proffalken/clients.conf Secret

## clients.conf
client test {
  ipaddr = 10.x.x.5
  proto = *
  secret = testing123
  require_message_authenticator = no
  nas_type = other
}

## docker-compose.yml
version: "3"

volumes:
  lldap_data:
    driver: local

services:
  lldap:
    image: nitnelave/lldap:stable
    ports:
      # For LDAP
      - "389:3890"
      # For the web front-end
      - "17170:17170"
    volumes:
      - "lldap_data:/data"
    environment:
      - TZ=Europe/London
      - LLDAP_JWT_SECRET=3f9919484392d3f7b5129999997aacaa47218268d15c95ed25e3c0b8ab49dc8b749a
      - LLDAP_LDAP_USER_PASS=a12345678910
      - LLDAP_LDAP_BASE_DN=dc=auth,dc=mydomain,dc=co,dc=uk
  freeradius:
    image: freeradius/freeradius-server:latest-3.2-alpine
    volumes:
      - "${PWD}/raddb/mods-enabled/ldap:/etc/raddb/mods-enabled/ldap:ro"
      - "${PWD}/raddb/clients.conf:/etc/raddb/clients.conf:ro"
      - "${PWD}/raddb/users:/etc/raddb/mods-config/files/authorize:ro"
      - "${PWD}/logs/:/opt/var/log/radius/radacct/:rw"
    ports:
      - "1812-1813:1812-1813/udp"
    command: ["radiusd", "-X", "-t"] # Debug mode with colour

## ldap
ldap {
	server = 'lldap:3890'
	identity = 'uid=admin,ou=people,dc=auth,dc=mydomain,dc=co,dc=uk'
	password = a12345678910
	base_dn = 'ou=people,dc=auth,dc=mydomain,dc=co,dc=uk'
	sasl {
	}
	global {
	}
	update {
		&control:Password-With-Header	+= 'userPassword'
		&control:			+= 'radiusControlAttribute'
		&request:			+= 'radiusRequestAttribute'
		&reply:				+= 'radiusReplyAttribute'
	}
	user {
		base_dn = "${..base_dn}"
		filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
		sasl {
		}
	}
	group {
		base_dn = "${..base_dn}"
		filter = '(objectClass=posixGroup)'
		membership_attribute = 'memberOf'
		group_attribute = "${.:instance}-Group"
	}
	profile {
	}
	accounting {
		reference = "%{tolower:type.%{Acct-Status-Type}}"
		type {
			start {
				update {
					description := "Online at %S"
				}
			}
			interim-update {
				update {
					description := "Last seen at %S"
				}
			}
			stop {
				update {
					description := "Offline at %S"
				}
			}
		}
	}
	post-auth {
		update {
			description := "Authenticated at %S"
		}
	}
	options {
		chase_referrals = yes
		rebind = yes
		use_referral_credentials = no
		res_timeout = 10
		srv_timelimit = 3
		idle = 60
		probes = 3
		interval = 3
		ldap_debug = 0x0000
	}
	tls {
	}
	pool {
		start = 1
		min = 1
		max = 5
		spare = 1
		uses = 0
		retry_delay = 30
		lifetime = 0
		idle_timeout = 60
		connect_timeout = 3.0
	}
}

## users
bob    Cleartext-Password := "hello"
       Reply-Message := "Hello, %{User-Name}"
	client test {
	ipaddr = 10.x.x.5
	proto = *
	secret = testing123
	require_message_authenticator = no
	nas_type = other
	}
	version: "3"

	volumes:
	lldap_data:
	driver: local

	services:
	lldap:
	image: nitnelave/lldap:stable
	ports:
	# For LDAP
	- "389:3890"
	# For the web front-end
	- "17170:17170"
	volumes:
	- "lldap_data:/data"
	environment:
	- TZ=Europe/London
	- LLDAP_JWT_SECRET=3f9919484392d3f7b5129999997aacaa47218268d15c95ed25e3c0b8ab49dc8b749a
	- LLDAP_LDAP_USER_PASS=a12345678910
	- LLDAP_LDAP_BASE_DN=dc=auth,dc=mydomain,dc=co,dc=uk
	freeradius:
	image: freeradius/freeradius-server:latest-3.2-alpine
	volumes:
	- "${PWD}/raddb/mods-enabled/ldap:/etc/raddb/mods-enabled/ldap:ro"
	- "${PWD}/raddb/clients.conf:/etc/raddb/clients.conf:ro"
	- "${PWD}/raddb/users:/etc/raddb/mods-config/files/authorize:ro"
	- "${PWD}/logs/:/opt/var/log/radius/radacct/:rw"
	ports:
	- "1812-1813:1812-1813/udp"
	command: ["radiusd", "-X", "-t"] # Debug mode with colour
	ldap {
	server = 'lldap:3890'
	identity = 'uid=admin,ou=people,dc=auth,dc=mydomain,dc=co,dc=uk'
	password = a12345678910
	base_dn = 'ou=people,dc=auth,dc=mydomain,dc=co,dc=uk'
	sasl {
	}
	global {
	}
	update {
	&control:Password-With-Header += 'userPassword'
	&control: += 'radiusControlAttribute'
	&request: += 'radiusRequestAttribute'
	&reply: += 'radiusReplyAttribute'
	}
	user {
	base_dn = "${..base_dn}"
	filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
	sasl {
	}
	}
	group {
	base_dn = "${..base_dn}"
	filter = '(objectClass=posixGroup)'
	membership_attribute = 'memberOf'
	group_attribute = "${.:instance}-Group"
	}
	profile {
	}
	accounting {
	reference = "%{tolower:type.%{Acct-Status-Type}}"
	type {
	start {
	update {
	description := "Online at %S"
	}
	}
	interim-update {
	update {
	description := "Last seen at %S"
	}
	}
	stop {
	update {
	description := "Offline at %S"
	}
	}
	}
	}
	post-auth {
	update {
	description := "Authenticated at %S"
	}
	}
	options {
	chase_referrals = yes
	rebind = yes
	use_referral_credentials = no
	res_timeout = 10
	srv_timelimit = 3
	idle = 60
	probes = 3
	interval = 3
	ldap_debug = 0x0000
	}
	tls {
	}
	pool {
	start = 1
	min = 1
	max = 5
	spare = 1
	uses = 0
	retry_delay = 30
	lifetime = 0
	idle_timeout = 60
	connect_timeout = 3.0
	}
	}
	bob Cleartext-Password := "hello"
	Reply-Message := "Hello, %{User-Name}"