Containerized FreeRadius server with Google Secure LDAP support built for amd64 and arm64 platforms.
Based on the work of:
- The FreeRADIUS maintainers
- hacor's unifi-freeradius-ldap project
docker compose up| ENV-Var | Required | Sample | Description |
|---|---|---|---|
ACCESS_ALLOWED_CIDR |
Yes | 192.168.1.0/24 |
The CIDR allowed to access the radius service |
SHARED_SECRET |
Yes | testing123 |
Radius pre shared secret |
BASE_DOMAIN |
Yes | example |
Base of your domain (example.com->example) |
DOMAIN_EXTENSION |
Yes | com |
TLD of your domain (example.com->com) |
GOOGLE_LDAP_USERNAME |
Yes | serviceuser |
Credentials generated from Google Secure LDAP |
GOOGLE_LDAP_PASSWORD |
Yes | password |
Credentials generated from Google Secure LDAP |
You can use OpenSSL to generate your own certificates. The following steps will guide you through the process.
-
Generate the CA key
openssl genrsa -out ca.key 4096
-
Generate the CA Certificate - Remember to answer the questions
# CA cert valid for 10 years openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.pem -
Generate the server key
openssl genrsa -out server.key 4096
-
Create a signing request
openssl req -new -key server.key -out server.csr
-
Sign the certificate with the CA
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.crt -days 3650 -sha256
-
Convert to all needed formats
openssl pkcs12 -export -in server.crt -inkey server.key -certfile ca.pem -out server.p12 -name "My EAP Server" openssl pkcs12 -in server.p12 -out server.pem -nodes -
Generate a dhparam file
openssl dhparam -out dh 4096