update freeradius

freeradius/Dockerfile

@@ -7,27 +7,17 @@ MAINTAINER kev <noreply@easypi.info>
 
 RUN set -xe \
     && apk add --no-cache freeradius \
+                          freeradius-mysql \
                           freeradius-radclient \
-                          freeradius-sqlite \
-                          sqlite \
+    && rm -f /etc/raddb/mods-enabled/eap \
     && ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/sql \
-    && sed -i -e 's@driver =.*@driver = "rlm_sql_sqlite"@' \
-              -e 's@dialect =.*@dialect = "sqlite"@' \
-              -e '/sqlite {$/,/}$/{s@^#@@;s@/tmp@/etc/raddb@}' \
+    && sed -i -e 's@driver =.*@driver = "rlm_sql_mysql"@' \
+              -e 's@dialect =.*@dialect = "mysql"@' \
+              -e '/Connection info:/,/^$/{s@^#@@;s@localhost@mysql@}' \
               /etc/raddb/mods-available/sql
 
-RUN set -xe \
-    && cd /etc/raddb \
-    && sqlite3 freeradius.db < /etc/raddb/mods-config/sql/main/sqlite/schema.sql \
-    && echo "INSERT INTO radcheck VALUES('0','user','Cleartext-Password',':=','pass');" | sqlite3 freeradius.db \
-    && radiusd \
-    && radtest user pass localhost 0 testing123 \
-    && echo "DELETE FROM radcheck WHERE id='0';" | sqlite3 freeradius.db
-
 VOLUME /etc/raddb
 
-EXPOSE 1812/udp \
-       1813/udp \
-       47132/udp
+EXPOSE 1812/udp 1813/udp
 
-CMD ["radiusd", "-f"]
+CMD ["radiusd", "-fl", "stdout"]

freeradius/Dockerfile.sqlite

@@ -0,0 +1,33 @@
+#
+# Dockerfile for freeradius
+#
+
+FROM alpine
+MAINTAINER kev <noreply@easypi.info>
+
+RUN set -xe \
+    && apk add --no-cache freeradius \
+                          freeradius-radclient \
+                          freeradius-sqlite \
+                          sqlite \
+    && ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/sql \
+    && sed -i -e 's@driver =.*@driver = "rlm_sql_sqlite"@' \
+              -e 's@dialect =.*@dialect = "sqlite"@' \
+              -e '/sqlite {$/,/}$/{s@^#@@;s@/tmp@/etc/raddb@}' \
+              /etc/raddb/mods-available/sql
+
+RUN set -xe \
+    && cd /etc/raddb \
+    && sqlite3 freeradius.db < mods-config/sql/main/sqlite/schema.sql \
+    && echo "INSERT INTO radcheck VALUES('0','user','Cleartext-Password',':=','pass');" | sqlite3 freeradius.db \
+    && radiusd \
+    && radtest user pass localhost 0 testing123 \
+    && echo "DELETE FROM radcheck WHERE id='0';" | sqlite3 freeradius.db
+
+VOLUME /etc/raddb
+
+EXPOSE 1812/udp \
+       1813/udp \
+       47132/udp
+
+CMD ["radiusd", "-f"]

freeradius/README.md

@@ -0,0 +1,90 @@
+FreeRadius
+==========
+
+[FreeRADIUS][1] includes a RADIUS server, a BSD licensed client library, a PAM
+library, and an Apache module. In most cases, the word FreeRADIUS refers to the
+RADIUS server.
+
+## docker-compose.yml
+
+```yaml
+freeradius:
+  image: vimagick/freeradius
+  ports:
+    - "1812:1812/udp"
+    - "1813:1813/udp"
+  links:
+    - mysql
+  restart: always
+
+mysql:
+  image: mysql
+  volumes:
+    - ./mysql:/docker-entrypoint-initdb.d
+  environment:
+    - MYSQL_ROOT_PASSWORD=root
+  restart: always
+```
+
+## Server Setup
+
+```bash
+$ docker-compose up -d mysql
+$ docker-compose exec mysql mysql -uroot -proot radius
+>>> show tables;
++------------------+
+| Tables_in_radius |
++------------------+
+| nas              |
+| radacct          |
+| radcheck         |
+| radgroupcheck    |
+| radgroupreply    |
+| radpostauth      |
+| radreply         |
+| radusergroup     |
++------------------+
+8 rows in set (0.00 sec)
+
+>>> SHOW GRANTS FOR radius;
++----------------------------------------------------------------+
+| Grants for radius@%                                            |
++----------------------------------------------------------------+
+| GRANT USAGE ON *.* TO 'radius'@'%'                             |
+| GRANT SELECT ON `radius`.* TO 'radius'@'%'                     |
+| GRANT ALL PRIVILEGES ON `radius`.`radacct` TO 'radius'@'%'     |
+| GRANT ALL PRIVILEGES ON `radius`.`radpostauth` TO 'radius'@'%' |
++----------------------------------------------------------------+
+5 rows in set (0.00 sec)
+
+>>> INSERT INTO radcheck(id, username, attribute, op, value) VALUES(0, 'user', 'Cleartext-Password', ':=', 'pass');
+Query OK, 1 row affected (0.00 sec)
+
+>>> EXIT
+Bye
+
+$ docker-compose up -d freeradius
+$ docker-compose exec freeradius sh
+>>> vi /etc/raddb/clients.conf
+>>> exit
+$ docker-compose restart freeradius
+```
+
+```
+# /etc/raddb/clients.conf
+
+client testing {
+        ipaddr = 0.0.0.0/0
+        secret = testing321
+}
+```
+
+## Client Setup
+
+```bash
+# ssh root@192.168.31.231
+$ pacman -S freeradius freeradius-client
+$ radtest user pass 192.168.31.234 0 testing321
+```
+
+[1]: http://freeradius.org/

