2stacks / docker-freeradius Goto Github PK
View Code? Open in Web Editor NEWFreeradius Server in Docker Container
License: MIT License
Freeradius Server in Docker Container
License: MIT License
In my environment i use Window to debug and develop and linux to create a image, i was has problems with your source code:
Errors reading /etc/raddb/dictionary: dict_init: Dictionary "/etc/raddb/dictionary" is globally writable. Refusing to start due to insecure configuration.
Can be solved changing to the correct file permission:
`
RUN chmod 0640 /etc/raddb/dictionary
&& chmod 0640 /etc/raddb/*.conf
&& chmod 0640 -R /etc/raddb/mods-available
&& chmod 0640 -R /etc/raddb/mods-enabled
&& chmod 0640 -R /etc/raddb/policy.d
&& chmod 0640 -R /etc/raddb/sites-available
&& chmod 0640 -R /etc/raddb/sites-enabled
RUN chown -R root:radius /etc/raddb
`
After change this, i do not received this error again
alpine
SHA: e43a84a848a00788eb0c27604f89d28d305615dbff4695f641f201a3c3b4a151
tag: 3.2
SHA: 8148c42e765c61e8a1b7127cf5983e15389b7a04e25841116b19bb2a63c81989
tag: 3.3
SHA: db5088e58d94ca453feb01067e6385fc9e7cf5e0b09de36c16654dbe48f24a81
tag: 3.6
SHA: be0175f7627b9e91b9fdde66b65a2c43f386e4aa8cf8a767111eeec166ccde9b
tag: 3.7
SHA: 02f7a7ef96f88a71b565eae4fd329ae31942b036f9deec4489c53540c2a18b6d
tag: latest
SHA: 01f62cce4abf1cedc3252a468da9460c66370a75a7a906d28cc5987cd8f54dfb
tag: 3.1
SHA: e8c351330f59e4294cc41324bff126e9c227f19eed042350b54cb6f5c6f17359
tag: 3.4
SHA: 82916f7ca726d33dac66bb8378f13144dd1593da7f448c73e7b72b78eb39874a
tag: 3.5
SHA: a8481361b51ddf09fad2b752fbf48ce4df3b942505c52dac93a883ec804ae9cc
tag: 3.8
SHA: be71bdcb258fa328c3e92757892cb202c706e2f67ebace6021817783a6780019
tag: edge
SHA: 02f7a7ef96f88a71b565eae4fd329ae31942b036f9deec4489c53540c2a18b6d
tag: 3.9
MicroBadger: Docker Hub image alpine has changed https://microbadger.com/images/alpine
Thanks for the great work.
Adding a second OTP layer (on top of mysql passwords) should be a great feature!
See title.
Anyway i got the following problem.
Freeradius starts until:
freeradius-freeradius-1 | including configuration file /etc/raddb/sites-enabled/inner-tunnel
freeradius-freeradius-1 | main {
freeradius-freeradius-1 | security {
freeradius-freeradius-1 | user = "freerad"
freeradius-freeradius-1 | group = "freerad"
freeradius-freeradius-1 | allow_core_dumps = no
freeradius-freeradius-1 | }
freeradius-freeradius-1 | name = "freeradius"
freeradius-freeradius-1 | prefix = "/usr"
freeradius-freeradius-1 | localstatedir = "/var"
freeradius-freeradius-1 | logdir = "/etc/raddb/log/freeradius"
freeradius-freeradius-1 | run_dir = "/var/run/freeradius"
freeradius-freeradius-1 | }
And got this DB error:
freeradius-db-1 | 2022-03-16 10:44:38 8 [Warning] Aborted connection 8 to db: 'unconnected' user: 'unauthenticated' host: '172.26.0.3' (This connection closed normally without authentication)
When i exec in the DB container i can access the DB with the credentials entered in the compose file and the sql mod file.
compose file:
version: '3.2'
services:
freeradius:
image: "2stacks/freeradius"
# ports:
# - "1812:1812/udp"
# - "1813:1813/udp"
volumes:
- "./configs/radius:/etc/raddb"
environment:
- DB_NAME=radius
- DB_HOST=db
- DB_USER=radius
- DB_PASS=radpass
- DB_PORT=3306
- RAD_DEBUG=yes
networks:
- default
depends_on:
- db
links:
- db
restart: always
db:
image: mariadb:latest
volumes:
- "./configs/mysql:/var/lib/mysql"
#ports:
# - "3306:3306"
environment:
- MYSQL_ROOT_PASSWORD=rootpass
- MYSQL_USER=radius
- MYSQL_PASSWORD=radpass
- MYSQL_DATABASE=radius
restart: always
networks:
- default
My DB is migrated from old non docker install.
