184 lines
4.3 KiB
Markdown
184 lines
4.3 KiB
Markdown
# Quick Start Guide
|
|
|
|
## For New Deployments (Separate RADIUS Server)
|
|
|
|
### 1. Install on RADIUS Server
|
|
|
|
**Option A: Direct file copy (simplest)**
|
|
```bash
|
|
sudo cp device_manager_radius.py /etc/freeradius/3.0/mods-config/python3/
|
|
sudo chmod 644 /etc/freeradius/3.0/mods-config/python3/device_manager_radius.py
|
|
```
|
|
|
|
**Option B: Use install script**
|
|
```bash
|
|
sudo ./install.sh
|
|
# Follow prompts to configure API credentials
|
|
```
|
|
|
|
**Option C: Install as package**
|
|
```bash
|
|
pip install -e /path/to/radius_client
|
|
```
|
|
|
|
### 2. Configure FreeRADIUS Module
|
|
|
|
Create `/etc/freeradius/3.0/mods-available/python3`:
|
|
```text
|
|
python3 device_manager_radius {
|
|
module = device_manager_radius
|
|
instantiate = ${.module}
|
|
authorize = ${.module}
|
|
post_auth = ${.module}
|
|
}
|
|
```
|
|
|
|
Enable it:
|
|
```bash
|
|
sudo ln -s ../mods-available/python3 /etc/freeradius/3.0/mods-enabled/
|
|
```
|
|
|
|
### 3. Set Environment Variables
|
|
|
|
Edit `/etc/systemd/system/freeradius.service.d/device-manager.conf`:
|
|
```ini
|
|
[Service]
|
|
Environment="DEVICE_MANAGER_FRAPPE_URL=https://your-server.example.edu"
|
|
Environment="DEVICE_MANAGER_API_KEY=your-api-key"
|
|
Environment="DEVICE_MANAGER_API_SECRET=your-api-secret"
|
|
```
|
|
|
|
Reload:
|
|
```bash
|
|
sudo systemctl daemon-reload
|
|
```
|
|
|
|
### 4. Update Virtual Server
|
|
|
|
Edit `/etc/freeradius/3.0/sites-enabled/default`:
|
|
```text
|
|
authorize {
|
|
preprocess
|
|
device_manager_radius
|
|
eap
|
|
}
|
|
|
|
post-auth {
|
|
device_manager_radius
|
|
}
|
|
```
|
|
|
|
### 5. Test
|
|
|
|
```bash
|
|
# Test configuration
|
|
sudo freeradius -X
|
|
|
|
# In another terminal, test auth
|
|
radtest testuser testpass localhost 0 testing123
|
|
```
|
|
|
|
## For Existing Deployments (Same Server as Frappe)
|
|
|
|
### Continue Using Integrated Module
|
|
|
|
No changes needed! Your current configuration with `device_manager.freeradius` continues to work.
|
|
|
|
FreeRADIUS config:
|
|
```text
|
|
python3 device_manager {
|
|
module = device_manager.freeradius
|
|
instantiate = ${.module}
|
|
authorize = ${.module}
|
|
post_auth = ${.module}
|
|
}
|
|
```
|
|
|
|
Environment:
|
|
```bash
|
|
DEVICE_MANAGER_BENCH_PATH=/home/frappe/frappe-bench
|
|
DEVICE_MANAGER_SITE=your-site-name
|
|
```
|
|
|
|
## Configuration Reference
|
|
|
|
### Required Environment Variables
|
|
|
|
| Variable | Description | Example |
|
|
|----------|-------------|---------|
|
|
| `DEVICE_MANAGER_FRAPPE_URL` | Frappe server base URL | `https://device-manager.example.edu` |
|
|
| `DEVICE_MANAGER_API_KEY` | API authentication key | `abc123...` |
|
|
| `DEVICE_MANAGER_API_SECRET` | API authentication secret | `xyz789...` |
|
|
|
|
### Optional Environment Variables
|
|
|
|
| Variable | Default | Description |
|
|
|----------|---------|-------------|
|
|
| `DEVICE_MANAGER_CACHE_PATH` | `/var/lib/freeradius/device_manager_cache.sqlite3` | SQLite cache file path |
|
|
| `DEVICE_MANAGER_HTTP_TIMEOUT` | `2.5` | API call timeout (seconds) |
|
|
| `DEVICE_MANAGER_CACHE_MAX_STALE_SECONDS` | `0` | Max cache age (0=unlimited) |
|
|
| `DEVICE_MANAGER_POST_AUTH_EVALUATE` | `0` | Enable post-auth evaluation |
|
|
|
|
## Generating API Credentials
|
|
|
|
On your Frappe server:
|
|
|
|
1. Go to **User** list
|
|
2. Create or edit a System User
|
|
3. Generate **API Key** and **API Secret**
|
|
4. Grant permissions for:
|
|
- DM Device (Read)
|
|
- DM Radius Auth Event (Create)
|
|
- DM Access Decision (Create)
|
|
- DM Device Audit Event (Create)
|
|
- DM Network Segment (Read)
|
|
|
|
## Troubleshooting
|
|
|
|
### Module fails to load
|
|
```bash
|
|
# Check Python path
|
|
python3 -c "import device_manager_radius"
|
|
|
|
# Check file permissions
|
|
ls -l /etc/freeradius/3.0/mods-config/python3/device_manager_radius.py
|
|
```
|
|
|
|
### API authentication fails
|
|
```bash
|
|
# Test API endpoint directly
|
|
curl -X POST "$DEVICE_MANAGER_FRAPPE_URL/api/method/device_manager.api.radius_authorize" \
|
|
-H "Authorization: token $API_KEY:$API_SECRET" \
|
|
-d "calling_station_id=00:11:22:33:44:55"
|
|
```
|
|
|
|
### Cache permission denied
|
|
```bash
|
|
# Fix ownership
|
|
sudo chown -R freerad:freerad /var/lib/freeradius
|
|
sudo chmod 750 /var/lib/freeradius
|
|
```
|
|
|
|
### View logs
|
|
```bash
|
|
# Real-time debug
|
|
sudo freeradius -X
|
|
|
|
# System logs
|
|
sudo journalctl -u freeradius -f
|
|
```
|
|
|
|
## What Next?
|
|
|
|
- Read [CONFIGURATION.md](CONFIGURATION.md) for detailed setup
|
|
- Review [README.md](README.md) for architecture details
|
|
- Check [IMPLEMENTATION_SUMMARY.md](IMPLEMENTATION_SUMMARY.md) for technical background
|
|
|
|
## Support
|
|
|
|
For issues, check:
|
|
1. FreeRADIUS debug logs (`freeradius -X`)
|
|
2. Frappe logs on the application server
|
|
3. Network connectivity between RADIUS and Frappe server
|
|
4. API credentials are valid and have proper permissions
|