Unifi container and radius

Hi, we are using Unifi controller since a while with very good success. Thank you!

Today we wanted to test the Radius server. After adding ports 1812 and 1813 to docker-compose the expectation is that Radius clients can connect to the Radius Server. But tcpdump tells something else:

14:33:11.578768 IP ap2.33795 > unifi.radius: RADIUS, Access-Request (1), id: 0x08 length: 189

Is there a known issue with radius? What is wrong?

Hard to say what the issue is with the little info you have supplied.
Please explain in detail how you have set this up.

Thank you for asking! We run linuxserver/unifi-controller on Debian which is a guest at Bhyve/Freebsd. Everything but Radius works fine. 802.1x clients try to connect (see above) but the controller is not responding. Radius is enabled in the GUI:

[2020-04-25T12:21:13,517] <webapi-42> DEBUG api - [sanitize] /set/setting/radius {key=radius, enabled=true, x_secret=SECRET, configure_whole_network=true, auth_port=1812, acct_port=1813, interim_update_interval=3600, tunneled_reply=true}

Inside the container Radius is not running:

root@804160fb66f7:/usr/lib/unifi# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0  *               LISTEN      993        48873       -
tcp        0      0*               LISTEN      0          47950       -
tcp        0      0  *               LISTEN      993        48865       -
tcp        0      0  *               LISTEN      993        48878       -
tcp        0      0*               LISTEN      993        49876       -
tcp        0      0  *               LISTEN      993        48805       -
tcp        0      0  *               LISTEN      993        48803       -
udp        0      0 *                           993        48841       -
udp        0      0  *                           993        48846       -
udp        0      0*                           0          47949       -
udp        0      0  *                           993        48848       -
udp        0      0*                           993        48840       -
udp        0      0  *                           993        48864       -

We compared the situation with an Unifi Controller running on a Unify Cloud Key where Radius is successfully working:

root@shift-unikey:~# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
udp        0      0*                           106        9255        1050/freeradius
udp        0      0  *                           106        9253        1050/freeradius
udp        0      0  *                           106        9254        1050/freeradius
udp        0      0  *                           106        9256        1050/freeradius
udp        0      0 *                           106        9257        1050/freeradius

On the Cloud Key:

root@shift-unikey:~# type freeradius
freeradius is /usr/sbin/freeradius

Inside linuxserver/unifi-controller:

root@804160fb66f7:~# type freeradius
bash: type: freeradius: not found

No indication that Freeradius ist installed in the container. It is just not there. Chance or intention?

From what I gathered in my quick Google search, unifi wasn’t the radius server, just a client.
The cloud key have the radius serve installed and that is why it works.
So you need to find a radius server container to connect unifi-controller to.

But the Unifiy Controller is ment to provide an included Radius Server:

I think you would be best served asking ubiquiti on their forums. Nothing in their forums aside from poor wording in their app, indicates radius server is built in.

This is what it says on a fresh install of unifi-controller. So it looks like you need a Unifi Security Gateway to use Radius server.

Strange, we have a Cloud Key out of the box and some Unifi AP nothing else. Freeradius is part of the controller, Freeradius was and is part of the System. Anyway, thank you for your thoughts!

But that is a Unifi hardware product with freeradius in their OS.
So it’s not a part of Unifi Controller and is therefore not in our container.

You can install a freeradius container and connect unifi to that.

1 Like