Happy holidays from ISC!
ISC is fortunate to have staff members in so many different countries around the world: our software development benefits from all the different perspectives - and we benefit personally!
Read postThe recently released
isc-radius
package is a
framework for NodeJS for implementing
RADIUS servers and for adding
RADIUS client support to NodeJS applications. It can be installed
using the npm
package manager.
It is not a full-blown RADIUS server with lots of bells and whistles. The design philosophy is that anything beyond the most basic AAA system is difficult to describe using static configuration files, so users of the framework instead supply business logic in the form of code.
The business logic functions looks at the attributes of incoming RADIUS requests, e.g. to authenticate users, or to save accounting records, and then populates the RADIUS response accordingly, while the framework itself takes care of the protocol implementation.
Here’s an example of a trivial authentication handler that only allows a single hard-coded username/password pair to log in:
function my_login(req, res) {
if (req.get('User-Name') == 'myuser' &&
req.get('User-Password') == 'mypass')
{
res.code = 'Access-Accept';
}
}
A similar function that instead looks up the username and password pair in a database might only take a dozen or so lines of code.
Multiple handler functions can be registered, and incoming packets are
passed to each handler in turn. A handler can exit the chain and
generate a RADIUS response immediately by returning a true
value.
Here’s a function that adds default IP assignments if they haven’t been added by an earlier handler:
function ip_defaults(req, res) {
if (res.code.toString() === 'Access-Accept') {
if (!res.has('Framed-IP-Address')) {
res.add('Framed-IP-Address', '255.255.255.254');
}
if (!res.has('Framed-IP-Netmask')) {
res.add('Framed-IP-Netmask', '255.255.255.255');
}
}
}
where 255.255.255.254 is the address used to tell most Network Access Servers to give out a dynamic address from their pool instead of a static IP address.
The package includes a test server (test-server.js
) that includes both
of the above functions, as well as test clients that exercise the
framework’s RADIUS client code by initiating RADIUS authentication and
accounting requests and act on the responses.
Please note - this is an early-beta R&D release that we’re releasing as Open Source to the wider community pursuant to our public benefit remit. The software is licensed under the Mozilla Public License v2.0.
It has not been deployed in production, but it has been tested for interoperability by testing with the radclient package included with FreeRADIUS.
If you have an interest in RADIUS, please do give it a try. While this is not an “official” ISC supported project, we welcome contributions and reports of any issues at the project’s ISC Gitlab page.
What's New from ISC