...
- VM/ physical machine with Linux and Docker.
- Network access to the NAS(es).
- Git repositories repository for configuration files etc.
...
- RADIUS_SERVER_SECRET - The secret to used when communicating with FreeRADIUS.
- GITREPO_ETC - The Git repository for settings, mentioned above.
- EDUROAM_R1_SECRET - Secret for primary Eduroam server (optional).
- EDUROAM_R2_SECRET - Secret for secondary Eduroam server (optional).
- AD_DOMAIN - Active Directory domain name (ad-lab.local for example) (optional).
- AD_USERNAME - Active Directory username (optional).
- AD_PASSWORD - Active Directory password (optional).
- AD_BASE_DN - Active Directory base DN (optional).
- AD_DNS_PRIMARY - Active Directory primary DNS server (optional).
- AD_DNS_SECONDARY - Active Directory secondary DNS server (optional).
- NTLM_DOMAIN - NTLM domain to use for authorisation (optional).
Docker
To distribute the software Docker is used. First thing we must do is to create a volume to be used for the persistent FreeRADIUS configuration and Postgres database:
To create the volume for Postgres:
Code Block |
---|
docker volume create --name=cnaas-postgres-data |
And for FreeRADIUS:
Code Block |
---|
docker volume create --name=cnaas-radius-etc |
Below is an example of a docker-compose.yaml file which can be used to launch the containers needed.
Code Block | ||
---|---|---|
| ||
version: '3.7' services: nac_api: image: docker.sunet.se/cnaas-nac/api ports: - 1443:443 networks: - cnaas environment: - RADIUS_SLAVE nac_radius: image: docker.sunet.se/cnaas-nac/radius ports: - 1812:1812/udp - 1813:1813/udp networks: - cnaas environment: - EDUROAM_R1_SECRET - EDUROAM_R2_SECRET - RADIUS_SERVER_SECRET - GITREPO_ETC - AD_DOMAIN - AD_USERNAME - AD_PASSWORD - AD_BASE_DN - NTLM_DOMAIN - AD_DNS_PRIMARY - AD_DNS_SECONDARY depends_on: - nac_api nac_postgres: build: image: docker.sunet.se/cnaas-nac/postgres volumes: - type: volume source: nac-postgres-data target: /var/lib/postgresql/data environment: - POSTGRES_USER - POSTGRES_PASSWORD - POSTGRES_DB ports: - 5432:5432 networks: - cnaas networks: cnaas: driver: bridge name: cnaas ipam: config: - subnet: 172.30.0.0/24 driver_opts: com.docker.network.bridge.name: br-cnaas volumes: nac-postgres-data: external: true |