Freeradius Docker image
Lightweight and fast Freeradius3 v3.0.11-r0 server. This image is based on the minimalistic Alpine Linux and is currently 62MB.
How to use
I have made a simple example setup in https://github.com/marcelmaatkamp/docker-compose-applications/tree/master/freeradius. Set the ip-range which will connect to the server and the server-secret in
clients.conf, set the user/password combination in
$ git clone https://github.com/marcelmaatkamp/docker-compose-applications.git &&\ cd docker-compose-applications/freeradius
Start the server
$ docker-compose up -d freeradius
Start a test radius connection
$ docker-compose up freeradius-test
The docker-compose.yml contains a container called 'freeradius-test' which will send a auth-request to the server which after succes will print
freeradius-test_1 | Sending Access-Request of id 95 to 172.25.0.100 port 1812 freeradius-test_1 | User-Name = "testing" freeradius-test_1 | User-Password = "password" freeradius-test_1 | NAS-IP-Address = 172.25.0.101 freeradius-test_1 | NAS-Port = 0 freeradius-test_1 | Message-Authenticator = 0x00000000000000000000000000000000 freeradius-test_1 | rad_recv: Access-Accept packet from host 172.25.0.100 port 1812, id=95, length=20
Why on earth freeradius will only generate certificates when you set the logging more verbose (radiusd -xx) is beyond me, but I put the switch in the Dockerfile and made a example setup in https://github.com/marcelmaatkamp/docker-compose-applications/tree/master/freeradius
As of 10/31 default image does not run.
no changes to default commands.
I dont see where/how the environment variables are being used. It's not used internally by freeradius, right? I dont' see these variables being populated anywhere, including clients.conf. When I attempt to authenticate I get - "Ignoring request to authentication address * port 1812 from unknown client"
Looks like alpine:edge includes freeraduis with eap but doen't a valid config file. I have switched this build to alpine:3.1 (the most stable version pf alipne as of date) and that seems to be running fine. I am sorry I didn't read your comment earlier!
As of freeradius 3.0.11, radiusd complains and exits if eap exists as a module but isn't configured. Added the following to the dockerfile RUN section:
I don't need eap.
Going through the alpine package, it looks as though the eap config directives are commented out in the patch.
Thus the errors.
Radius won't start
Error: /etc/raddb/mods-enabled/eap: Failed to find 'Auth-Type EAP' section. Cannot authenticate users.
Error: /etc/raddb/mods-enabled/eap: Instantiation failed for module "eap"
It seems that alpine switched to freeradius3 as the default version causing the build tot fail. The image is now working again.