First of all; thanks for your freeradius container, I've been using it as authentication issue for a while and it has been working great.
Unfortunately after updating from container version 1.3 to latest the authentication doesn't work any more. They all result in failures. I've been using this test as a final test: link.
With version tag 1.3 it works without issues but with latest it results in failures. Do you have any clue what the issue could be? I already compared the versions of freeradius in the container and them seem identical.
I only use a basic docker-compose config and an external database:
version: '3.2'
services:
freeradius:
container_name: radius
image: "2stacks/freeradius:latest"
ports:
- "<IP>:1812:1812/udp"
environment:
- DB_NAME=radius_docker
- DB_HOST=<db IP>
- DB_USER=<db_user>
- DB_PASS=<db_pass>
- DB_PORT=3306
- RADIUS_KEY=<random key>
- RAD_CLIENTS=*
- RAD_DEBUG=yes
restart: always
networks:
infra:
ipv4_address: <IP>
networks:
infra:
external: true
In my environment i use Window to debug and develop and linux to create a image, i was has problems with your source code:
standard_init_linux.go:185: exec user process caused "no such file or directory"
Can be solved with dos2unix:
Changing it:
RUN apk --update add freeradius freeradius-mysql freeradius-eap bash dos2unix
and changing it:
`
RUN chmod +x /usr/local/bin/wait-for-it.sh
&& dos2unix /usr/local/bin/wait-for-it.sh
ADD ./start.sh /start.sh
RUN chmod +x /start.sh
&& dos2unix /start.sh
`
I do not received this error again
Is this project unusable? After I run, check that ports 1812 and 1813 are not open
When i try get your image, i receive this error:
`
pull access denied for freeradius, repository does not exist or may require 'docker login'.
`
When i execute:
sudo docker run -d -t freeradius -p 1812/udp:1812/sdp -p 1813/udp:1813/udp -e DB_HOST=10.224.100.12 -e DB_PORT=32768 -e DB_PASS=c92a666087ae3a8131f371da913a5fa3 -e RADIUS_KEY=d16773ea3ddf0835f72cb11ca9459934 -e RAD_CLIENTS=10.224.100.0/24 2stacks/freeradius
I don't know, if this is a error in permission on docker or in github (a private repo on docker, with open source code on github)
If this project is private, i will create my version of freeradius-server image, but if is public, i send to you my report and suggestion to try contrib with this project.
Where is the configuration file? No search
Or have you already set this option?
As noted in /etc/raddb/certs/README
, bootstrap
scripts is run on first start automatically. So I suggest to not run the bootstrap part in the Dockerfile
but instead let it handle freeradius automatically. In addition, I suggest to add a volume mount for certs
folder which would be populated when first starting docker compose.
I create a custom docker-compose.yml to up my environment (i rename the project to i9corp/freeradius to make a new image)
This is my docker-composer.yml
version: "2"
services:
freeradius:
image: "i9corp/freeradius:latest"
ports:
- "1812:1812/udp"
- "1813:1813/udp"
#volumes:
#- "./configs/radius/users:/etc/raddb/users"
#- "./configs/radius/clients.conf:/etc/raddb/clients.conf"
environment:
- DB_NAME=radius
- DB_HOST=10.224.100.12
- DB_USER=radius
- DB_PASS=c92a666087ae3a8131f371da913a5fa3
- DB_PORT=32768
- RADIUS_KEY=d16773ea3ddf0835f72cb11ca9459934
- RAD_CLIENTS=10.224.100.0/24
- RAD_DEBUG=yes
I have this output when i execute in my linux:
sudo docker-compose up
Recreating dockerfreeradius_freeradius_1
Attaching to dockerfreeradius_freeradius_1
freeradius_1 | wait-for-it.sh: waiting 15 seconds for 10.224.100.12:32768
freeradius_1 | wait-for-it.sh: 10.224.100.12:32768 is available after 0 seconds
freeradius_1 | FreeRADIUS Version 3.0.15
freeradius_1 | Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
freeradius_1 | There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
freeradius_1 | PARTICULAR PURPOSE
freeradius_1 | You may redistribute copies of FreeRADIUS under the terms of the
freeradius_1 | GNU General Public License
freeradius_1 | For more information about these matters, see the file named COPYRIGHT
freeradius_1 | Starting - reading configuration files ...
