Comments (8)
cappe87
commented on August 23, 2024
1
In my production freeradius I use the same "solution".
We can decide to use this adding is_active and valid_until to RadiusCheck table or try to use a standard solution with radgroupcheck. What do you think about this?
from django-freeradius.
peppelinux
commented on August 23, 2024
Hi Cappe, I developed an is_active and a valid_until attribute in RadiusCheck.
You can find my code in this PR:
#64
We could code the same behaviour for the groups.
ps = I also update the Documentation to let the user modify the behaviour of sql freeradius radcheck query. If valid_until threshold is exceeded or is_valid is false the query will ignore disabled accounts.
from django-freeradius.
peppelinux
commented on August 23, 2024
is_active and valid_until is going to be merged soon, I think (I hope), in radiucheck schema.
I think that is_active and valid_until could be also used in radgroupcheck.
from django-freeradius.
peppelinux
commented on August 23, 2024
Merge done, master branches aligned
we could start creating a new task for CGI if you agree, the focus should be how to disable or expire a group of radcheck entries using radgroupcheck
from django-freeradius.
nemesifier
commented on August 23, 2024
BTW: the best way for the classical users of OpenWISP is to do this is via the RESTful API since they don't have to mess with radius checks and can manage users directly from the users management page.
This will become especially important when multitenancy is added to the mix.
Adding this to the RESTful API is just a matter of few lines of code and we can turn this into a GCI task or let @AlessiaVe handle it if she wants.
from django-freeradius.
nemesifier
commented on August 23, 2024
There: https://github.com/openwisp/django-freeradius/blob/master/django_freeradius/api/views.py#L21
Possible path forward (TDD style):
- write a test that creates a disabled user and tries authenticating it, expecting the authentication to fail, the test will fail because it doesn't seem implemented this way
- just add
is_active=Trueto the queryset - ensure the test passes
- done!
from django-freeradius.
peppelinux
commented on August 23, 2024
Two cents:
- Shall we consider the opportunity to make some unit test running as freeradius client too? This means that the RadiusServer server should accept the radrequest as client (in client.conf) and should forge a radtest session to the server. This can introduce another feature, the possibility to test a user auth via Django-freeradius admin backed/api/other (django-freeradius->freeradius via auth_backend). I wrote a stupid (very stupid) pure python radius client here:
https://github.com/peppelinux/pyRadtest
but I think that this is better:
https://github.com/wichert/pyrad
This could also introduce the opportunity to let the user auth via backend throuh radius (django auth_backend)
- BUT the most important thing NOW is to filter all the radiuscheck belonging to a radiusgroupcheck, we can to this with a backend admin custom action -> disable them massively selecting by group. If we decide how to massively disable all the user belonging to a group we can create the GCI task.
from django-freeradius.
peppelinux
commented on August 23, 2024
This issue could reborn with radgroupcheck mass disable feature
from django-freeradius.
Related Issues (20)
- [docs] Clarify django application must be running before starting freeradius HOT 1
- Update to latest version of django-filter HOT 2
- [docs] Update documentation for configuring Freeradius
- [django] Add support for django 2.2
- [authentication] Add RadiusToken HOT 2
- ImproperlyConfigured error occupied when migrating db. HOT 2
- [bug] IntegrityError at Radius batch add operation
- [api] Add API endpoint to validate user token HOT 1
- [pdf] Migrate to weasyprint
- Add freeradius-server-3.0.19 db fields HOT 4
- [requirements] Update dependencies & python version used. HOT 4
- Add to create virtual environment in 'Installing for development' of documentation HOT 5
- Only AbstractRadiusGroup.Meta has not db_table HOT 1
- [bug] Form error on "Add batch user creation"
- [docs] Improve installation documentation HOT 4
- [docs] contribution guildelines HOT 1
- You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard 404 page HOT 1
- [docs] Add step to install Weasy Print HOT 2
- [pdf] Generate PDF file in memory HOT 1
- [gsoc2020] Add deprecation notice
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-freeradius.