Freeradius with ldap support
This commit is contained in:
parent
caa50e46dd
commit
95085dde8b
|
@ -24,3 +24,10 @@ in your home directory).
|
|||
```
|
||||
$ docker logout [registryUrl]
|
||||
```
|
||||
|
||||
## Test image locally
|
||||
|
||||
```
|
||||
$ docker run -d --name [containerName] [registryUrl]/[imageName]:[tag]
|
||||
```
|
||||
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
FROM freeradius/freeradius-server:3.0.20
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y patch \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY default.patch inner-tunnel.patch ./
|
||||
|
||||
RUN echo "Patching site config files to use LDAP module" \
|
||||
&& patch /etc/raddb/sites-available/default default.patch \
|
||||
&& patch /etc/raddb/sites-available/inner-tunnel inner-tunnel.patch
|
||||
|
||||
COPY eap /etc/raddb/mods-enabled/
|
|
@ -0,0 +1,24 @@
|
|||
--- default 2019-11-14 17:00:00.000000000 +0000
|
||||
+++ default.local 2020-04-16 11:02:21.483549795 +0000
|
||||
@@ -419,7 +419,7 @@
|
||||
|
||||
#
|
||||
# The ldap module reads passwords from the LDAP database.
|
||||
- -ldap
|
||||
+ ldap
|
||||
|
||||
#
|
||||
# Enforce daily limits on time spent logged in.
|
||||
@@ -530,9 +530,9 @@
|
||||
# authentication server, and knows what to do with authentication.
|
||||
# LDAP servers do not.
|
||||
#
|
||||
-# Auth-Type LDAP {
|
||||
-# ldap
|
||||
-# }
|
||||
+ Auth-Type LDAP {
|
||||
+ ldap
|
||||
+ }
|
||||
|
||||
#
|
||||
# Allow EAP authentication.
|
|
@ -0,0 +1,26 @@
|
|||
|
||||
eap {
|
||||
default_eap_type = ttls
|
||||
|
||||
gtc {
|
||||
auth_type = PAP
|
||||
}
|
||||
tls-config tls-common {
|
||||
private_key_file = ${certdir}/server.pem
|
||||
certificate_file = ${certdir}/server.pem
|
||||
ca_file = ${cadir}/ca.pem
|
||||
tls_min_version = "1.2"
|
||||
}
|
||||
ttls {
|
||||
tls = tls-common
|
||||
default_eap_type = gtc
|
||||
use_tunneled_reply = yes
|
||||
virtual_server = "inner-tunnel"
|
||||
}
|
||||
peap {
|
||||
tls = tls-common
|
||||
default_eap_type = gtc
|
||||
use_tunneled_reply = yes
|
||||
virtual_server = "inner-tunnel"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
--- inner-tunnel 2019-11-14 17:00:00.000000000 +0000
|
||||
+++ inner-tunnel.local 2020-04-16 10:59:58.519556165 +0000
|
||||
@@ -151,7 +151,7 @@
|
||||
|
||||
#
|
||||
# The ldap module reads passwords from the LDAP database.
|
||||
- -ldap
|
||||
+ ldap
|
||||
|
||||
#
|
||||
# Enforce daily limits on time spent logged in.
|
||||
@@ -238,9 +238,9 @@
|
||||
# authentication server, and knows what to do with authentication.
|
||||
# LDAP servers do not.
|
||||
#
|
||||
-# Auth-Type LDAP {
|
||||
-# ldap
|
||||
-# }
|
||||
+ Auth-Type LDAP {
|
||||
+ ldap
|
||||
+ }
|
||||
|
||||
#
|
||||
# Allow EAP authentication.
|
Loading…
Reference in New Issue