Freeradius with ldap support

This commit is contained in:
Juan Ferrer 2020-04-16 21:40:49 +02:00
parent caa50e46dd
commit 95085dde8b
5 changed files with 94 additions and 0 deletions

View File

@ -24,3 +24,10 @@ in your home directory).
```
$ docker logout [registryUrl]
```
## Test image locally
```
$ docker run -d --name [containerName] [registryUrl]/[imageName]:[tag]
```

13
freeradius/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
FROM freeradius/freeradius-server:3.0.20
RUN apt-get update \
&& apt-get install -y patch \
&& rm -rf /var/lib/apt/lists/*
COPY default.patch inner-tunnel.patch ./
RUN echo "Patching site config files to use LDAP module" \
&& patch /etc/raddb/sites-available/default default.patch \
&& patch /etc/raddb/sites-available/inner-tunnel inner-tunnel.patch
COPY eap /etc/raddb/mods-enabled/

24
freeradius/default.patch Normal file
View File

@ -0,0 +1,24 @@
--- default 2019-11-14 17:00:00.000000000 +0000
+++ default.local 2020-04-16 11:02:21.483549795 +0000
@@ -419,7 +419,7 @@
#
# The ldap module reads passwords from the LDAP database.
- -ldap
+ ldap
#
# Enforce daily limits on time spent logged in.
@@ -530,9 +530,9 @@
# authentication server, and knows what to do with authentication.
# LDAP servers do not.
#
-# Auth-Type LDAP {
-# ldap
-# }
+ Auth-Type LDAP {
+ ldap
+ }
#
# Allow EAP authentication.

26
freeradius/eap Normal file
View File

@ -0,0 +1,26 @@
eap {
default_eap_type = ttls
gtc {
auth_type = PAP
}
tls-config tls-common {
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
ca_file = ${cadir}/ca.pem
tls_min_version = "1.2"
}
ttls {
tls = tls-common
default_eap_type = gtc
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
peap {
tls = tls-common
default_eap_type = gtc
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
}

View File

@ -0,0 +1,24 @@
--- inner-tunnel 2019-11-14 17:00:00.000000000 +0000
+++ inner-tunnel.local 2020-04-16 10:59:58.519556165 +0000
@@ -151,7 +151,7 @@
#
# The ldap module reads passwords from the LDAP database.
- -ldap
+ ldap
#
# Enforce daily limits on time spent logged in.
@@ -238,9 +238,9 @@
# authentication server, and knows what to do with authentication.
# LDAP servers do not.
#
-# Auth-Type LDAP {
-# ldap
-# }
+ Auth-Type LDAP {
+ ldap
+ }
#
# Allow EAP authentication.