Skip to content
Snippets Groups Projects
Select Git revision
  • cef641cf99655c3fd84311f30329c81f3871b15d
  • master default protected
  • cleanup_fixtures
  • add-openvox
  • freebsd-14
  • remove-legacy-top-scope-syntax
  • rel430
  • tests
  • revert-363-augeas-module-cleanup
  • release-4.1.0
  • puppet8
  • relax-dependencies
  • rel400
  • mode
  • puppet7
  • release-3.1.0
  • freebsd13
  • freebsd11
  • stdlib
  • centos
  • fedora
  • v5.1.0
  • v5.0.0
  • v4.5.0
  • v4.4.0
  • v4.3.0
  • v4.2.1
  • v4.2.0
  • v4.1.0
  • v4.0.0
  • v3.1.0
  • v3.0.0
  • v2.0.0
  • 1.12.0
  • 1.11.0
  • 1.10.0
  • 1.9.0
  • 1.8.0
  • 1.7.0
  • 1.6.0
  • 1.5.0
41 results

main.cf

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    client.pp 2.57 KiB
    # Install FreeRADIUS clients (WISMs or testing servers)
    define freeradius::client (
      $secret,
      $shortname                     = $title,
      $ip                            = undef,
      $ip6                           = undef,
      $proto                         = undef,
      $require_message_authenticator = 'no',
      $virtual_server                = undef,
      $nastype                       = undef,
      $login                         = undef,
      $password                      = undef,
      $coa_server                    = undef,
      $response_window               = undef,
      $max_connections               = undef,
      $lifetime                      = undef,
      $idle_timeout                  = undef,
      $redirect                      = undef,
      $port                          = undef,
      $srcip                         = undef,
      $firewall                      = false,
      $ensure                        = present,
      $attributes                    = [],
    ) {
      $fr_package  = $::freeradius::params::fr_package
      $fr_service  = $::freeradius::params::fr_service
      $fr_basepath = $::freeradius::params::fr_basepath
      $fr_group    = $::freeradius::params::fr_group
    
      if $proto {
        unless $proto in ['*', 'udp', 'tcp'] {
          fail('$proto must be one of udp, tcp or *')
        }
      }
    
      unless $require_message_authenticator in ['yes', 'no'] {
        fail('$require_message_authenticator must be one of yes or no')
      }
    
      if $nastype {
        unless $nastype in ['cisco', 'computone', 'livingston', 'juniper', 'max40xx',
        'multitech', 'netserver', 'pathras', 'patton', 'portslave', 'tc', 'usrhiper', 'other'] {
          fail('$nastype must be one of cisco, computone, livingston, juniper, max40xx, multitech, netserver, pathras, patton, portslave, tc, usrhiper, other')
        }
      }
    
      file { "${fr_basepath}/clients.d/${shortname}.conf":
        ensure  => $ensure,
        mode    => '0640',
        owner   => 'root',
        group   => $fr_group,
        content => template('freeradius/client.conf.erb'),
        require => [File["${fr_basepath}/clients.d"], Group[$fr_group]],
        notify  => Service[$fr_service],
      }
    
      if ($firewall and $ensure == 'present') {
        if $port {
          if $ip {
            firewall { "100-${shortname}-${port}-v4":
              proto  => 'udp',
              dport  => $port,
              action => 'accept',
              source => $ip,
            }
          } elsif $ip6 {
            firewall { "100-${shortname}-${port}-v6":
              proto    => 'udp',
              dport    => $port,
              action   => 'accept',
              provider => 'ip6tables',
              source   => $ip6,
            }
          }
        } else {
          fail('Must specify $port if you specify $firewall')
        }
      }
    }