Skip to content
This repository has been archived by the owner on May 17, 2022. It is now read-only.
/ nodejs-radius-pap-server-and-custom-auth Public archive

A party hack to setup secure (WPA Enterprise) wifi setup where visitors to the demo party Birdie could login to the wifi in a secure way. By using there e-mail that is registered and the barcode on there wrist arm to authenticate to the wifi network.

www.birdie.org

License

GPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lerra/nodejs-radius-pap-server-and-custom-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
bin
bin
 
 
lib
lib
 
 
node_modules
node_modules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
radius-script-auth-ean.php
radius-script-auth-ean.php
 
 
test-auth.sh
test-auth.sh
 
 

Repository files navigation

Intro

This is a RADIUS server that authenticates requests to a api. Original code that was modified from https://github.com/layeh/google-apps-radius

This code have been used in production during the demoparty Birdie (https://www.birdie.org) in Uppsala, Sweden. We used the setup to as other out of the box solutions (eg freeradius) did not work.

We used the visitors e-mail address as username, the barcode on there wrist as login for our secure wirless authentication. The radius server and our backend system resided on two different locations, the radius client was the Cisco WLC where the AP's proxied there radius requests.

You can take a look at the php code to get inspiration for your implementation. You will not be able to run that with out re-write 80% of it.

You will need to have the password (in our case, the barcode) in clear text to be able to use this custom auth with PAP, its part of the protocol where both sides knows the secret but does not exchange the secret in the radius communication (but it does after the radius server as we have a http api backend). The reason why we needed to go with PAP is because we can not provide our visitors a certificate and the handling around it.

Have in mind that I am not a nodejs coder, I just solve problems and this was one of our problems we had. Its a party hack where I wrote the one that was setup for google apps during a couple of hours. The only notes from the installation I have is "apt-get install npm freeradius-utils"

Example setup

I have provided some php code (./radius-script-auth-ean.php) to be used for the custom authentication. The nodejs part was running on ubuntu 16.04, the backend server is a (old) LAMP server where the php code is running.

You need to change the api key in the following files, search for API-KEY-CHANGE-ME ./lib/index.js ./radius-script-auth-ean.php

The http api

The code you need to write needs to take the username as a input and return the clear text secret (in our case, the EAN). Example post username=$USERNAME, the result should just be the text in clear, eg "23828424".

Installation

Usage: birdie-ean-radius --address <address> --port [port] --domain <domain> --secret <secret>

Options:
  --domain   [required]
  --secret   [required]
  --port     [default: 1812]
  --address  [default: "0.0.0.0"]

Known limitations (send a PR!)

  • Only supports RADIUS PAP (password authentication protocol)
  • nodejs server is only setup to communicate to the api over http, needs to be fixed to https
  • Documentation
  • Testing

Author

Lezgin Bakircioglu (lerra 82 at gmail.com)

License

GPLv3

About

A party hack to setup secure (WPA Enterprise) wifi setup where visitors to the demo party Birdie could login to the wifi in a secure way. By using there e-mail that is registered and the barcode on there wrist arm to authenticate to the wifi network.

www.birdie.org

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages