Versions Compared

Old Version 2

changes.mady.by.user Kristofer Hallin

Saved on

compared with

New Version 3

changes.mady.by.user Kristofer Hallin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • VM/ physical machine with Linux and Docker.
  • Network access to the NAS(es).
  • Git repositories repository for configuration files etc.

...

  • RADIUS_SERVER_SECRET - The secret to used when communicating with FreeRADIUS.
  • GITREPO_ETC - The Git repository for settings, mentioned above.
  • EDUROAM_R1_SECRET - Secret for primary Eduroam server (optional).
  • EDUROAM_R2_SECRET - Secret for secondary Eduroam server (optional).
  • AD_DOMAIN - Active Directory domain name (ad-lab.local for example) (optional).
  • AD_USERNAME - Active Directory username (optional).
  • AD_PASSWORD - Active Directory password (optional).
  • AD_BASE_DN - Active Directory base DN (optional).
  • AD_DNS_PRIMARY - Active Directory primary DNS server (optional).
  • AD_DNS_SECONDARY - Active Directory secondary DNS server (optional).
  • NTLM_DOMAIN - NTLM domain to use for authorisation (optional).

Docker

To distribute the software Docker is used. First thing we must do is to create a volume to be used for the persistent FreeRADIUS configuration and Postgres database:


To create the volume for Postgres:

Code Block
docker volume create --name=cnaas-postgres-data


And for FreeRADIUS:

Code Block
docker volume create --name=cnaas-radius-etc


Below is an example of a docker-compose.yaml file which can be used to launch the containers needed.

Code Block
languageyml
version: '3.7'
services:
  nac_api:
    image: docker.sunet.se/cnaas-nac/api
    ports:
      - 1443:443
    networks:
      - cnaas
    environment:
      - RADIUS_SLAVE

  nac_radius:
    image: docker.sunet.se/cnaas-nac/radius
    ports:
      - 1812:1812/udp
      - 1813:1813/udp
    networks:
      - cnaas
    environment:
      - EDUROAM_R1_SECRET
      - EDUROAM_R2_SECRET
      - RADIUS_SERVER_SECRET
      - GITREPO_ETC
      - AD_DOMAIN
      - AD_USERNAME
      - AD_PASSWORD
      - AD_BASE_DN
      - NTLM_DOMAIN
      - AD_DNS_PRIMARY
      - AD_DNS_SECONDARY
    depends_on:
      - nac_api

  nac_postgres:
    build: image: docker.sunet.se/cnaas-nac/postgres
    volumes:
      - type: volume
        source: nac-postgres-data
        target: /var/lib/postgresql/data
    environment:
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_DB
    ports:
      - 5432:5432
    networks:
      - cnaas

networks:
  cnaas:
    driver: bridge
    name: cnaas
    ipam:
      config:
      - subnet: 172.30.0.0/24
    driver_opts:
      com.docker.network.bridge.name: br-cnaas

volumes:
  nac-postgres-data:
    external: true