FREERADIUS WITH MIKROTIK – Part #1 – General Tip’s Click here to read more on FR tutorials …
Disclaimer! This is important!
Every Network is different , so one solution cannot be applied to all. Therefore try to understand the logic & create your own solution as per your network scenario. Just dont follow copy paste.
If anybody here thinks I am an expert on this stuff, I am NOT certified in anything Mikrotik/Cisco/Linux or Windows. However I have worked with some core networks and I read , research & try stuff all of the time. So I am not speaking/posting about stuff I am formerly trained in, I pretty much go with experience and what I have learned on my own. And , If I don’t know something then I read & learn all about it.
So , please don’t hold me/my-postings to be always 100 percent correct. I make mistakes just like everybody else. However – I do my best, learn from my mistakes and always try to help others.
Scenario:
We have a FREERADIUS server configured as AAA for local ppp users. All accounts username name/passwords are added in RADCHECK table as per Freeradius default scheme. Passwords are stored as Cleartext-Password As showed in the image below …
We also have playSMS configured to facilitate various SMS base functions including user information , renewal, kicking etc with various controls and checks.
Requirements:
IF user sends sms to our billing system (to playsms server) with specific keywords like
forgotpass USERNAME
then the system should perform various checks like
- Compare the sender number with the mobile number associate with USERNAME,
- Check account status like IF account is active or expired either by date or quota or uptime,
- If all replies are clear, then retrieve password from radcheck value, and send back to user as return reply.
in this example I am using dmasoftlab RADIUS Manager which provides its own builtin tool like `RMAUTH` which we will be using for some controls verification. Although DMA do provides its own method to retrieve password, but regardless of it, we are sharing idea which can be used to perform other functions as well too.
This is just for example purposes only, you can add remove your own controls.
Build your own solution, Sky is the only limit !
Bash Script ! forgotpass.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 | #!/bin/bash#set -xDATE=$(date '+%Y-%m-%d__%H-%M-%S')# MYSQL USER NAME AND PASSWORD VariablesSQLUSER="root"SQLPASS="SQLROOTPASSSQLHOST="localhost"SQLPORT="3306"DB="radius"export MYSQL_PWD=$SQLPASSCURRENCY="PKR"CMD="mysql -u$SQLUSER -p$SQLPASS -h$SQLHOST --port=$SQLPORT --skip-column-names -e"RMAUTH=`/usr/local/bin/rmauth`FOOTER="Powered by Syed Jahanzaib"TMP="/tmp/forgotpass_incoming_sms__$DATE.sms"> $TMP# Strip user name and card number separate oterhwise playsms will treat both variables as oneecho $1 $2 > $TMPUSR=`cat $TMP | awk '{print $1}'`SENDER_MOBILE=`cat $TMP | awk '{print $2}'`# Check User variable if supplied or notif [ -z "$USR" ]; thenecho "Username not supplied!"exit 1fi# Check Mobile if supplied or not,if [ -z "$SENDER_MOBILE" ]; thenecho "Mobile Number not supplied!"exit 1fi#Check if user is in DB or notIS_USER_VARIABLE_VALID=`$CMD "use $DB; SELECT username FROM rm_users WHERE username = '$USR';"`if [ -z "$IS_USER_VARIABLE_VALID" ]; thenecho "Username not Found in the System!"exit 1fi# Verify mobile number with sender numberUSER_MOB_IN_DB=`$CMD "use $DB; SELECT mobile FROM rm_users WHERE username = '$USR'";`if [ "$SENDER_MOBILE" != "$USER_MOB_IN_DB" ]; thenecho "Sender Mobile Number could not be verified with $USR account!"exit 1fiIS_USER_ACTIVE=`/usr/local/bin/rmauth 127.0.0.1 $USR 1 |grep -c "Total traffic limit reached!"`if [ "$IS_USER_ACTIVE" -eq 1 ];thenecho "Account quota limit have finished , please recharge it first!"exit 1fiIS_USER_ACTIVE=`/usr/local/bin/rmauth 127.0.0.1 $USR 1 |grep -c "expired!"`if [ "$IS_USER_ACTIVE" -eq 1 ];thenecho "Your account have expired , please recharge it first!"exit 1fi#$CMD "use $DB; UPDATE rm_users SET password = MD5('$SENDER_MOBILE') WHERE username = '$USR';"CUR_PASS=`$CMD "use $DB; select value from radcheck where attribute = 'Cleartext-Password' and username = '$USR';"`echo "Your Password is = $CUR_PASS$FOOTER" |
* playSMS Command Setting
Copy the forgotpass.sh script in /var/lib/playsms/sms_command/1/ folder, then add command in playsms As showed in the image below …
* RESULT:
(Note: Password is different as showed in the RADCHECK, ignore it, as it was changed later)
* PLAYSMS_LOGS
1 2 3 4 5 6 7 8 9 | 127.0.0.1 localhost 2018-07-17 16:34:38 PID5b4dd44e3d47b - L2 kannel__call # start load:/var/www/playsms/plugin/gateway/kannel/geturl.php127.0.0.1 localhost 2018-07-17 16:34:38 PID5b4dd44e3d47b - L3 kannel__incoming # remote_addr:127.0.0.1 remote_host:localhost t:[2018-07-17 18:34:23] q:[+923333021909] a:[Forgotpass zaib] Q:[13013] smsc:[] smsc:[]127.0.0.1 localhost 2018-07-17 16:34:38 PID5b4dd44e3d47b - L3 recvsms # isrecvsmsd:1 dt:2018-07-17 18:34:23 sender:+923333021909 m:Forgotpass zaib receiver:13013 smsc:127.0.0.1 localhost 2018-07-17 16:34:38 PID5b4dd44e3d47b - L2 kannel__call # end load geturl- - 2018-07-17 16:34:38 PID5b4019f3e7183 admin L3 recvsmsd # id:7861 dt:2018-07-17 18:34:23 sender:+923333021909 m:Forgotpass zaib receiver:13013 smsc:- - 2018-07-17 16:34:38 PID5b4019f3e7183 admin L3 recvsms_process # dt:2018-07-17 18:34:23 sender:+923333021909 m:Forgotpass zaib receiver:13013 smsc:- - 2018-07-17 16:34:38 PID5b4019f3e7183 admin L3 gateway_decide_smsc # SMSC supplied:[] configured:[] decided smsc:[]- - 2018-07-17 16:34:38 PID5b4019f3e7183 admin L3 sms__command # command_exec:/var/lib/playsms/sms_command/1/forgotpass.sh 'zaib' '+923333021909'- - 2018-07-17 16:34:38 PID5b4019f3e7183 admin L3 sms__command # command_output:Your Password is = mypass123 Powered by Syed Jahanzaib |