freeradius/docker-compose.yml

@@ -0,0 +1,16 @@
+freeradius:
+  image: vimagick/freeradius
+  ports:
+    - "1812:1812/udp"
+    - "1813:1813/udp"
+  links:
+    - mysql
+  restart: always
+
+mysql:
+  image: mysql
+  volumes:
+    - ./mysql:/docker-entrypoint-initdb.d
+  environment:
+    - MYSQL_ROOT_PASSWORD=root
+  restart: always

freeradius/mysql/00-setup.sql

@@ -0,0 +1,24 @@
+# -*- text -*-
+##
+## admin.sql -- MySQL commands for creating the RADIUS user.
+##
+##	WARNING: You should change '%' and 'radpass'
+##		 to something else.  Also update raddb/sql.conf
+##		 with the new RADIUS password.
+##
+##	$Id: aff0505a473c67b65cfc19fae079454a36d4e119 $
+
+#
+#  Create default administrator for RADIUS
+#
+CREATE USER 'radius'@'%';
+SET PASSWORD FOR 'radius'@'%' = PASSWORD('radpass');
+
+# The server can read any table in SQL
+GRANT SELECT ON radius.* TO 'radius'@'%';
+
+# The server can write to the accounting and post-auth logging table.
+#
+#  i.e.
+GRANT ALL on radius.radacct TO 'radius'@'%';
+GRANT ALL on radius.radpostauth TO 'radius'@'%';

