Hi, we are using Unifi controller since a while with very good success. Thank you!
Today we wanted to test the Radius server. After adding ports 1812 and 1813 to docker-compose the expectation is that Radius clients can connect to the Radius Server. But tcpdump tells something else:
14:33:11.578768 IP ap2.33795 > unifi.radius: RADIUS, Access-Request (1), id: 0x08 length: 189
Is there a known issue with radius? What is wrong?
Hard to say what the issue is with the little info you have supplied.
Please explain in detail how you have set this up.
Thank you for asking! We run linuxserver/unifi-controller on Debian which is a guest at Bhyve/Freebsd. Everything but Radius works fine. 802.1x clients try to connect (see above) but the controller is not responding. Radius is enabled in the GUI:
[2020-04-25T12:21:13,517] <webapi-42> DEBUG api - [sanitize] /set/setting/radius {key=radius, enabled=true, x_secret=SECRET, configure_whole_network=true, auth_port=1812, acct_port=1813, interim_update_interval=3600, tunneled_reply=true}
Inside the container Radius is not running:
root@804160fb66f7:/usr/lib/unifi# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 993 48873 -
tcp 0 0 127.0.0.11:34915 0.0.0.0:* LISTEN 0 47950 -
tcp 0 0 0.0.0.0:6789 0.0.0.0:* LISTEN 993 48865 -
tcp 0 0 0.0.0.0:8843 0.0.0.0:* LISTEN 993 48878 -
tcp 0 0 127.0.0.1:27117 0.0.0.0:* LISTEN 993 49876 -
tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN 993 48805 -
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 993 48803 -
udp 0 0 0.0.0.0:10001 0.0.0.0:* 993 48841 -
udp 0 0 0.0.0.0:1900 0.0.0.0:* 993 48846 -
udp 0 0 127.0.0.11:55206 0.0.0.0:* 0 47949 -
udp 0 0 0.0.0.0:5353 0.0.0.0:* 993 48848 -
udp 0 0 172.18.0.2:49392 0.0.0.0:* 993 48840 -
udp 0 0 0.0.0.0:3478 0.0.0.0:* 993 48864 -
We compared the situation with an Unifi Controller running on a Unify Cloud Key where Radius is successfully working:
root@shift-unikey:~# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
[...]
udp 0 0 127.0.0.1:18120 0.0.0.0:* 106 9255 1050/freeradius
udp 0 0 0.0.0.0:1812 0.0.0.0:* 106 9253 1050/freeradius
udp 0 0 0.0.0.0:1813 0.0.0.0:* 106 9254 1050/freeradius
udp 0 0 0.0.0.0:1814 0.0.0.0:* 106 9256 1050/freeradius
udp 0 0 0.0.0.0:38106 0.0.0.0:* 106 9257 1050/freeradius
[...]
On the Cloud Key:
root@shift-unikey:~# type freeradius
freeradius is /usr/sbin/freeradius
Inside linuxserver/unifi-controller:
root@804160fb66f7:~# type freeradius
bash: type: freeradius: not found
No indication that Freeradius ist installed in the container. It is just not there. Chance or intention?
From what I gathered in my quick Google search, unifi wasn’t the radius server, just a client.
The cloud key have the radius serve installed and that is why it works.
So you need to find a radius server container to connect unifi-controller to.
I think you would be best served asking ubiquiti on their forums. Nothing in their forums aside from poor wording in their app, indicates radius server is built in.
This is what it says on a fresh install of unifi-controller. So it looks like you need a Unifi Security Gateway to use Radius server.
Strange, we have a Cloud Key out of the box and some Unifi AP nothing else. Freeradius is part of the controller, Freeradius was and is part of the System. Anyway, thank you for your thoughts!
But that is a Unifi hardware product with freeradius in their OS.
So it’s not a part of Unifi Controller and is therefore not in our container.
You can install a freeradius container and connect unifi to that.
