Important

The development of django-freeradius has moved to openwisp-radius, we highly suggest users and readers of this documentation to migrate or use the more up to date documentation of openwisp-radius.

Available settings

DJANGO_FREERADIUS_EDITABLE_ACCOUNTING

Default: False

Whether radacct entries are editable from the django admin or not.

DJANGO_FREERADIUS_EDITABLE_POSTAUTH

Default: False

Whether postauth logs are editable from the django admin or not.

DJANGO_FREERADIUS_GROUPCHECK_ADMIN

Default: False

Direct editing of group checks items is disabled by default because these can be edited through inline items in the Radius Group admin (Freeradius > Groups).

This is done with the aim of simplifying the admin interface and avoid overwhelming users with too many options.

If for some reason you need to enable direct editing of group checks you can do so by setting this to True.

DJANGO_FREERADIUS_GROUPREPLY_ADMIN

Default: False

Direct editing of group reply items is disabled by default because these can be edited through inline items in the Radius Group admin (Freeradius > Groups).

This is done with the aim of simplifying the admin interface and avoid overwhelming users with too many options.

If for some reason you need to enable direct editing of group replies you can do so by setting this to True.

DJANGO_FREERADIUS_USERGROUP_ADMIN

Default: False

Direct editing of user group items (radusergroup) is disabled by default because these can be edited through inline items in the User admin (Users and Organizations > Users).

This is done with the aim of simplifying the admin interface and avoid overwhelming users with too many options.

If for some reason you need to enable direct editing of user group items you can do so by setting this to True.

DJANGO_FREERADIUS_DEFAULT_SECRET_FORMAT

Default: NT-Password

The default encryption format for storing radius check values.

DJANGO_FREERADIUS_DISABLED_SECRET_FORMATS

Default: []

A list of disabled encryption formats, by default all formats are enabled in order to keep backward compatibility with legacy systems.

DJANGO_FREERADIUS_RADCHECK_SECRET_VALIDATORS

Default:

{'regexp_lowercase': '[a-z]+',
 'regexp_uppercase': '[A-Z]+',
 'regexp_number': '[0-9]+',
 'regexp_special': '[\!\%\-_+=\[\]\
                   {\}\:\,\.\?\<\>\(\)\;]+'}

Regular expressions regulating the password validation; by default the following character families are required:

  • a lowercase character
  • an uppercase character
  • a number
  • a special character

DJANGO_FREERADIUS_BATCH_DEFAULT_PASSWORD_LENGTH

Default: 8

The default password length of the auto generated passwords while batch addition of users from the csv.

DJANGO_FREERADIUS_BATCH_DELETE_EXPIRED

Default: 18

It is the number of months after which the expired users are deleted.

DJANGO_FREERADIUS_BATCH_PDF_TEMPLATE

It is the template used to generate the pdf when users are being generated using the batch add users feature using the prefix.

The value should be the absolute path to the template of the pdf.

DJANGO_FREERADIUS_API_TOKEN

See API Token.

DJANGO_FREERADIUS_DISPOSABLE_RADIUS_USER_TOKEN

Default: True

Radius user tokens are used for authorizing users.

When this setting is True radius user tokens are deleted right after a successful authorization is performed. This reduces the possibility of attackers reusing the access tokens and posing as other users if they manage to intercept it somehow.

DJANGO_FREERADIUS_API_AUTHORIZE_REJECT

Default: False

Indicates wether the Authorize API view will return {"control:Auth-Type": "Reject"} or not.

Rejecting an authorization request explicitly will prevent freeradius from attempting to perform authorization with other mechanisms (eg: radius checks, LDAP, etc.).

When set to False, if an authorization request fails, the API will respond with None, which will allow freeradius to keep attempting to authorize the request with other freeradius modules.

Set this to True if you are performing authorization exclusively through the REST API.

DJANGO_FREERADIUS_API_ACCOUNTING_AUTO_GROUP

Default: True

When this setting is enabled, every accounting instance saved from the API will have its groupname attribute automatically filled in. The value filled in will be the groupname of the RadiusUserGroup of the highest priority among the RadiusUserGroups related to the user with the username as in the accounting instance. In the event there is no user in the database corresponding to the username in the accounting instance, the failure will be logged with info level but the accounting will be saved as usual.

DJANGO_FREERADIUS_EXTRA_NAS_TYPES

Default: tuple()

This setting can be used to add custom NAS types that can be used from the admin interface when managing NAS instances.

For example, you want a custom NAS type called cisco, you would add the following to your project settings.py:

DJANGO_FREERADIUS_EXTRA_NAS_TYPES = (
    ('cisco', 'Cisco Router'),
)

Sending emails to users

Emails can be sent to users whose usernames or passwords have been autogenerated. The content of these emails can be customized with the settings explained below.

DJANGO_FREERADIUS_BATCH_MAIL_SUBJECT

Default: Credentials

It is the subject of the mail to be sent to the users. Eg: Login Credentials.

DJANGO_FREERADIUS_BATCH_MAIL_MESSAGE

Default: username: {}, password: {}

The message should be a string in the format Your username is {} and password is {}.

The text could be anything but should have the format string operator {} for .format operations to work.

DJANGO_FREERADIUS_BATCH_MAIL_SENDER

Default: settings.DEFAULT_FROM_EMAIL

It is the sender email which is also to be configured in the SMTP settings. The default sender email is a common setting from the Django core settings under DEFAULT_FROM_EMAIL. Currently, DEFAULT_FROM_EMAIL is set to to webmaster@localhost.