses, which can be difficult with IoT and consumer devices; and configuration of a default VLAN for unrecongnised MAC addresses is difficult.

Certain vendors' router hardware can provide simplistic RADIUS servers, e.g. a Ubiquiti Unifi Dream Machine, but they do not provide default VLAN assignment. It is also useful to be vendor agnostic.

Sinatra provides for this simple use case:

  • A simple NodeJS-based RADIUS server that provides (MAC-based) authentication, in any format.
  • A simple REST API to add/update/delete reqistered users (MAC addresses).
  • A Dockerfile (and docker-compose) to encapsulate the server within a docker container.
  • Optional default VLAN support to support unknown MAC addresses, e.g. into a guest network.

Configuration

Optional configuration is via environment variables.

SINATRA_PORT_RADIUS_AUTH

Sets the listening port for RADIUS authentication.

Default: 1812

SINATRA_PORT_RADIUS_ACCT

Sets the listening port for RADIUS accounting

Default: 1813

SINATRA_PORT_API

Sets the listening port for the API

Default: 8088

SINATRA_STORAGE

Sets the storage type and location for data. The format is type://location.

Supported types are:

json

Uses a serialised JSON data file. e.g. json://./data

Default: json://./data

SINATRA_CLIENT_SECRET

Sets the shared secret for RADIUS clients

Default: password

SINATRA_DEFAULT_VLAN

Sets the default VLAN ID for unauthenticated users. If false, users must pass authentication.

Default: false

SINATRA_MAC_AUTH_ONLY

Sets whether usernames and passwords should be processed as MAC addresses.
If true, then all input formats are normalised to lowercase alphanumeric strings, e.g. aabbccddeeff

Default: false

SINATRA_SESSION_DURATION

Sets the RADIUS session duration in minutes.

Default: 60

SINATRA_TIME_RULES

Sets whether time rules are to be processed.
If true, then all registered users must have at least one 'allow' rule defined.

Default: false

Feature roadmap

  • Mass-import from CSV
  • Connection accounting (with REST API endpoints for data access)