freeradius_1 | including dictionary file /usr/share/freeradius/dictionary
freeradius_1 | including dictionary file /usr/share/freeradius/dictionary.dhcp
freeradius_1 | including dictionary file /usr/share/freeradius/dictionary.vqp
freeradius_1 | including dictionary file /etc/raddb/dictionary
freeradius_1 | including configuration file /etc/raddb/radiusd.conf
freeradius_1 | including configuration file /etc/raddb/clients.conf
freeradius_1 | including files in directory /etc/raddb/mods-enabled/
freeradius_1 | including configuration file /etc/raddb/mods-enabled/date
freeradius_1 | including configuration file /etc/raddb/mods-enabled/expr
freeradius_1 | including configuration file /etc/raddb/mods-enabled/logintime
freeradius_1 | including configuration file /etc/raddb/mods-enabled/unpack
freeradius_1 | including configuration file /etc/raddb/mods-enabled/chap
freeradius_1 | including configuration file /etc/raddb/mods-enabled/unix
freeradius_1 | including configuration file /etc/raddb/mods-enabled/realm
freeradius_1 | including configuration file /etc/raddb/mods-enabled/files
freeradius_1 | including configuration file /etc/raddb/mods-enabled/expiration
freeradius_1 | including configuration file /etc/raddb/mods-enabled/linelog
freeradius_1 | including configuration file /etc/raddb/mods-enabled/digest
freeradius_1 | including configuration file /etc/raddb/mods-enabled/always
freeradius_1 | including configuration file /etc/raddb/mods-enabled/exec
freeradius_1 | including configuration file /etc/raddb/mods-enabled/dhcp
freeradius_1 | including configuration file /etc/raddb/mods-enabled/soh
freeradius_1 | including configuration file /etc/raddb/mods-enabled/radutmp
freeradius_1 | including configuration file /etc/raddb/mods-enabled/pap
freeradius_1 | including configuration file /etc/raddb/mods-enabled/echo
freeradius_1 | including configuration file /etc/raddb/mods-enabled/dynamic_clients
freeradius_1 | including configuration file /etc/raddb/mods-enabled/mschap
freeradius_1 | including configuration file /etc/raddb/mods-enabled/eap
freeradius_1 | including configuration file /etc/raddb/mods-enabled/attr_filter
freeradius_1 | including configuration file /etc/raddb/mods-enabled/detail.log
freeradius_1 | including configuration file /etc/raddb/mods-enabled/ntlm_auth
freeradius_1 | including configuration file /etc/raddb/mods-enabled/replicate
freeradius_1 | including configuration file /etc/raddb/mods-enabled/sradutmp
freeradius_1 | including configuration file /etc/raddb/mods-enabled/passwd
freeradius_1 | including configuration file /etc/raddb/mods-enabled/cache_eap
freeradius_1 | including configuration file /etc/raddb/mods-enabled/preprocess
freeradius_1 | including configuration file /etc/raddb/mods-enabled/detail
freeradius_1 | including configuration file /etc/raddb/mods-enabled/utf8
freeradius_1 | including configuration file /etc/raddb/mods-enabled/sql
freeradius_1 | including files in directory /etc/raddb/policy.d/
freeradius_1 | including configuration file /etc/raddb/policy.d/control
freeradius_1 | including configuration file /etc/raddb/policy.d/moonshot-targeted-ids
freeradius_1 | including configuration file /etc/raddb/policy.d/abfab-tr
freeradius_1 | including configuration file /etc/raddb/policy.d/dhcp
freeradius_1 | including configuration file /etc/raddb/policy.d/canonicalization
freeradius_1 | including configuration file /etc/raddb/policy.d/operator-name
freeradius_1 | including configuration file /etc/raddb/policy.d/filter
freeradius_1 | including configuration file /etc/raddb/policy.d/eap
freeradius_1 | including configuration file /etc/raddb/policy.d/debug
freeradius_1 | including configuration file /etc/raddb/policy.d/cui
freeradius_1 | including configuration file /etc/raddb/policy.d/accounting
freeradius_1 | including files in directory /etc/raddb/sites-enabled/
freeradius_1 | including configuration file /etc/raddb/sites-enabled/default
