Expected Access-Accept got Access-Reject in FreeRadius tutorial

docker freeradius
Alejandro Almira picture Alejandro Almira · Jun 21, 2018 · Viewed 7.2k times · Source

I want to mount a FreeRADIUS server for create an Enterprise WiFi and I have problems with the official tutorial. I tried WPA 2 Enterprise from scratch using a Raspberry Pi and FreeRadius Server installation and configuration on Linux system without success. I have trouble when I try to perform the test radtest -x testing password localhost 0 testing123. The server response is:

Sent Access-Request Id 86 from 0.0.0.0:35959 to 127.0.0.1:1812 length 77
    User-Name = "testing"
    User-Password = "password"
    NAS-IP-Address = 172.18.0.2
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "password"
Received Access-Reject Id 86 from 127.0.0.1:1812 to 127.0.0.1:35959 length 20
(0) -: Expected Access-Accept got Access-Reject

I'm mounting the server inside a Docker Container, which Dockerfile is:

FROM base/archlinux

RUN pacman -Syyu; pacman -S freeradius make inetutils --noconfirm

EXPOSE 1812
EXPOSE 1813

# Archlinux is not installig freeradius on /etc/raddb but when I launch
# the server, the main proccess looks at that directorie
RUN cp -r /etc/raddb.default /etc/raddb

RUN sed -i '1 i\testing Cleartext-Password := password' /etc/raddb/users

ENTRYPOINT [ "radiusd", "-X" ]

To run the docker container:

docker build -t freeradius .

docker run freeradius

And launch the test:

docker exec container_id radtest -x testing password localhost 0 testing123

Could anyone help me please? Regards

Answer

Alejandro Almira picture Alejandro Almira · Jul 5, 2018

Finally, I achive that using a freeradius docker image based on Ubuntu (https://github.com/tpdock/freeradius) instead of ArchLinux. And using MySQL for user authentification instead of users file (/etc/raddb/users)

There's the docker-compose file:

version: '3'

services:
  db:
    restart: always
    image: mysql:5.7 
    volumes:
      - ./db/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
      - ./db/volume:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_USER: freeradius
      MYSQL_PASSWORD: freeradius
      MYSQL_DATABASE: freeradius
    ports:
      - "3306:3306"
  freeradius-server-docker:
    restart: always
    image: tpdock/freeradius
    ports:
      - 1812:1812/udp
      - 1813:1813/udp
    environment:
      RADIUS_LISTEN_IP: '*'
      RADIUS_CLIENTS: [email protected]
      RADIUS_SQL: 'true'
      RADIUS_DB_HOST: db
      RADIUS_DB_NAME: freeradius
      RADIUS_DB_USERNAME: freeradius
      RADIUS_DB_PASSWORD: freeradius
    links:
      - db

And the MySQL script on ./db/docker-entrypoint-initdb.d/script.sql to insert an user:

insert into radcheck (username, attribute, op, value) values ('test', 'Cleartext-Password', ':=', 'test');

I also had to insert the schema in ./db/docker-entrypoint-initdb.d/schema.sql

Schema getted from: schema.sql

Related questions

How to get a Docker container's IP address from the host

Is there a command I can run to get the container's IP address right from the host after a new container is created? Basically, once Docker creates the container, I want to roll my own code deployment and container configuration …

Read More
How to copy files from host to Docker container?

I am trying to build a backup and restore solution for the Docker containers that we work with. I have Docker base image that I have created, ubuntu:base, and do not want have to rebuild it each time with …

Read More
How do I get into a Docker container's shell?

I'm getting started working with Docker. I'm using the WordPress base image and docker-compose. I'm trying to ssh into one of the containers to inspect the files/directories that were created during the initial build. I tried to run docker-compose …

Read More