CoreID fork of node-radius-server
Go to file
dependabot-preview[bot] c61a7f3f73
build(deps-dev): bump @hokify/eslint-config from 0.2.7 to 0.2.12
Bumps @hokify/eslint-config from 0.2.7 to 0.2.12.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-04-27 06:38:27 +00:00
__tests__ fix(docs): better file names 2020-02-27 19:05:37 +01:00
bin chore: add radius-server bin file 2020-02-28 10:45:35 +01:00
src chore: package.json cleanups 2020-03-02 10:26:33 +01:00
ssl refactor: major code cleanups :-) 2020-02-23 00:29:33 +01:00
.eslintrc.js chore: add eslint and prettier 2020-02-16 19:14:54 +01:00
.gitignore refactor: major code cleanups :-) 2020-02-23 00:29:33 +01:00
.prettierrc chore: add eslint and prettier 2020-02-16 19:14:54 +01:00
CHANGELOG.md chore(release): 1.1.2 2020-03-02 10:26:49 +01:00
config.js fix(config): use __dirname to resolve path to ssl certs 2020-03-02 09:58:07 +01:00
notes initial commit 2020-02-15 00:20:24 +01:00
package-lock.json build(deps-dev): bump @hokify/eslint-config from 0.2.7 to 0.2.12 2020-04-27 06:38:27 +00:00
package.json chore: support has landed in node.js (13.10.1) 2020-03-09 11:22:24 +01:00
README.md chore: support has landed in node.js (13.10.1) 2020-03-09 11:22:24 +01:00
tsconfig.eslint.json feat: add more auth providers and cleanup google auth 2020-02-23 20:42:36 +01:00
tsconfig.json refactor: major code cleanups :-) 2020-02-23 00:29:33 +01:00

Basic RADIUS Server for node.js for Google LDAP Service and WPA2 Enterprise WLAN Authentification.

  • supports LDAP Authentification Backend
  • supports WPA2 Enterprise (TTLS over PAP)

Protect your WIFI access with a username and password by a credential provider you already use!

Authentication tested with Windows, Linux, Android and Apple devices.

Quick start

  1. Install node js => 13.10.1
    • easiest way is to install a node js version from nodejs.org or run "npx n latest" to install latest version.
  2. Check out the config options, e.g. for google ldap, download your certificates from http://admin.google.com/ -> Apps -> LDAP -> Client download the files and name them "ldap.gsuite.key" and "ldap.gsuite.crt" accordingly (Ensure you have activated your newly created LDAP Client in Google Admin).
  3. Switch to this directory and run "npx radius-server -s YourRadiusSecret"
  4. Switch to this directory and run "npx radius-server -s YourRadiusSecret"
  5. Log into your WLAN Controller and configure the radius server to your newly running radius
  6. On your clients, just connect to the WLAN, the clients should figure out the correct method by their own, if they don't use: WPA2-Enterprise -> EAP-TTLS -> PAP / CHAP
  7. Log in via your google credentials (email + password, ... e.g. youremail@yourcompany.com)

Known Issues / Disclaimer

Support for this has landed in node 13.10.1, therefore ensure you have installed at least this node version.

  • MD5 Challenge not implenented, but RFC says this is mandatory ;-)
  • Inner Tunnel does not act differently, even though spec says that EAP-message are not allowed to get fragmented, this is not a problem right now, as the messages of the inner tunnel are small enough, but it could be a bug in the future. ways to approach this: refactor that the inner tunnel can set max fragment size, or rebuild eap fragments in ttls after inner tunnel response

CONTRIBUTIONS WELCOME! If you are willing to help, just open a PR or contact me via bug system or simon.tretter@hokify.com.

Motivation

Why not Freeradius?

There are several reasons why I started implementing this radius server in node js. We are using freeradius right now, but have several issues which are hard to tackle due to the reason that freeradius is a complex software and supports many uses cases. It is also written in C++ and uses threads behind the scene. Therefore it's not easy to extend or modify it, or even bring new feature in. The idea of this project is to make a super simple node radius server, which is async by default. No complex thread handling, no other fancy thing. The basic goal is to make WPA2 authenticiation easy again.

802.1x protocol in node

Another motivation is that it is very exciting to see how wireless protocols have evolved, and see how a implementation like TTLS works.

Few alternatives (only non-free ones like Jumpcloud...)

Furthermore there are few alternatives out there, e.g. jumpcloud is non-free and I couldn't find many others.

Vision

As soon as I understood the TTLS PAP Tunnel approach, I had this vision of making Wlan Authentification easy for everyone. Why limit it to something "complex" like LDAP and co. This library aims to make it easy for everyone to implement either their own authentication mechanismus (e.g. against a database), or provides some mechansimns out of the box (e.g. imap, static, ldap,..).

Installation

npm install
npm run build

Introduction

This app provides a radius server to authenticate against google's SLDAP service. To get this running you need:

  1. Running LDAP Service (E.g. Google Suite Enterprise or Gloud Identity Premium)
  2. Optional: Create your own SSL certificate (e.g. self signed via npm run create-certificate)
  3. Check config.js and adapt to your needs
  • configure authentication: set authenticaiton to one of the provided authenticators.
var config = {
	// ....
	authentication: 'GoogleLDAPAuth',
	authenticationOptions: {
		base: 'dc=hokify,dc=com'
	}
};
  • set radius secret
  1. Install und build server: npm install && npm run build
  2. Start server "npm run start"

Configuration

For authentication see Authentication Details. For general config options run with --help or see see config.js in root.

Usage

Ensure you have installed latest node version (>= 13.10.1) and run:

npm run start