freeradius_1 | including configuration file /etc/raddb/sites-enabled/inner-tunnel
freeradius_1 | main {
freeradius_1 | security {
freeradius_1 | allow_core_dumps = no
freeradius_1 | }
freeradius_1 | name = "radiusd"
freeradius_1 | prefix = "/usr/local"
freeradius_1 | localstatedir = "/usr/local/var"
freeradius_1 | logdir = "/usr/local/var/log/radius"
freeradius_1 | run_dir = "/usr/local/var/run/radiusd"
freeradius_1 | }
freeradius_1 | main {
freeradius_1 | name = "radiusd"
freeradius_1 | prefix = "/usr/local"
freeradius_1 | localstatedir = "/usr/local/var"
freeradius_1 | sbindir = "/usr/local/sbin"
freeradius_1 | logdir = "/usr/local/var/log/radius"
freeradius_1 | run_dir = "/usr/local/var/run/radiusd"
freeradius_1 | libdir = "/usr/local/lib"
freeradius_1 | radacctdir = "/usr/local/var/log/radius/radacct"
freeradius_1 | hostname_lookups = no
freeradius_1 | max_request_time = 30
freeradius_1 | cleanup_delay = 5
freeradius_1 | max_requests = 16384
freeradius_1 | pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
freeradius_1 | checkrad = "/usr/local/sbin/checkrad"
freeradius_1 | debug_level = 0
freeradius_1 | proxy_requests = no
freeradius_1 | log {
freeradius_1 | stripped_names = no
freeradius_1 | auth = yes
freeradius_1 | auth_badpass = yes
freeradius_1 | auth_goodpass = yes
freeradius_1 | colourise = yes
freeradius_1 | msg_denied = "You are already logged in - access denied"
freeradius_1 | }
freeradius_1 | resources {
freeradius_1 | }
freeradius_1 | security {
freeradius_1 | max_attributes = 200
freeradius_1 | reject_delay = 1.000000
freeradius_1 | status_server = yes
freeradius_1 | allow_vulnerable_openssl = "no"
freeradius_1 | }
freeradius_1 | }
freeradius_1 | radiusd: #### Loading Realms and Home Servers ####
freeradius_1 | radiusd: #### Loading Clients ####
freeradius_1 | client localhost {
freeradius_1 | ipaddr = 127.0.0.1
freeradius_1 | require_message_authenticator = no
freeradius_1 | secret = <<< secret >>>
freeradius_1 | nas_type = "other"
freeradius_1 | proto = "*"
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | client localhost_ipv6 {
freeradius_1 | ipv6addr = ::1
freeradius_1 | require_message_authenticator = no
freeradius_1 | secret = <<< secret >>>
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | client rad_clients {
freeradius_1 | ipaddr = 10.224.100.0/24
freeradius_1 | require_message_authenticator = no
freeradius_1 | secret = <<< secret >>>
freeradius_1 | nas_type = "other"
freeradius_1 | limit {
freeradius_1 | max_connections = 16
freeradius_1 | lifetime = 0
freeradius_1 | idle_timeout = 30
freeradius_1 | }
freeradius_1 | }
freeradius_1 | Found debugger attached
freeradius_1 | radiusd: #### Instantiating modules ####
freeradius_1 | modules {
freeradius_1 | # Loaded module rlm_date
freeradius_1 | # Loading module "date" from file /etc/raddb/mods-enabled/date
freeradius_1 | date {
freeradius_1 | format = "%b %e %Y %H:%M:%S %Z"
freeradius_1 | utc = no
freeradius_1 | }
freeradius_1 | instantiate {
freeradius_1 | }
freeradius_1 | } # modules
freeradius_1 | radiusd: #### Loading Virtual Servers ####
freeradius_1 | server { # from file /etc/raddb/radiusd.conf
freeradius_1 | } # server
freeradius_1 | radiusd: #### Opening IP addresses and Ports ####
freeradius_1 | The server is not configured to listen on any ports. Cannot start
freeradius_1 | Debugger detected, raising SIGTRAP
freeradius_1 | Trace/breakpoint trap
dockerfreeradius_freeradius_1 exited with code 133
This i do not have solution
I'm getting this error when running docker-compose up -d
rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Reserved connection (0) rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): rlm_sql_mysql: ERROR 1146 (Table 'radius.nas' doesn't exist): 42S02 Failed to load clients from SQL /etc/raddb/mods-enabled/sql[20]: Instantiation failed for module "sql"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.