Overrides for sites-available/inner-tunnel

[Roddie Hasan]

On Tue, Apr 13, 2021 at 12:50 PM Alan DeKok <aland at deployingradius.com> wrote:
>
>   We're also happy to take examples and add them to the default configuration.
>

Thanks for the reply, Alan - Once I can get this process figured out
(I think I have already), we can figure out an appropriate place for
them to be included.  At the end of the day, it's really just a simple
dot1x and RADIUS with a Cisco switch PoC, and we just happen to also
be pushing a TrustSec SGT along with the VLAN.  I'm honestly surprised
the setting that I found this morning isn't more commonly needed.

> > The way I see it, I have three options:
>
>   If you can set it via an environment variable, you can do:
>
>         if ($ENV{FOO})
>
>   and tell users to set FOO=0 or FOO=1 as they need.

Oh, interesting idea.  I'm not even 100% what we're testing for in
this section - Maybe "use_tunneled_reply" from mods-available/eap?

Also, it seems to be a completely different structure in 4.x which
actually has a "use_tunneled_reply" in the inner-tunnel file.  My
problem is that I started with 3.x, which is the latest version on
Docker Hub, so I'm going to have to redo this if/when it's upgraded
and probably document both settings on my repo for those who aren't
using Docker.  No big deal.

> > Are these the only options I have or is there a way to easily override
> > this setting from another file?
>
>   You can also do:
>
>         if (${foo})
>
>   and then in the main radiusd.conf file, set:

Another good suggestion, except that would involve breaking out
radiusd.conf from the container for the user to mount, which is a
similar solution to Option #2 in my OP.

I kind of figured that was my only path, but I wanted to check with y'all first.

Related: Are there plans or is there an appetite for an Alpine-based
Docker image for FreeRADIUS 4.x?

Thanks again!
Roddie