143 lines
4.7 KiB
Markdown
143 lines
4.7 KiB
Markdown
# RADIUS Client Changelog
|
|
|
|
## Version 1.0.0 (2026-06-17)
|
|
|
|
### Added - Standalone RADIUS Client
|
|
|
|
**Major Feature: Complete separation of RADIUS server from Frappe installation**
|
|
|
|
Created a standalone FreeRADIUS integration module that enables truly independent deployment:
|
|
|
|
- **Standalone module** (`device_manager_radius.py`)
|
|
- Self-contained Python module with zero external dependencies
|
|
- Only requires Python 3.10+ standard library
|
|
- Can run on any RADIUS server without Frappe installation
|
|
- Makes authenticated HTTP API calls to remote Frappe instance
|
|
- Full offline credential caching with SQLite
|
|
|
|
- **Automated installation** (`install.sh`)
|
|
- Interactive setup script for Ubuntu/Debian systems
|
|
- Automatic systemd environment configuration
|
|
- Creates cache directories with proper permissions
|
|
- Validates FreeRADIUS installation
|
|
|
|
- **Comprehensive documentation**
|
|
- `README.md` - Overview and installation
|
|
- `QUICKSTART.md` - Fast-track setup guide
|
|
- `CONFIGURATION.md` - Detailed FreeRADIUS configuration
|
|
- `IMPLEMENTATION_SUMMARY.md` - Technical architecture
|
|
|
|
- **Packaging support** (`pyproject.toml`)
|
|
- Can be installed as Python package
|
|
- Supports both pip and direct file deployment
|
|
- Proper project metadata and dependencies
|
|
|
|
### Changed
|
|
|
|
- **Updated main README.md**
|
|
- Clarified three deployment options (Standalone, Local, Remote)
|
|
- Added clear guidance on when to use each mode
|
|
- Removed redundant FreeRADIUS config examples
|
|
- Added references to new detailed documentation
|
|
|
|
- **Enhanced freeradius.py docstring**
|
|
- Better explanation of deployment modes
|
|
- Reference to standalone client for separate servers
|
|
|
|
### Technical Details
|
|
|
|
**Lines of Code:**
|
|
- Python: 387 lines (device_manager_radius.py)
|
|
- Bash: 95 lines (install.sh)
|
|
- Documentation: 613 lines across 5 markdown files
|
|
- Total: ~1,095 lines
|
|
|
|
**Key Improvements:**
|
|
1. Zero dependency on Frappe/device_manager package for remote deployments
|
|
2. Reduced attack surface on RADIUS appliances
|
|
3. Simplified deployment and maintenance
|
|
4. Better separation of concerns
|
|
5. Backward compatible with existing deployments
|
|
|
|
**API Compatibility:**
|
|
- Uses existing `device_manager.api.radius_authorize` endpoint
|
|
- Same environment variable names as remote mode
|
|
- Compatible cache format with original implementation
|
|
- No changes required to Frappe server
|
|
|
|
### Migration Path
|
|
|
|
Existing installations using `device_manager.freeradius` in remote mode can optionally migrate:
|
|
|
|
1. Install standalone client on RADIUS server
|
|
2. Update FreeRADIUS config to use `device_manager_radius`
|
|
3. Keep existing environment variables unchanged
|
|
4. Test authentication
|
|
5. Optionally uninstall device_manager package from RADIUS server
|
|
|
|
No migration is required - existing deployments continue to work without changes.
|
|
|
|
### Files Added
|
|
|
|
```
|
|
radius_client/
|
|
├── __init__.py # Package init
|
|
├── .gitignore # Build artifacts ignore
|
|
├── CONFIGURATION.md # FreeRADIUS setup guide (184 lines)
|
|
├── IMPLEMENTATION_SUMMARY.md # Architecture docs (142 lines)
|
|
├── QUICKSTART.md # Fast setup guide (185 lines)
|
|
├── README.md # Overview (102 lines)
|
|
├── device_manager_radius.py # Standalone module (387 lines)
|
|
├── install.sh # Installation script (95 lines)
|
|
└── pyproject.toml # Package metadata (34 lines)
|
|
```
|
|
|
|
### Testing
|
|
|
|
Validated:
|
|
- [x] Python syntax (py_compile)
|
|
- [x] Bash syntax (bash -n)
|
|
- [x] File permissions
|
|
- [x] Documentation formatting
|
|
- [ ] Live FreeRADIUS integration (requires FreeRADIUS setup)
|
|
- [ ] API authentication flow (requires Frappe instance)
|
|
- [ ] Offline caching behavior (requires network interruption testing)
|
|
|
|
### Breaking Changes
|
|
|
|
None. This is purely additive - all existing functionality preserved.
|
|
|
|
### Security Considerations
|
|
|
|
- API credentials stored in systemd override (mode 600)
|
|
- Cache file owned by freerad user
|
|
- No plaintext passwords stored
|
|
- HTTPS required for production Frappe URLs
|
|
- Token-based API authentication
|
|
|
|
### Known Limitations
|
|
|
|
- Requires Python 3.10+ for type hints
|
|
- SQLite cache not suitable for clustered RADIUS
|
|
- HTTP timeout may need tuning for slow networks
|
|
- No built-in credential rotation mechanism
|
|
|
|
### Future Enhancements
|
|
|
|
Potential improvements for future versions:
|
|
- [ ] Redis cache backend for HA deployments
|
|
- [ ] Prometheus metrics export
|
|
- [ ] Health check endpoint
|
|
- [ ] Automatic API credential rotation
|
|
- [ ] Certificate pinning for HTTPS
|
|
- [ ] Rate limiting for API calls
|
|
- [ ] Batch request support
|
|
|
|
### Contributors
|
|
|
|
- University of Georgia Manufacturing Living Labs
|
|
|
|
### License
|
|
|
|
See main device_manager app license (MIT)
|