2020-02-14 23:20:24 +00:00
|
|
|
Basic RADIUS Server for node.js for Google LDAP Service and WPA2 Enteprise WLAN Authentification.
|
2020-02-22 23:29:33 +00:00
|
|
|
|
|
|
|
- supports LDAP Authentification Backend
|
|
|
|
- supports WPA2 Entprise (TTLS over PAP)
|
|
|
|
|
|
|
|
Protect your WIFI access with a username and password by a credential provider you already use!
|
2020-02-14 23:20:24 +00:00
|
|
|
|
2020-02-25 10:54:57 +00:00
|
|
|
Authenticiation tested with Windows, Linux, Android and Apple devices.
|
|
|
|
|
2020-02-14 23:20:24 +00:00
|
|
|
## Known Issues / Disclaimer
|
|
|
|
|
2020-02-25 10:54:57 +00:00
|
|
|
This is a first implementation, which is currently only working with node js nightly (node 13+) (see https://github.com/nodejs/node/pull/31814).
|
2020-02-14 23:20:24 +00:00
|
|
|
|
2020-02-25 10:54:57 +00:00
|
|
|
- MD5 Challenge not implenented, but RFC says this is mandatory ;-)
|
|
|
|
- Inner Tunnel does not act differently, even though spec says that EAP-message are not allowed to get fragmented,
|
|
|
|
this is not a problem right now, as the messages of the inner tunnel are small enough, but it could be a bug in the future.
|
|
|
|
ways to approach this: refactor that the inner tunnel can set max fragment size, or rebuild eap fragments in ttls after inner tunnel response
|
2020-02-14 23:20:24 +00:00
|
|
|
|
2020-02-22 23:29:33 +00:00
|
|
|
CONTRIBUTIONS WELCOME! If you are willing to help, just open a PR or contact me via bug system or simon.tretter@hokify.com.
|
2020-02-14 23:20:24 +00:00
|
|
|
|
2020-02-23 19:42:36 +00:00
|
|
|
## Motivation
|
|
|
|
|
|
|
|
### Why not Freeradius?
|
|
|
|
|
|
|
|
There are several reasons why I started implementing this radius server in node js. We are using
|
|
|
|
freeradius right now, but have several issues which are hard to tackle due to the reason that freeradius
|
|
|
|
is a complex software and supports many uses cases. It is also written in C++ and uses threads behind the scene.
|
|
|
|
Therefore it's not easy to extend or modify it, or even bring new feature in.
|
|
|
|
The idea of this project is to make a super simple node radius server, which is async by default. No complex
|
|
|
|
thread handling, no other fancy thing. The basic goal is to make WPA2 authenticiation easy again.
|
|
|
|
|
2020-02-26 09:56:29 +00:00
|
|
|
### 802.1x protocol in node
|
2020-02-23 19:42:36 +00:00
|
|
|
|
|
|
|
Another motivation is that it is very exciting to see how wireless protocols have evolved, and see
|
|
|
|
how a implementation like TTLS works.
|
|
|
|
|
|
|
|
### Few alternatives (only non-free ones like Jumpcloud...)
|
|
|
|
|
|
|
|
Furthermore there are few alternatives out there, e.g. jumpcloud is non-free and I couldn't find many others.
|
|
|
|
|
|
|
|
### Vision
|
|
|
|
|
|
|
|
As soon as I understood the TTLS PAP Tunnel approach, I had this vision of making Wlan Authentification easy
|
|
|
|
for everyone. Why limit it to something "complex" like LDAP and co. This library aims to make it easy for everyone
|
|
|
|
to implement either their own authentication mechanismus (e.g. against a database), or provides some mechansimns
|
|
|
|
out of the box (e.g. imap, static, ldap,..).
|
|
|
|
|
2020-02-14 23:20:24 +00:00
|
|
|
## Installation
|
|
|
|
|
|
|
|
npm install
|
|
|
|
npm run build
|
|
|
|
|
|
|
|
## Introduction
|
|
|
|
|
|
|
|
This app provides a radius server to authenticate against google's SLDAP service. To get this running
|
2020-02-22 23:29:33 +00:00
|
|
|
you need:
|
|
|
|
|
|
|
|
1. Running LDAP Service (E.g. Google Suite Enterprise or Gloud Identity Premium)
|
|
|
|
2. Optional: Create your own SSL certificate (e.g. self signed via npm run create-certificate)
|
|
|
|
3. Check config.js and adapt to your needs
|
|
|
|
|
2020-02-23 19:44:55 +00:00
|
|
|
- configure authentication:
|
2020-02-23 19:49:57 +00:00
|
|
|
set authenticaiton to one of the provided authenticators.
