search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
13.32k stars 889 forks source link

Does Authentik support Radius? #2050

Closed itz-Jana closed 2 years ago

itz-Jana commented 2 years ago

Describe your question I am looking for a solution to setup a Radius server, primarily for WiFi authentication with Unifi. I was considering using Authentik as the LDAP Provider for FreeRadius.

I then stumbled upon #1024 and it looks like there exists a Radius Output? But I couldn't find anything about it in the documentation or the web interface, so my question is: Does Authentik natively support Radius? Or would I have to go the LDAP + FreeRadius route?

Version and Deployment (please complete the following information):

kylesferrazza commented 2 years ago

I was wondering the same thing, and stumbled upon https://github.com/goauthentik/authentik/pull/1796 which looks to be a work-in-progress RADIUS outpost

BeryJu commented 2 years ago

So, there have been/are two attempts at Radius. Initially I wanted to implement a Radius server in go, but after finding out about all the different EAP-TLS methods and everything you need to support, and also the fact that a lot requires MSCHAPv2 (which requires plain text passwords), I decided to abandon that idea.

Someone suggested simply integrating freeradius with the LDAP Outpost, which is a good intermediate solution, but with the PR #1796 I'd like to add a FreeRADIUS outpost that uses some python/go to directly talk to authentik, without LDAP. I just haven't had the time or frankly will to even check out how FreeRADIUS works, never mind actually implementing some custom logic for it.

xpufx commented 2 years ago

https://github.com/fivexl/golang-radius-server-ldap-with-mfa might be useful instead of freeradius. ( i just came across it today. Don't have experience.)

BeryJu commented 2 years ago

That uses the same library I based the first radius outpost on, and also does not support EAP TLS (only supports plaintext passwords, see https://github.com/fivexl/golang-radius-server-ldap-with-mfa/blob/master/main.go#L133)

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

rafaelmathieu commented 2 years ago

Don't want to create a new post for this, but was wondering if anything changed regarding a RADIUS integration with Authentik? It feels like this is the last missing element (for me at least).

Maybe it's also because I have struggled to get a Radius server properly setup outside of authentik, so anything built it would be welcome :D

duckfullstop commented 1 year ago

Good news for those following this issue: @BeryJu just added a RADIUS outpost in #1796 👏

rafaelmathieu commented 1 year ago

Good news for those following this issue: @BeryJu just added a RADIUS outpost in #1796 👏

This is great news <3