Freeradius with ldap support

2020-04-16 21:40:49 +02:00 · 2020-04-16 21:40:49 +02:00 · 95085dde8b
parent caa50e46dd
commit 95085dde8b
5 changed files with 94 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -24,3 +24,10 @@ in your home directory).
 ```
 $ docker logout [registryUrl]
 ```
+
+## Test image locally
+
+```
+$ docker run -d --name [containerName] [registryUrl]/[imageName]:[tag]
+```
+
--- a/freeradius/Dockerfile
+++ b/freeradius/Dockerfile
@ -0,0 +1,13 @@
+FROM freeradius/freeradius-server:3.0.20
+
+RUN apt-get update \
+    && apt-get install -y patch \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY default.patch inner-tunnel.patch ./
+
+RUN echo "Patching site config files to use LDAP module" \
+    && patch /etc/raddb/sites-available/default default.patch \
+    && patch /etc/raddb/sites-available/inner-tunnel inner-tunnel.patch
+
+COPY eap /etc/raddb/mods-enabled/
--- a/freeradius/default.patch
+++ b/freeradius/default.patch
@ -0,0 +1,24 @@
+--- default	2019-11-14 17:00:00.000000000 +0000
+++ default.local	2020-04-16 11:02:21.483549795 +0000
+@@ -419,7 +419,7 @@
+ 
+ 	#
+ 	#  The ldap module reads passwords from the LDAP database.
+-	-ldap
+	ldap
+ 
+ 	#
+ 	#  Enforce daily limits on time spent logged in.
+@@ -530,9 +530,9 @@
+ 	#  authentication server, and knows what to do with authentication.
+ 	#  LDAP servers do not.
+ 	#
+-#	Auth-Type LDAP {
+-#		ldap
+-#	}
+	Auth-Type LDAP {
+		ldap
+	}
+ 
+ 	#
+ 	#  Allow EAP authentication.
--- a/freeradius/eap
+++ b/freeradius/eap
@ -0,0 +1,26 @@
+
+eap {
+	default_eap_type = ttls
+
+	gtc {
+		auth_type = PAP
+	}
+	tls-config tls-common {
+		private_key_file = ${certdir}/server.pem
+		certificate_file = ${certdir}/server.pem
+		ca_file = ${cadir}/ca.pem
+		tls_min_version = "1.2"
+	}
+	ttls {
+		tls = tls-common
+		default_eap_type = gtc
+		use_tunneled_reply = yes
+		virtual_server = "inner-tunnel"
+	}
+	peap {
+		tls = tls-common
+		default_eap_type = gtc
+		use_tunneled_reply = yes
+		virtual_server = "inner-tunnel"
+	}
+}
--- a/freeradius/inner-tunnel.patch
+++ b/freeradius/inner-tunnel.patch
@ -0,0 +1,24 @@
+--- inner-tunnel	2019-11-14 17:00:00.000000000 +0000
+++ inner-tunnel.local	2020-04-16 10:59:58.519556165 +0000
+@@ -151,7 +151,7 @@
+ 
+ 	#
+ 	#  The ldap module reads passwords from the LDAP database.
+-	-ldap
+	ldap
+ 
+ 	#
+ 	#  Enforce daily limits on time spent logged in.
+@@ -238,9 +238,9 @@
+ 	#  authentication server, and knows what to do with authentication.
+ 	#  LDAP servers do not.
+ 	#
+-#	Auth-Type LDAP {
+-#		ldap
+-#	}
+	Auth-Type LDAP {
+		ldap
+	}
+ 
+ 	#
+ 	#  Allow EAP authentication.