Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/losenmann/auth-radius

Python script for Home Assistant that adding authentication via RADIUS
https://github.com/losenmann/auth-radius

authentication hacs hacs-custom home-assistant homeassistant radius radius-accounting

Last synced: 2 days ago
JSON representation

Python script for Home Assistant that adding authentication via RADIUS

Host: GitHub
URL: https://github.com/losenmann/auth-radius
Owner: Losenmann
License: bsd-3-clause
Created: 2024-09-05T14:03:37.000Z (22 days ago)
Default Branch: master
Last Pushed: 2024-09-09T04:13:05.000Z (18 days ago)
Last Synced: 2024-09-25T07:30:50.206Z (2 days ago)
Topics: authentication, hacs, hacs-custom, home-assistant, homeassistant, radius, radius-accounting
Language: Python
Homepage:
Size: 32.2 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Auth RADIUS

![Python](https://img.shields.io/badge/python-3670A0?style=for-the-badge&logo=python&logoColor=ffdd54)

[![Home Assistant](https://img.shields.io/badge/home%20assistant-%2341BDF5.svg?style=for-the-badge&logo=home-assistant&logoColor=white)](https://www.home-assistant.io)

[![HACS](https://img.shields.io/badge/HACS-Custom-41BDF5.svg?style=for-the-badge)](https://hacs.xyz)

[![Release](https://img.shields.io/github/release/Losenmann/auth-radius/all.svg?style=for-the-badge)](https://github.com/Losenmann/auth-radius/releases)

[![Maintainer](https://img.shields.io/badge/MAINTAINER-%40Losenmann-red?style=for-the-badge)](https://github.com/Losenmann)

Python script for Home Assistant adding authentication via RADIUS\

The project is based on the library [pyrad](https://github.com/pyradius/pyrad.git)

## Overview

The script is designed to authenticate users in Home Assistant via a RADIUS server. This allows you to centrally manage user access.


The script supports 2 launch modes: [auth_providers](#usage-in-auth_provider-mode) and [CLI](#usage-in-cli-mode).

For correct operation, you must add to the [dictionary](./dictionary) in the RADIUS server dictionary file.

## Install

[![](https://my.home-assistant.io/badges/hacs_repository.svg)](https://my.home-assistant.io/redirect/hacs_repository/?owner=losenmann&repository=auth-radius&category=python_script)

- **Method 1.** [HACS](https://hacs.xyz) > Python Script > Add > Auth Radius > Install

- **Method 2.** Copy the manually  `auth-radius.py` from [latest release](https://github.com/Losenmann/auth-radius/releases/latest) to path `/config/python_scripts`

## Usage in auth_provider mode

### Setupe

- **Home Assistant**

   1. Set connection parameters in the `secrets.yaml` file

      ```yaml

      radius_server: "dns_or_ip_addreess_radius_server"

      radius_secret: "radius_server_secret"

      ```

   2. In the `configuration.yaml` file add the configuration, the authentication order matters

      ```yaml

      homeassistant:

        auth_providers:

          - type: command_line

            command: '/usr/local/bin/python'

            args: ['/config/python_scripts/auth-radius.py', '-m']

            meta: true

          - type: homeassistant

      ```

> [!NOTE]

> You can remove the `meta: true` directive so that the script does not write some variables to standard output to populate the user account created in Home Assistant with additional data

- **RADIUS**

   1. Add data from the file [dictionary](./dictionary) to the RADIUS server's `dictionary` file

   2. Set the user's `Hass-Group` attribute to `system-users`

      | Attribute | Type | Value | Description |

      | :-- | :--: | :-----: | :---------- |

      | `Hass-Group` | string | system-users 
 system-admin | User group |

      | `Hass-Local-Only` | byte | 0 
 1 | Local login only 
 (Defaults to 0) |

      | `Hass-Is-Active` | byte  | 0 
 1 | Activate user account 
 (Defaults to 1) |

## Usage in CLI mode

In CLI mode, you need to set execution permissions `chmod +x ./python_scripts/auth-ldap.py`


Or run via Python `python ./python_scripts/auth-radius.py`

> [!NOTE]

> RADIUS connection parameters can be configured in `secrets.yaml`, see point 1 of the chapter [Usage in auth_provider mode](#usage-in-auth_provider-mode)

```

./python_scripts/auth-radius.py -U 'username' -P 'password' -s 'radius.example.com' -S 'secret'

```

## Script arguments

> [!IMPORTANT]

> When using keys, keys take precedence over values from secret.yaml and variables passed from Home Assistant

| key  | type | description |

| :--- | :--: | :---------- |

| `-h` | boolean | Get help information |

| `-m` | boolean | Enable meta to output credentials to stdout 
 (Defaults to False) |

| `-U` | string  | Username |

| `-P` | string  | Password |

| `-s` | string  | RADIUS server 
 (Defaults from `secrets.yaml`) |

| `-S` | string  | RADIUS secret 
 (Defaults from `secrets.yaml`) |