認証情報はWindows Serverの資格情報を用いて行います
まずはfreeradiusのdockerイメージを調整します
mkdir privacyidea
cd privacyidea
mkdir -p data log freeradius-pi-module data/raddb
cd freeradius-pi-module
vi Dockerfile
FROM khalibre/freeradius-pi-module:latest
RUN sed -i -e 's@URL = https://localhost/validate/check@URL = http://privacyidea/validate/check@' /etc/freeradius/rlm-perl.ini
docker build . -t freeradius-pi-module:v1.0
cd ..
vi data/raddb/client.conf
client localhost {
ipaddr = 127.0.0.1
proto = *
secret = password
require_message_authenticator = no
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
client localhost_ipv6 {
ipv6addr = ::1
secret = password
}
client host.example.com {
ipaddr = 192.168.0.0/24
secret = password
shortname = test-uag
}
vi docker-compose.yaml
services:
postgresql:
image: 'docker.io/bitnami/postgresql:14'
ports:
- '25432:5432'
environment:
- POSTGRESQL_DATABASE=privacyidea
- POSTGRESQL_USERNAME=privacyidea
- POSTGRESQL_PASSWORD=privacyidea
volumes:
- privacyidea-db:/var/lib/postgresql/data
privacyidea:
image: 'docker.io/khalibre/privacyidea:v3.9-patch1'
ports:
- '21080:80'
environment:
- DB_VENDOR=postgresql
- DB_NAME=privacyidea
- DB_HOST=postgresql
- DB_USER=privacyidea
- DB_PASSWORD=privacyidea
- SECRET_KEY=suppersecretkey
- PI_PEPPER=secretworduseforadminencrypt
- PI_PAGE_TITLE=pivacyIDEA
depends_on:
- postgresql
freeradius:
image: 'freeradius-pi-module:v1.0'
ports:
- "1812-1813:1812-1813/udp"
volumes:
- '/root/uag-twofactor/privacyidea/log:/var/log/freeradius:rw'
- '/root/uag-twofactor/privacyidea/data/raddb:/data/raddb:rw'
volumes:
privacyidea-db:
docker compose up -d
access http://[ip]:21080
username: admin password: privacyidea