4.7 KiB
4.7 KiB
RADIUS Client Changelog
Version 1.0.0 (2026-06-17)
Added - Standalone RADIUS Client
Major Feature: Complete separation of RADIUS server from Frappe installation
Created a standalone FreeRADIUS integration module that enables truly independent deployment:
-
Standalone module (
device_manager_radius.py)- Self-contained Python module with zero external dependencies
- Only requires Python 3.10+ standard library
- Can run on any RADIUS server without Frappe installation
- Makes authenticated HTTP API calls to remote Frappe instance
- Full offline credential caching with SQLite
-
Automated installation (
install.sh)- Interactive setup script for Ubuntu/Debian systems
- Automatic systemd environment configuration
- Creates cache directories with proper permissions
- Validates FreeRADIUS installation
-
Comprehensive documentation
README.md- Overview and installationQUICKSTART.md- Fast-track setup guideCONFIGURATION.md- Detailed FreeRADIUS configurationIMPLEMENTATION_SUMMARY.md- Technical architecture
-
Packaging support (
pyproject.toml)- Can be installed as Python package
- Supports both pip and direct file deployment
- Proper project metadata and dependencies
Changed
-
Updated main README.md
- Clarified three deployment options (Standalone, Local, Remote)
- Added clear guidance on when to use each mode
- Removed redundant FreeRADIUS config examples
- Added references to new detailed documentation
-
Enhanced freeradius.py docstring
- Better explanation of deployment modes
- Reference to standalone client for separate servers
Technical Details
Lines of Code:
- Python: 387 lines (device_manager_radius.py)
- Bash: 95 lines (install.sh)
- Documentation: 613 lines across 5 markdown files
- Total: ~1,095 lines
Key Improvements:
- Zero dependency on Frappe/device_manager package for remote deployments
- Reduced attack surface on RADIUS appliances
- Simplified deployment and maintenance
- Better separation of concerns
- Backward compatible with existing deployments
API Compatibility:
- Uses existing
device_manager.api.radius_authorizeendpoint - Same environment variable names as remote mode
- Compatible cache format with original implementation
- No changes required to Frappe server
Migration Path
Existing installations using device_manager.freeradius in remote mode can optionally migrate:
- Install standalone client on RADIUS server
- Update FreeRADIUS config to use
device_manager_radius - Keep existing environment variables unchanged
- Test authentication
- Optionally uninstall device_manager package from RADIUS server
No migration is required - existing deployments continue to work without changes.
Files Added
radius_client/
├── __init__.py # Package init
├── .gitignore # Build artifacts ignore
├── CONFIGURATION.md # FreeRADIUS setup guide (184 lines)
├── IMPLEMENTATION_SUMMARY.md # Architecture docs (142 lines)
├── QUICKSTART.md # Fast setup guide (185 lines)
├── README.md # Overview (102 lines)
├── device_manager_radius.py # Standalone module (387 lines)
├── install.sh # Installation script (95 lines)
└── pyproject.toml # Package metadata (34 lines)
Testing
Validated:
- Python syntax (py_compile)
- Bash syntax (bash -n)
- File permissions
- Documentation formatting
- Live FreeRADIUS integration (requires FreeRADIUS setup)
- API authentication flow (requires Frappe instance)
- Offline caching behavior (requires network interruption testing)
Breaking Changes
None. This is purely additive - all existing functionality preserved.
Security Considerations
- API credentials stored in systemd override (mode 600)
- Cache file owned by freerad user
- No plaintext passwords stored
- HTTPS required for production Frappe URLs
- Token-based API authentication
Known Limitations
- Requires Python 3.10+ for type hints
- SQLite cache not suitable for clustered RADIUS
- HTTP timeout may need tuning for slow networks
- No built-in credential rotation mechanism
Future Enhancements
Potential improvements for future versions:
- Redis cache backend for HA deployments
- Prometheus metrics export
- Health check endpoint
- Automatic API credential rotation
- Certificate pinning for HTTPS
- Rate limiting for API calls
- Batch request support
Contributors
- University of Georgia Manufacturing Living Labs
License
See main device_manager app license (MIT)