Table of Contents
ExportAPI: FreeRadius accounts
This feature is available in version 0.13 or higher.
This exporter creates entries for a FreeRadius server with database backend. For each CMDB object, a Radius account will be created. The username will be built from the CMDB object ID and a prefix, the password will be read from an object field. The account will be stored as entry in the FreeRadius database table radcheck with the attribute Cleartext-Password.
For each account one or multiple radreply entries can be created.
The exporter is designed and tested with MySQL, but as it is developed with a database abstraction layer, other databases like PostgreSQL or Oracle should work.
Configuration
| short information | |
|---|---|
| class name | ExternalSystemFreeRadius |
| needed destination parameter | databaseUrl |
| prefixUsername | |
| needed variables | password |
destination parameters
| name | required | description | example |
|---|---|---|---|
| databaseUrl | required | URL for connecting to the FreeRadius database. Format: dbtype://username:password@hostname/dbname | mysql://radius:secret1234@localhost/radius |
| prefixUsername | required | prefix for the radius account username The username for the radius account will be built from this prefix and the CMDB object ID. Example: yourCMDB_1342 | yourCMDB_ |
| radreply_* | optional | radreply entry | Cisco-Avpair += lcp:interface-config=rate-limit input %downstream% 950000 1920000 conform-action continue exceed-action drop |
With radreply_* multiple radreply entries can be created. The value is defined in the following format and will be parsed from the Exporter:
<attribute> <operator> <value> Cisco-Avpair += lcp:interface-config=rate-limit input %downstream% 950000 1920000 conform-action continue exceed-action drop
If the value could not be parsed, it will be ignored for the export. You can use variables that were replaced by the values for the object. If one or more of the variables are not defined, the radreply will not be exported.
variables
| name | required | description | example |
|---|---|---|---|
| password | required | password for the radius account | test1234 |
You can also define additional variables if you want to use them in radreply_* entries.
Examples
example of export task configuration:
- freeradius-example.xml
<task name="freeradius-example"> <sources> <source objecttype="RadiusAccount" status="A" fieldname="account-managed" fieldvalue="true" /> </sources> <destination class="ExternalSystemFreeRadius"> <parameter key="databaseUrl" value="mysql://radius:radius@localhost/radius" /> <parameter key="prefixUsername" value="yourCMDB_" /> <parameter key="radreply_0" value="Cisco-Avpair += lcp:interface-config=rate-limit input %downstream% 950000 1920000 conform-action continue exceed-action drop" /> <parameter key="radreply_1" value="Cisco-Avpair += lcp:interface-config=rate-limit output %upstream% 950000 1920000 conform-action continue exceed-action drop" /> </destination> <variables> <variable name="password"> <value objecttype="RadiusAccount" fieldname="account-password" /> </variable> <variable name="downstream"> <value objecttype="RadiusAccount" fieldname="account-downstream" /> </variable> <variable name="upstream"> <value objecttype="RadiusAccount" fieldname="account-upstream" /> </variable> </variables> </task>