freeradius/mysql/01-schema.sql

@@ -0,0 +1,153 @@
+CREATE DATABASE radius;
+USE radius;
+
+###########################################################################
+# $Id: ca5ac77aa03dbb86ef714d1a1af647f7e63fda00 $                 #
+#                                                                         #
+#  schema.sql                       rlm_sql - FreeRADIUS SQL Module       #
+#                                                                         #
+#     Database schema for MySQL rlm_sql module                            #
+#                                                                         #
+#     To load:                                                            #
+#         mysql -uroot -prootpass radius < schema.sql                     #
+#                                                                         #
+#                                   Mike Machado <mike@innercite.com>     #
+###########################################################################
+#
+# Table structure for table 'radacct'
+#
+
+CREATE TABLE radacct (
+  radacctid bigint(21) NOT NULL auto_increment,
+  acctsessionid varchar(64) NOT NULL default '',
+  acctuniqueid varchar(32) NOT NULL default '',
+  username varchar(64) NOT NULL default '',
+  groupname varchar(64) NOT NULL default '',
+  realm varchar(64) default '',
+  nasipaddress varchar(15) NOT NULL default '',
+  nasportid varchar(15) default NULL,
+  nasporttype varchar(32) default NULL,
+  acctstarttime datetime NULL default NULL,
+  acctupdatetime datetime NULL default NULL,
+  acctstoptime datetime NULL default NULL,
+  acctinterval int(12) default NULL,
+  acctsessiontime int(12) unsigned default NULL,
+  acctauthentic varchar(32) default NULL,
+  connectinfo_start varchar(50) default NULL,
+  connectinfo_stop varchar(50) default NULL,
+  acctinputoctets bigint(20) default NULL,
+  acctoutputoctets bigint(20) default NULL,
+  calledstationid varchar(50) NOT NULL default '',
+  callingstationid varchar(50) NOT NULL default '',
+  acctterminatecause varchar(32) NOT NULL default '',
+  servicetype varchar(32) default NULL,
+  framedprotocol varchar(32) default NULL,
+  framedipaddress varchar(15) NOT NULL default '',
+  PRIMARY KEY (radacctid),
+  UNIQUE KEY acctuniqueid (acctuniqueid),
+  KEY username (username),
+  KEY framedipaddress (framedipaddress),
+  KEY acctsessionid (acctsessionid),
+  KEY acctsessiontime (acctsessiontime),
+  KEY acctstarttime (acctstarttime),
+  KEY acctinterval (acctinterval),
+  KEY acctstoptime (acctstoptime),
+  KEY nasipaddress (nasipaddress)
+) ENGINE = INNODB;
+
+#
+# Table structure for table 'radcheck'
+#
+
+CREATE TABLE radcheck (
+  id int(11) unsigned NOT NULL auto_increment,
+  username varchar(64) NOT NULL default '',
+  attribute varchar(64)  NOT NULL default '',
+  op char(2) NOT NULL DEFAULT '==',
+  value varchar(253) NOT NULL default '',
+  PRIMARY KEY  (id),
+  KEY username (username(32))
+);
+
+#
+# Table structure for table 'radgroupcheck'
+#
+
+CREATE TABLE radgroupcheck (
+  id int(11) unsigned NOT NULL auto_increment,
+  groupname varchar(64) NOT NULL default '',
+  attribute varchar(64)  NOT NULL default '',
+  op char(2) NOT NULL DEFAULT '==',
+  value varchar(253)  NOT NULL default '',
+  PRIMARY KEY  (id),
+  KEY groupname (groupname(32))
+);
+
+#
+# Table structure for table 'radgroupreply'
+#
+
+CREATE TABLE radgroupreply (
+  id int(11) unsigned NOT NULL auto_increment,
+  groupname varchar(64) NOT NULL default '',
+  attribute varchar(64)  NOT NULL default '',
+  op char(2) NOT NULL DEFAULT '=',
+  value varchar(253)  NOT NULL default '',
+  PRIMARY KEY  (id),
+  KEY groupname (groupname(32))
+);
+
+#
+# Table structure for table 'radreply'
+#
+
+CREATE TABLE radreply (
+  id int(11) unsigned NOT NULL auto_increment,
+  username varchar(64) NOT NULL default '',
+  attribute varchar(64) NOT NULL default '',
+  op char(2) NOT NULL DEFAULT '=',
+  value varchar(253) NOT NULL default '',
+  PRIMARY KEY  (id),
+  KEY username (username(32))
+);
+
+
+#
+# Table structure for table 'radusergroup'
+#
+
+CREATE TABLE radusergroup (
+  username varchar(64) NOT NULL default '',
+  groupname varchar(64) NOT NULL default '',
+  priority int(11) NOT NULL default '1',
+  KEY username (username(32))
+);
+
+#
+# Table structure for table 'radpostauth'
+#
+CREATE TABLE radpostauth (
+  id int(11) NOT NULL auto_increment,
+  username varchar(64) NOT NULL default '',
+  pass varchar(64) NOT NULL default '',
+  reply varchar(32) NOT NULL default '',
+  authdate timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  PRIMARY KEY  (id)
+) ENGINE = INNODB;
+
+#
+# Table structure for table 'nas'
+#
+CREATE TABLE nas (
+  id int(10) NOT NULL auto_increment,
+  nasname varchar(128) NOT NULL,
+  shortname varchar(32),
+  type varchar(30) DEFAULT 'other',
+  ports int(5),
+  secret varchar(60) DEFAULT 'secret' NOT NULL,
+  server varchar(64),
+  community varchar(50),
+  description varchar(200) DEFAULT 'RADIUS Client',
+  PRIMARY KEY (id),
+  KEY nasname (nasname)
+);

freeradius/mysql/README.md

@@ -0,0 +1,46 @@
+FreeRadius MySQL
+================
+
+## SQL Patch
+
+```
+$ wget https://github.com/FreeRADIUS/freeradius-server/raw/release_3_0_11/raddb/mods-config/sql/main/mysql/setup.sql
+$ wget https://github.com/FreeRADIUS/freeradius-server/raw/release_3_0_11/raddb/mods-config/sql/main/mysql/schema.sql
+```
+
+File: 00-setup.sql
+
+```diff
+#
+#  Create default administrator for RADIUS
+#
+CREATE USER [-'radius'@'localhost';-]{+'radius'@'%';+}
+SET PASSWORD FOR [-'radius'@'localhost'-]{+'radius'@'%'+} = PASSWORD('radpass');
+
+# The server can read any table in SQL
+GRANT SELECT ON radius.* TO [-'radius'@'localhost';-]{+'radius'@'%';+}
+
+# The server can write to the accounting and post-auth logging table.
+#
+#  i.e.
+GRANT ALL on radius.radacct TO [-'radius'@'localhost';-]{+'radius'@'%';+}
+GRANT ALL on radius.radpostauth TO [-'radius'@'localhost';-]{+'radius'@'%';+}
+```
+
+File: 01-schema.sql
+
+```diff
+@@ -1,5 +1,8 @@
++CREATE DATABASE radius;
++USE radius;
+```
+
+## MySQL Setup
+
+```ini
+server = "mysql"
+port = 3306
+login = "radius"
+password = "radpass"
+radius_db = "radius"
+```