Prerequisites

• VM/ physical machine with Linux and Docker.
• Network access to the NAS(es).
• Git repositories for configuration files etc.

Git repositories and settings

To store settings and configuration we need one Git repository. The repository used for etc-files in CNaaS can be used, or a completely new one. In the lab installation of CNaaS NAC, we have the following files stored:

• clients.conf - FreeRADIUS client configuration.
• krb5.conf - Kerberos configuration for AD integration.
• proxy.conf - Proxy configuration, tells FreeRADIUS which packets to pass on to Eduroam etc.
• radiusd.conf - FreeRADIUS server configuration.
• site-default - FreeRADIUS default logic.
• smb.conf - Samba configuration for AD integration.

We must also store settings in Hiera, preferably as encrypted data using EYAML. The following data must be available:

• RADIUS_SERVER_SECRET - The secret to used when communicating with FreeRADIUS.
• GITREPO_ETC - The Git repository for settings, mentioned above.
• EDUROAM_R1_SECRET - Secret for primary Eduroam server (optional).
• EDUROAM_R2_SECRET - Secret for secondary Eduroam server (optional).
• AD_DOMAIN - Active Directory domain name (ad-lab.local for example) (optional).
• AD_USERNAME - Active Directory username (optional).
• AD_PASSWORD - Active Directory password (optional).
• AD_BASE_DN - Active Directory base DN (optional).
• AD_DNS_PRIMARY - Active Directory primary DNS server (optional).
• AD_DNS_SECONDARY - Active Directory secondary DNS server (optional).
• NTLM_DOMAIN - NTLM domain to use for authorisation (optional).