client.pp 2.57 KB
Newer Older
1
2
# Install FreeRADIUS clients (WISMs or testing servers)
define freeradius::client (
3
  $secret,
4
  $shortname                     = $title,
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
  $ip                            = undef,
  $ip6                           = undef,
  $proto                         = undef,
  $require_message_authenticator = 'no',
  $virtual_server                = undef,
  $nastype                       = undef,
  $login                         = undef,
  $password                      = undef,
  $coa_server                    = undef,
  $response_window               = undef,
  $max_connections               = undef,
  $lifetime                      = undef,
  $idle_timeout                  = undef,
  $redirect                      = undef,
  $port                          = undef,
  $srcip                         = undef,
  $firewall                      = false,
  $ensure                        = present,
  $attributes                    = [],
24
) {
25
26
  $fr_package  = $::freeradius::params::fr_package
  $fr_service  = $::freeradius::params::fr_service
27
  $fr_basepath = $::freeradius::params::fr_basepath
28
  $fr_group    = $::freeradius::params::fr_group
29

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
  if $proto {
    unless $proto in ['*', 'udp', 'tcp'] {
      fail('$proto must be one of udp, tcp or *')
    }
  }

  unless $require_message_authenticator in ['yes', 'no'] {
    fail('$require_message_authenticator must be one of yes or no')
  }

  if $nastype {
    unless $nastype in ['cisco', 'computone', 'livingston', 'juniper', 'max40xx',
    'multitech', 'netserver', 'pathras', 'patton', 'portslave', 'tc', 'usrhiper', 'other'] {
      fail('$nastype must be one of cisco, computone, livingston, juniper, max40xx, multitech, netserver, pathras, patton, portslave, tc, usrhiper, other')
    }
  }

47
  file { "${fr_basepath}/clients.d/${shortname}.conf":
48
    ensure  => $ensure,
49
50
    mode    => '0640',
    owner   => 'root',
51
    group   => $fr_group,
52
    content => template('freeradius/client.conf.erb'),
53
    require => [File["${fr_basepath}/clients.d"], Group[$fr_group]],
54
    notify  => Service[$fr_service],
55
  }
56

57
  if ($firewall and $ensure == 'present') {
58
59
60
61
62
63
    if $port {
      if $ip {
        firewall { "100-${shortname}-${port}-v4":
          proto  => 'udp',
          dport  => $port,
          action => 'accept',
64
          source => $ip,
65
66
67
68
69
70
71
        }
      } elsif $ip6 {
        firewall { "100-${shortname}-${port}-v6":
          proto    => 'udp',
          dport    => $port,
          action   => 'accept',
          provider => 'ip6tables',
72
          source   => $ip6,
73
74
75
76
77
78
        }
      }
    } else {
      fail('Must specify $port if you specify $firewall')
    }
  }
79
}