Skip to content
Snippets Groups Projects
Select Git revision
  • 140a11e8de94f6d1be4efe8d79b616d51ee1b54c
  • master default protected
  • php84
  • detached7
  • detached6
  • detached5
  • detached
  • detached2
  • detached3
  • detached4
  • 4.x
  • origin/1.0.3
  • origin/1.0.2
  • 6.1.0
  • 6.0.6
  • 6.0.5
  • 6.0.4
  • 6.0.3
  • 6.0.2
  • 6.0.1
  • 6.0.0
  • 4.0.3
  • 4.0.2
  • 4.0.1
  • 4.0
  • 3.1.7
  • 3.1.6
  • 3.1.5
  • 3.1.4
  • 3.1.3
  • 3.1.2
  • 3.1.1
  • 3.1.0
33 results

module.sql

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    client.pp 2.79 KiB 
    # Install FreeRADIUS clients (WISMs or testing servers)
define freeradius::client (
  Freeradius::Secret $secret,
  Optional[String] $shortname                        = $title,
  Optional[String] $ip                               = undef,
  Optional[String] $ip6                              = undef,
  Optional[Enum['*', 'udp', 'tcp']] $proto           = '*',
  Freeradius::Boolean $require_message_authenticator = 'no',
  Optional[String] $virtual_server                   = undef,
  Optional[Enum[
    'cisco',
    'computone',
    'livingston',
    'juniper',
    'max40xx',
    'multitech',
    'netserver',
    'pathras',
    'patton',
    'portslave',
    'tc',
    'usrhiper',
    'other',
  ]] $nastype = undef,
  Optional[String] $login                            = undef,
  Optional[Freeradius::Password] $password           = undef,
  Optional[String] $coa_server                       = undef,
  Optional[String] $response_window                  = undef,
  Optional[Integer] $max_connections                 = undef,
  Optional[Integer] $lifetime                        = undef,
  Optional[Integer] $idle_timeout                    = undef,
  Optional[String] $redirect                         = undef,
  Optional[Integer] $port                            = undef,
  Optional[String] $srcip                            = undef,
  Boolean $firewall                                  = false,
  Freeradius::Ensure $ensure                         = present,
  Variant[Array, Hash, String] $attributes           = [],
  Optional[String] $huntgroups                       = undef,
) {
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service
  $fr_basepath = $::freeradius::params::fr_basepath
  $fr_group    = $::freeradius::params::fr_group

  file { "${fr_basepath}/clients.d/${shortname}.conf":
    ensure  => $ensure,
    mode    => '0640',
    owner   => 'root',
    group   => $fr_group,
    content => template('freeradius/client.conf.erb'),
    require => [File["${fr_basepath}/clients.d"], Group[$fr_group]],
    notify  => Service[$fr_service],
  }

  if ($firewall and $ensure == 'present') {
    if $port {
      if $ip {
        firewall { "100 ${shortname} ${port} v4":
          proto  => 'udp',
          dport  => $port,
          action => 'accept',
          source => $ip,
        }
      } elsif $ip6 {
        firewall { "100 ${shortname} ${port} v6":
          proto    => 'udp',
          dport    => $port,
          action   => 'accept',
          provider => 'ip6tables',
          source   => $ip6,
            }
      }
    } else {
      fail('Must specify $port if you specify $firewall')
    }
  }

  if $huntgroups {
    $huntgroups.each |$index, $huntgroup| {
      freeradius::huntgroup { "huntgroup.client.${shortname}.${index}":
        * => $huntgroup
      }
    }
  }
}