FreeRADIUS+EAP in Alpine based docker container
I'd like to run FreeRADIUS in a docker container, but I can't start it with the default config. (I am not sure if this is the right place for my question or should I go to an alpine forum/list.) What I do: $ docker run -it alpine # apk add freeradius-eap make openssl # cd /etc/raddb/certs # ./bootstrap # radiusd -X What I wait: it starts radius server. What I get instead of it: an error message. # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap /etc/raddb/mods-enabled/eap[14]: Failed to find 'Auth-Type EAP' section. Cannot authenticate users. /etc/raddb/mods-enabled/eap[14]: Instantiation failed for module "eap" But... If I edit /etc/raddb/sites-enabled/default and change authenticate { ... -eap ... } to authenticate { ... eap ... } then it starts with no error. I've tried to compare the logs with "diff -y --suppress-common-lines wrong.log good.log" and in the left column I get only that error message. Have you got any idea, what happens, what is the problem with the conditional loading of eap module? Regards, Victor Sugo
On Sep 20, 2020, at 2:01 AM, victorsugo via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I'd like to run FreeRADIUS in a docker container, but I can't start it with the default config. (I am not sure if this is the right place for my question or should I go to an alpine forum/list.)
Here is fine. There are official docker containers here: https://hub.docker.com/r/freeradius/freeradius-server
What I do: $ docker run -it alpine # apk add freeradius-eap make openssl # cd /etc/raddb/certs # ./bootstrap # radiusd -X
What I wait: it starts radius server. What I get instead of it: an error message.
# Instantiating module "eap" from file /etc/raddb/mods-enabled/eap /etc/raddb/mods-enabled/eap[14]: Failed to find 'Auth-Type EAP' section. Cannot authenticate users. /etc/raddb/mods-enabled/eap[14]: Instantiation failed for module "eap"
But... If I edit /etc/raddb/sites-enabled/default and change authenticate { ... -eap ... }
Hmm... someone in Debian edited the default configuration and broke it. We don't recommend doing that. The "-eap" text isn't in the default configuration. So whoever made that package didn't test it.
to
authenticate { ... eap ... }
then it starts with no error.
That's the correct change.
I've tried to compare the logs with "diff -y --suppress-common-lines wrong.log good.log" and in the left column I get only that error message. Have you got any idea, what happens, what is the problem with the conditional loading of eap module?
The EAP module tries to check for broken configurations, and the "-" in "-eap" confuses it. I'll push a fix. But in the mean time, just removing the "-" is fine. Alan DeKok.
participants (2)
-
Alan DeKok -
victorsugo