FreeRADIUS+EAP in Alpine based docker container

Alan DeKok aland at
Sun Sep 20 15:38:27 CEST 2020

On Sep 20, 2020, at 2:01 AM, victorsugo via Freeradius-Users <freeradius-users at> wrote:
> I'd like to run FreeRADIUS in a docker container, but I can't start it with the default config.
> (I am not sure if this is the right place for my question or should I go to an alpine forum/list.)

  Here is fine.

  There are official docker containers here:

> What I do:
> $ docker run -it alpine
> # apk add freeradius-eap make openssl
> # cd /etc/raddb/certs
> # ./bootstrap
> # radiusd -X
> What I wait: it starts radius server.
> What I get instead of it: an error message.
> # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
> /etc/raddb/mods-enabled/eap[14]: Failed to find 'Auth-Type EAP' section. Cannot authenticate users.
> /etc/raddb/mods-enabled/eap[14]: Instantiation failed for module "eap"
> But... If I edit /etc/raddb/sites-enabled/default and change
> authenticate {
> ...
> -eap
> ...
> }

  Hmm... someone in Debian edited the default configuration and broke it.  We don't recommend doing that.

  The "-eap" text isn't in the default configuration.  So whoever made that package didn't test it.

> to
> authenticate {
> ...
> eap
> ...
> }
> then it starts with no error.

  That's the correct change.

> I've tried to compare the logs with "diff -y --suppress-common-lines wrong.log good.log" and in the left column I get only that error message.
> Have you got any idea, what happens, what is the problem with the conditional loading of eap module?

  The EAP module tries to check for broken configurations, and the "-" in "-eap" confuses it.  I'll push a fix.

  But in the mean time, just removing the "-" is fine.

  Alan DeKok.

More information about the Freeradius-Users mailing list