tests: updated radius tests for Debian

tests/docker-ocserv/Dockerfile-debian-radius

@@ -16,13 +16,14 @@ RUN echo 'admin:admin' |chpasswd
 RUN mkdir /etc/ocserv
 
 
+ADD ca.pem /etc/ocserv/
 ADD key.pem /etc/ocserv/
 ADD cert.pem /etc/ocserv/
 ADD cert.pem /etc/ocserv/
 ADD ocserv-radius.conf /etc/ocserv/ocserv.conf
-ADD radiusclient.conf /etc/radiusclient/
+ADD radiusclient-debian.conf /etc/radiusclient/radiusclient.conf
 ADD radius-clients.conf /etc/freeradius/clients.conf
-ADD radiusclient-servers /etc/freeradius/servers
+ADD radiusclient-servers /etc/radiusclient/servers
 ADD ocserv /usr/sbin/
 ADD ocpasswd /usr/bin/
 ADD occtl /usr/bin/

tests/docker-ocserv/Dockerfile-debian-radius-config

@@ -1,6 +1,6 @@
 FROM debian:testing
 
-RUN apt-get update
+RUN apt-get update -y
 RUN apt-get install -y libgnutls-deb0-28 liboath0 libprotobuf-c1 libev4
 RUN apt-get install -y libwrap0 libpam0g libseccomp2 libdbus-1-3 libreadline5 libnl-route-3-200
 RUN apt-get install -y libhttp-parser2.1 libpcl1 libopts25
@@ -16,13 +16,14 @@ RUN echo 'admin:admin' |chpasswd
 RUN mkdir /etc/ocserv
 
 
+ADD ca.pem /etc/ocserv/
 ADD key.pem /etc/ocserv/
 ADD cert.pem /etc/ocserv/
 ADD cert.pem /etc/ocserv/
 ADD ocserv-radius-config.conf /etc/ocserv/ocserv.conf
-ADD radiusclient.conf /etc/radiusclient/
+ADD radiusclient-debian.conf /etc/radiusclient/radiusclient.conf
 ADD radius-clients.conf /etc/freeradius/clients.conf
-ADD radiusclient-servers /etc/freeradius/servers
+ADD radiusclient-servers /etc/radiusclient/servers
 ADD ocserv /usr/sbin/
 ADD ocpasswd /usr/bin/
 ADD occtl /usr/bin/

tests/docker-ocserv/Makefile.am

@@ -8,7 +8,7 @@ EXTRA_DIST = passwd ocserv.conf Dockerfile-debian-tcp dev-tun.tgz myscript key.p
 	haproxy-proxyproto-unix.cfg Dockerfile-fedora-proxyproto-unix ocserv-proxyproto-unix.conf \
 	proxy-connectscript ocserv-pam-noauth.conf Dockerfile-fedora-pam-noauth \
 	pam-acct-ocserv Dockerfile-fedora-otp ocserv-otp.conf users2.oath Dockerfile-fedora-reload \
-	ocserv-reload.conf Dockerfile-fedora-fw-neg ocserv-fw-neg.conf
+	ocserv-reload.conf Dockerfile-fedora-fw-neg ocserv-fw-neg.conf radiusclient-debian.conf
 
 TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
 	top_builddir="$(top_builddir)"

tests/docker-ocserv/radiusclient-debian.conf

@@ -0,0 +1,92 @@
+# General settings
+
+# specify which authentication comes first respectively which
+# authentication is used. possible values are: "radius" and "local".
+# if you specify "radius,local" then the RADIUS server is asked
+# first then the local one. if only one keyword is specified only
+# this server is asked.
+auth_order	radius,local
+
+# maximum login tries a user has
+login_tries	4
+
+# timeout for all login tries
+# if this time is exceeded the user is kicked out
+login_timeout	60
+
+# name of the nologin file which when it exists disables logins.
+# it may be extended by the ttyname which will result in
+# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
+# logins on /dev/ttyS2)
+nologin /etc/nologin
+
+# name of the issue file. it's only display when no username is passed
+# on the radlogin command line
+issue	/etc/radiusclient/issue
+
+# RADIUS settings
+
+# RADIUS server to use for authentication requests. this config
+# item can appear more then one time. if multiple servers are
+# defined they are tried in a round robin fashion if one
+# server is not answering.
+# optionally you can specify a the port number on which is remote
+# RADIUS listens separated by a colon from the hostname. if
+# no port is specified /etc/services is consulted of the radius
+# service. if this fails also a compiled in default is used.
+authserver 	localhost
+
+# RADIUS server to use for accouting requests. All that I
+# said for authserver applies, too. 
+#
+acctserver 	localhost
+
+# file holding shared secrets used for the communication
+# between the RADIUS client and server
+servers		/etc/radiusclient/servers
+
+# dictionary of allowed attributes and values
+# just like in the normal RADIUS distributions
+dictionary 	/usr/share/radcli/dictionary
+
+# program to call for a RADIUS authenticated login
+login_radius	/usr/sbin/login.radius
+
+# file which holds sequence number for communication with the
+# RADIUS server
+seqfile		/var/run/radius.seq
+
+# file which specifies mapping between ttyname and NAS-Port attribute
+mapfile		/etc/radiusclient/port-id-map
+
+# default authentication realm to append to all usernames if no
+# realm was explicitly specified by the user
+# the radiusd directly form Livingston doesnt use any realms, so leave
+# it blank then
+default_realm
+
+# time to wait for a reply from the RADIUS server
+radius_timeout	10
+
+# resend request this many times before trying the next server
+radius_retries	3
+
+# The length of time in seconds that we skip a nonresponsive RADIUS
+# server for transaction requests.  Server(s) being in the "dead" state
+# are tried only after all other non-dead servers have been tried and
+# failed or timeouted.  The deadtime interval starts when the server
+# does not respond to an authentication/accounting request transmissions. 
+# When the interval expires, the "dead" server would be re-tried again,
+# and if it's still down then it will be considered "dead" for another
+# such interval and so on. This option is no-op if there is only one
+# server in the list. Set to 0 in order to disable the feature.
+radius_deadtime	0
+
+# local address from which radius packets have to be sent
+bindaddr *
+
+# LOCAL settings
+
+# program to execute for local login
+# it must support the -f flag for preauthenticated login
+login_local	/bin/login