Deploy the local RADIUS server container using Docker on Linux

In this topic, you will learn how to deploy the Portnox™ Cloud local RADIUS server container using Docker on a local Linux machine (physical or virtual).

Read the following important information before you begin:

  • We assume that the Linux machine is already installed, configured, updated, and connected to the local network. This guide includes only the installation and configuration of Docker and the Portnox Cloud local RADIUS server container.

  • You cannot place NAS devices behind a NAT because the local RADIUS server uses the source IP address of the connection, and with a NAT in place, that address would be the same for several NAS devices.

Note:
This procedure has been tested on Ubuntu 22.04.2 and RHEL 9.3. It applies either unmodified or with little modifications to all other popular Linux distributions.

Install Docker

In this section, you will learn how to install Docker on the Linux machine.

Skip this section if Docker is already installed.

Important:
If you don’t have a physical or virtual machine to install Docker, you can get a third-party Linux image. For example, you can download the latest Ubuntu Server image from the Linux VM Images project and import it into your hypervisor.
  1. Open the Terminal window.
  2. Install Docker using your distribution’s package management framework.

    Ubuntu:

    sudo apt-get install docker.io -y
    Important:
    While the Ubuntu apt repository includes Docker, for production machines Docker recommends using its own apt repository instead. This gives you access to newer versions and additional packages. You can find the relevant instructions in the official Docker documentation.

    RedHat:

    sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
sudo yum install docker-ce
sudo systemctl start docker
  3. Test Docker using the Hello World test container. 
    sudo docker run hello-world

    Result: Hello from Docker! This message shows that your installation appears to be working correctly.

Run the Portnox Cloud local RADIUS container

In this section, you will learn how to deploy the local RADIUS server Docker container locally to the Linux machine.

  1. Copy and paste the values of the three environment variables that you saved earlier (or copy them directly from Portnox Cloud) into three export commands. 
    export RADIUS_GATEWAY_ORG_ID=copied_RADIUS_GATEWAY_ORG_ID
export RADIUS_GATEWAY_PROFILE=copied_RADIUS_GATEWAY_PROFILE
export RADIUS_GATEWAY_TOKEN=copied_RADIUS_GATEWAY_TOKEN
  2. Run the portnox/portnox-radius Docker container. 
    sudo docker run -d -p 1812:1812/udp -p 1813:1813/udp \
  --name portnox-radius --restart=always \
  -v portnox-radius-data:/data \
  -e RADIUS_GATEWAY_PROFILE=$RADIUS_GATEWAY_PROFILE \
  -e RADIUS_GATEWAY_ORG_ID=$RADIUS_GATEWAY_ORG_ID \
  -e RADIUS_GATEWAY_TOKEN=$RADIUS_GATEWAY_TOKEN \
  portnox/portnox-radius:latest
    Note:
    The -v option creates and mounts a Docker volume that preserves the local RADIUS server data in case the container stops running, for example, if the machine is restarted or crashes. Without this option, local RADIUS cached data would be lost if the container stops running. To learn more about Docker volumes and an alternative, bind mounts, see Docker documentation.
  3. Optional: View the logs for the portnox/portnox-radius Docker container. 
    sudo docker logs portnox-radius -f
  4. Optional: Check if your NAS is configured correctly and if the RADIUS packets are reaching your Docker container. 
    sudo docker exec -it portnox-radius sh
/ #apk add tcpdump
/ #tcpdump -i eth0 -v port 1812

Result: Your local RADIUS server is active.

You can check its status in Portnox Cloud, in the Settings > Services > LOCAL RADIUS SERVICE > Local RADIUS instance section.

Ubuntu:

RedHat:

Automatically update an existing local server container

In this section, you will learn how to automatically update your Docker container to the latest version by deploying another Docker container: portnox-autoupdate.

Important:
You cannot manually update a running Docker container. To update it, you must remove the existing container, pull the latest version of the container image, and then deploy a new container from that image. The portnox-autoupdate Docker container automates this complex process. It automatically updates all other Portnox Docker containers to their latest versions as soon as they are available. If you already deployed the portnox-autoupdate Docker container to automatically update another Portnox Docker container, you do not need to deploy it again.
  1. Find the organization ID:
    1. In Portnox Cloud, go to Settings > Services > General Settings > Self Onboarding.
    2. In the Self Onboarding section, see the URL that is displayed.
      Note:
      If self-onboarding is not activated, click on the Edit link and temporarily turn it on to see the URL.

      The organization ID is the last part of the URL, after the last / symbol.

      For example, if the URL is https://user-registration.portnox.com/b2973887-1274-45c4-91d0-4a342a861c76, then the organization ID is b2973887-1274-45c4-91d0-4a342a861c76.

  2. Get an API token from Portnox Cloud:
    1. In Portnox Cloud, go to Settings > Profile Settings > Cloud API tokens
    2. Click on the Generate token link.
    3. In the GENERATE A NEW TOKEN window, enter the name for the token that describes its purpose and click on the Generate token button.
    4. Click on the  ⧉  button to copy the code and store it in a safe place.

      Important:
      You will not be able to access this code again after closing this window.
  3. Deploy the portnox-autoupdate Docker container: 
    sudo docker run --restart=always -d --name portnox-autoupdate \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v portnox-autoupdate-logs:/app/logs \
  -e AUTO_UPDATE_ORG_ID=your_organization_ID \
  -e AUTO_UPDATE_PORTNOX_API_TOKEN=your_API_access_token \
  portnox/portnox-autoupdate:latest

    For example:

    sudo docker run --restart=always -d --name portnox-autoupdate \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v portnox-autoupdate-logs:/app/logs \
  -e AUTO_UPDATE_ORG_ID=b2973887-1274-45c4-91d0-4a342a861c76 \
  -e AUTO_UPDATE_PORTNOX_API_TOKEN=zZD0XR18UmNc8gG1TRt9ZyMhHnl \
  portnox/portnox-autoupdate:latest

Remove an existing local RADIUS container

In this section, you will learn how to manually remove an existing local RADIUS container.

Important:
If you do not want to run the portnox-autoupdate container to automatically update all other Portnox Docker containers, you have to manually remove the existing local RADIUS container as described here, and then deploy it from scratch, as described above.
  1. Get the container ID. You will need this ID to delete the container. 
    sudo docker ps | grep radius

    Result: The first hexadecimal characters will represent the container ID, which you will need for next steps.

    For example:

    445f02908491   portnox/portnox-radius:1.1.211   (...)
  2. Stop the running container. 
    sudo docker stop container_id

    For example:

    sudo docker stop 445f02908491
  3. Delete the container. 
    sudo docker rm container_id

    For example:

    sudo docker rm 445f02908491
  4. Get the image ID. You will need this ID to delete the old image. 
    sudo docker images | grep radius

    Result: The hexadecimal characters in the third column represent the image ID, which you will need for next steps.

    For example:

    portnox/portnox-radius    1.1.211    cf8ade0f37e5   (...)
  5. Delete the image. 
    sudo docker rmi image_id

    For example:

    sudo docker rmi cf8ade0f37e5