Skip to content

Python script for Home Assistant that adding authentication via RADIUS

License

Notifications You must be signed in to change notification settings

Losenmann/auth-radius

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Auth RADIUS

Python Home Assistant HACS Release Maintainer

Python script for Home Assistant adding authentication via RADIUS
The project is based on the library pyrad

Overview

The script is designed to authenticate users in Home Assistant via a RADIUS server. This allows you to centrally manage user access.
The script supports 2 launch modes: auth_providers and CLI. For correct operation, you must add to the dictionary in the RADIUS server dictionary file.

Install

  • Method 1. HACS > Python Script > Add > Auth Radius > Install

  • Method 2. Copy the manually auth-radius.py from latest release to path /config/python_scripts

Usage in auth_provider mode

Setupe

  • Home Assistant
    1. Set connection parameters in the secrets.yaml file
      radius_server: "dns_or_ip_addreess_radius_server"
      radius_secret: "radius_server_secret"
    2. In the configuration.yaml file add the configuration, the authentication order matters
      homeassistant:
        auth_providers:
          - type: command_line
            command: '/usr/local/bin/python'
            args: ['/config/python_scripts/auth-radius.py', '-m']
            meta: true
          - type: homeassistant

Note

You can remove the meta: true directive so that the script does not write some variables to standard output to populate the user account created in Home Assistant with additional data

  • RADIUS
    1. Add data from the file dictionary to the RADIUS server's dictionary file

    2. Set the user's Hass-Group attribute to system-users

      Attribute Type Value Description
      Hass-Group string system-users
      system-admin
      User group
      Hass-Local-Only byte 0
      1
      Local login only
      (Defaults to 0)
      Hass-Is-Active byte 0
      1
      Activate user account
      (Defaults to 1)

Usage in CLI mode

In CLI mode, you need to set execution permissions chmod +x ./python_scripts/auth-ldap.py
Or run via Python python ./python_scripts/auth-radius.py

Note

RADIUS connection parameters can be configured in secrets.yaml, see point 1 of the chapter Usage in auth_provider mode

./python_scripts/auth-radius.py -U 'username' -P 'password' -s 'radius.example.com' -S 'secret'

Script arguments

Important

When using keys, keys take precedence over values ​​from secret.yaml and variables passed from Home Assistant

key type description
-h boolean Get help information
-m boolean Enable meta to output credentials to stdout
(Defaults to False)
-U string Username
-P string Password
-s string RADIUS server
(Defaults from secrets.yaml)
-S string RADIUS secret
(Defaults from secrets.yaml)