|
2020-02-22 23:29:33 +00:00
|
|
|
|
|
|
|
```js
|
|
|
|
var config = {
|
|
|
|
// ....
|
2020-02-23 19:44:55 +00:00
|
|
|
authentication: 'GoogleLDAPAuth',
|
2020-02-22 23:29:33 +00:00
|
|
|
authenticationOptions: {
|
|
|
|
base: 'dc=hokify,dc=com'
|
|
|
|
}
|
|
|
|
};
|
|
|
|
```
|
|
|
|
|
|
|
|
- set radius secret
|
|
|
|
|
|
|
|
4. Install und build server: npm install && npm run build
|
|
|
|
5. Start server "npm run start"
|
|
|
|
|
2020-02-23 19:42:36 +00:00
|
|
|
## Configuration
|
|
|
|
|
|
|
|
see config.js in root
|
|
|
|
|
|
|
|
### Authentications
|
|
|
|
|
|
|
|
#### Google LDAP
|
|
|
|
|
|
|
|
google ldap optimized authenticiation implementaiton
|
2020-02-22 23:29:33 +00:00
|
|
|
|
2020-02-23 19:44:55 +00:00
|
|
|
```typescript
|
|
|
|
interface IGoogleLDAPAuthOptions {
|
|
|
|
/** base DN
|
|
|
|
* e.g. 'dc=hokify,dc=com', */
|
|
|
|
base: string;
|
|
|
|
/** tls options
|
|
|
|
* e.g. {
|
|
|
|
key: fs.readFileSync('ldap.gsuite.hokify.com.40567.key'),
|
|
|
|
cert: fs.readFileSync('ldap.gsuite.hokify.com.40567.crt')
|
|
|
|
} */
|
|
|
|
tlsOptions: tls.TlsOptions;
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
Example
|
2020-02-23 19:49:57 +00:00
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
```js
|
|
|
|
c = {
|
|
|
|
// GoogleLDAPAuth (optimized for google auth)
|
|
|
|
authentication: 'GoogleLDAPAuth',
|
|
|
|
authenticationOptions: {
|
|
|
|
base: 'dc=hokify,dc=com',
|
|
|
|
tlsOptions: {
|
|
|
|
key: fs.readFileSync('ldap.gsuite.hokify.com.40567.key'),
|
|
|
|
cert: fs.readFileSync('ldap.gsuite.hokify.com.40567.crt')
|
|
|
|
}
|
|
|
|
}
|
2020-02-23 19:49:57 +00:00
|
|
|
};
|
2020-02-23 19:48:44 +00:00
|
|
|
```
|
|
|
|
|
2020-02-23 19:42:36 +00:00
|
|
|
#### LDAP
|
|
|
|
|
|
|
|
ldap authentication
|
|
|
|
|
|
|
|
```typescript
|
|
|
|
interface ILDAPAuthOptions {
|
|
|
|
/** ldap url
|
|
|
|
* e.g. ldaps://ldap.google.com
|
|
|
|
*/
|
|
|
|
url: string;
|
|
|
|
/** base DN
|
|
|
|
* e.g. 'dc=hokify,dc=com', */
|
|
|
|
base: string;
|
|
|
|
/** tls options
|
|
|
|
* e.g. {
|
|
|
|
key: fs.readFileSync('ldap.gsuite.hokify.com.40567.key'),
|
|
|
|
cert: fs.readFileSync('ldap.gsuite.hokify.com.40567.crt'),
|
|
|
|
servername: 'ldap.google.com'
|
|
|
|
} */
|
|
|
|
tlsOptions?: any;
|
|
|
|
/**
|
|
|
|
* searchFilter
|
|
|
|
*/
|
|
|
|
searchFilter?: string;
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
Example
|
2020-02-23 19:49:57 +00:00
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
```js
|
|
|
|
c = {
|
|
|
|
authentication: 'LDAPAuth',
|
|
|
|
authenticationOptions: {
|
|
|
|
url: 'ldaps://ldap.google.com',
|
|
|
|
base: 'dc=hokify,dc=com',
|
|
|
|
tlsOptions: {
|
|
|
|
key: fs.readFileSync('ldap.gsuite.hokify.com.40567.key'),
|
|
|
