A NodeJS Framework for the RADIUS protocol

ISC RADIUS

The recently released isc-radius package is a framework for NodeJS for implementing RADIUS servers and for adding RADIUS client support to NodeJS applications. It can be installed using the npm package manager.

It is not a full-blown RADIUS server with lots of bells and whistles. The design philosophy is that anything beyond the most basic AAA system is difficult to describe using static configuration files, so users of the framework instead supply business logic in the form of code.

The business logic functions looks at the attributes of incoming RADIUS requests, e.g. to authenticate users, or to save accounting records, and then populates the RADIUS response accordingly, while the framework itself takes care of the protocol implementation.

Business Logic Examples

Here’s an example of a trivial authentication handler that only allows a single hard-coded username/password pair to log in:

function my_login(req, res) {
    if (req.get('User-Name') == 'myuser' &&
        req.get('User-Password') == 'mypass')
    {
        res.code = 'Access-Accept';
    }
}

A similar function that instead looks up the username and password pair in a database might only take a dozen or so lines of code.

Multiple handler functions can be registered, and incoming packets are passed to each handler in turn. A handler can exit the chain and generate a RADIUS response immediately by returning a true value.

Here’s a function that adds default IP assignments if they haven’t been added by an earlier handler:

function ip_defaults(req, res) {
    if (res.code.toString() === 'Access-Accept') {
        if (!res.has('Framed-IP-Address')) {
            res.add('Framed-IP-Address', '255.255.255.254');
        }
        if (!res.has('Framed-IP-Netmask')) {
            res.add('Framed-IP-Netmask', '255.255.255.255');
        }
    }
}

where 255.255.255.254 is the address used to tell most Network Access Servers to give out a dynamic address from their pool instead of a static IP address.

The package includes a test server (test-server.js) that includes both of the above functions, as well as test clients that exercise the framework’s RADIUS client code by initiating RADIUS authentication and accounting requests and act on the responses.

Project Status

Please note - this is an early-beta R&D release that we’re releasing as Open Source to the wider community pursuant to our public benefit remit. The software is licensed under the Mozilla Public License v2.0.

It has not been deployed in production, but it has been tested for interoperability by testing with the radclient package included with FreeRADIUS.

If you have an interest in RADIUS, please do give it a try. While this is not an “official” ISC supported project, we welcome contributions and reports of any issues at the project’s ISC Gitlab page.

Recent Posts

What's New from ISC

DNS Flag Day 2020

The DNS Flag Day is an initiative of DNS vendors (both open-source and proprietary) and DNS operators.

Read post
Previous post: DNS Flag Day 2020