Freeradius with Docker - got Unknown CA error
Jiuyu Sun
sunjiuyu at gmail.com
Fri Aug 9 21:38:43 CEST 2019
Problem solved! The debug output shows that it was referring to a different
set of certificates.
Thanks both, Alan and Matthew!
On Fri, Aug 9, 2019 at 4:07 AM Matthew Newton <mcn at freeradius.org> wrote:
> On Thu, 2019-08-08 at 18:46 -0700, Jiuyu Sun wrote:
> > Using the same set of certificate, I can run the server directly in
> > Ubuntu.
> > So I doubt the issue is in my Dockerfile.
>
> If those certs work in Ubuntu, but don't in Docker, then that really
> does point to a problem in your Dockerfile.
>
> > In my Dockerfile:
> >
> > FROM ubuntu:18.04
> > RUN apt-get update &&\
> > apt-get install -y freeradius
> > RUN adduser radius
> > WORKDIR /radius
> > EXPOSE 1812/udp 1813/udp
> > COPY radiusd.conf /radius/
> > COPY certs/* /radius/certs/
> > CMD ["/usr/sbin/freeradius", "-d", ".","-f","-x","-lstdout"]
> >
> > I copied all the certificates under the current certs/ directory to
> > /radius/certs/ in the docker environment. In the docker environment,
> > there are still certificate under /etc/freeradius/3.0/certs, will
> > FreeRadius use those certificates instead?
>
> That's where the default configuration says to read them from. If you
> don't change the eap config, it will still read them from there. Read
> the debug output to see what files it is loading. (Or you could paste
> the full debug output to the list, as mentioned here pretty much every
> day.)
>
> Rather than making up your own Dockerfile, why not use the official
> ones?
>
> https://hub.docker.com/r/freeradius/freeradius-server
>
> --
> Matthew
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list