Hide
Services/Collaborations
Campus Network as a Service
Prerequisites
- VM/ physical machine with Linux and Docker.
- Network access to the NAS(es).
- Git repositories for configuration files etc.
Git repositories and settings
To store settings and configuration we need one Git repository. The repository used for etc-files in CNaaS can be used, or a completely new one. In the lab installation of CNaaS NAC, we have the following files stored:
- clients.conf - FreeRADIUS client configuration.
- krb5.conf - Kerberos configuration for AD integration.
- proxy.conf - Proxy configuration, tells FreeRADIUS which packets to pass on to Eduroam etc.
- radiusd.conf - FreeRADIUS server configuration.
- site-default - FreeRADIUS default logic.
- smb.conf - Samba configuration for AD integration.
We must also store settings in Hiera, preferably as encrypted data using EYAML. The following data must be available:
- RADIUS_SERVER_SECRET - The secret to used when communicating with FreeRADIUS.
- GITREPO_ETC - The Git repository for settings, mentioned above.
- EDUROAM_R1_SECRET - Secret for primary Eduroam server (optional).
- EDUROAM_R2_SECRET - Secret for secondary Eduroam server (optional).
- AD_DOMAIN - Active Directory domain name (ad-lab.local for example) (optional).
- AD_USERNAME - Active Directory username (optional).
- AD_PASSWORD - Active Directory password (optional).
- AD_BASE_DN - Active Directory base DN (optional).
- AD_DNS_PRIMARY - Active Directory primary DNS server (optional).
- AD_DNS_SECONDARY - Active Directory secondary DNS server (optional).
- NTLM_DOMAIN - NTLM domain to use for authorisation (optional).