|
cert: fs.readFileSync('ldap.gsuite.hokify.com.40567.crt'),
|
|
|
|
servername: 'ldap.google.com'
|
|
|
|
}
|
|
|
|
}
|
2020-02-23 19:49:57 +00:00
|
|
|
};
|
2020-02-23 19:48:44 +00:00
|
|
|
```
|
|
|
|
|
2020-02-23 19:42:36 +00:00
|
|
|
#### IMAP
|
|
|
|
|
|
|
|
imap authenticiation
|
|
|
|
|
|
|
|
```typescript
|
|
|
|
interface IIMAPAuthOptions {
|
|
|
|
host: string;
|
|
|
|
port?: number;
|
|
|
|
useSecureTransport?: boolean;
|
|
|
|
validHosts?: string[];
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
Example
|
2020-02-23 19:49:57 +00:00
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
```js
|
|
|
|
c = {
|
|
|
|
authentication: 'IMAPAuth',
|
|
|
|
authenticationOptions: {
|
|
|
|
host: 'imap.gmail.com',
|
|
|
|
port: 993,
|
|
|
|
useSecureTransport: true,
|
|
|
|
validHosts: ['hokify.com']
|
|
|
|
}
|
2020-02-23 19:49:57 +00:00
|
|
|
};
|
2020-02-23 19:48:44 +00:00
|
|
|
```
|
|
|
|
|
2020-02-23 19:42:36 +00:00
|
|
|
#### SMTP
|
|
|
|
|
|
|
|
smtp authenticiation
|
|
|
|
|
|
|
|
```typescript
|
|
|
|
interface ISMTPAuthOptions {
|
|
|
|
host: string;
|
|
|
|
port?: number;
|
|
|
|
useSecureTransport?: boolean;
|
|
|
|
validHosts?: string[];
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
Example
|
2020-02-23 19:49:57 +00:00
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
```js
|
|
|
|
c = {
|
|
|
|
authentication: 'IMAPAuth',
|
|
|
|
authenticationOptions: {
|
|
|
|
host: 'smtp.gmail.com',
|
|
|
|
port: 465,
|
|
|
|
useSecureTransport: true,
|
|
|
|
validHosts: ['gmail.com']
|
|
|
|
}
|
2020-02-23 19:49:57 +00:00
|
|
|
};
|
2020-02-23 19:48:44 +00:00
|
|
|
```
|
|
|
|
|
2020-02-23 19:42:36 +00:00
|
|
|
#### Static Auth
|
|
|
|
|
|
|
|
static authenticiation
|
|
|
|
|
|
|
|
```typescript
|
|
|
|
interface IStaticAuthOtions {
|
|
|
|
validCrentials: {
|
|
|
|
username: string;
|
|
|
|
password: string;
|
|
|
|
}[];
|
|
|
|
}
|
|
|
|
```
|
2020-02-22 23:29:33 +00:00
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
Example
|
2020-02-23 19:49:57 +00:00
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
```js
|
|
|
|
c = {
|
|
|
|
authentication: 'StaticAuth',
|
|
|
|
authenticationOptions: {
|
|
|
|
validCredentials: [
|
2020-02-23 19:49:57 +00:00
|
|
|
{ username: 'test', password: 'pwd' },
|
|
|
|
{ username: 'user1', password: 'password' },
|
|
|
|
{ username: 'admin', password: 'cool' }
|
|
|
|
]
|
2020-02-23 19:48:44 +00:00
|
|
|
}
|
2020-02-23 19:49:57 +00:00
|
|
|
};
|
2020-02-23 19:48:44 +00:00
|
|
|
```
|
|
|
|
|
2020-02-14 23:20:24 +00:00
|
|
|
## Usage
|
|
|
|
|
2020-02-23 19:48:44 +00:00
|
|
|
Ensure you have installed latest nightly node version and run:
|
2020-02-14 23:20:24 +00:00
|
|
|
|
2020-02-22 23:29:33 +00:00
|
|
|
npm run start
|