Skip to content
Snippets Groups Projects
Select Git revision
  • main
  • update_github_actions
  • 144_rocky8_support
  • 195-update-pdk-to-300
  • 144-rocky8
  • add_test_github_test_workflow
  • pdk_2.4.0
  • fix_unclosed_let_block_in_defines_client_spec
  • master default protected
  • validation_fixes
  • freeradius_3_0_21_config_updates
  • data_types
  • PrepareBuster
  • travis
  • 4.0.1
  • 4.0.0
  • 3.9.2
  • 3.9.1
  • 3.9.0
  • 3.8.2
  • 3.8.1
  • 3.8.0
  • 3.7.0
  • 3.6.0
  • 3.5.0
  • 3.4.3
  • 3.4.2
  • 3.4.1
  • 3.4.0
  • 3.3.0
  • 3.2.0
  • 3.1.0
  • 3.0.0
  • 2.3.1
34 results

README.md

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    README.md 29.15 KiB

    freeradius

    Table of Contents

    1. Overview
    2. Module Description - What the module does and why it is useful
    3. Usage - Configuration options and additional functionality
    4. Limitations - OS compatibility, etc.
    5. Development - Guide for contributing to the module
    6. Release Notes

    Overview

    This module installs and configures FreeRADIUS server on Linux. It supports FreeRADIUS 2.x and 3.x. It was designed with CentOS in mind but should work on other distributions.

    Module Description

    This module installs FreeRADIUS from a distro-provided package and installs a number of customised config files to enable flexibility. It then provides some helpers to allow you to easily configure virtual servers (sites), modules, clients and other config items. Most of these items accept a flat config file which you supply either as a static file or a template - similar to the source and content parameters in Puppet's file resource.

    This module is designed to make it more straightforward for RADIUS administrators to deploy RADIUS servers using Puppet. This module does not serve as a wizard and does not avoid having to have an understanding of FreeRADIUS.

    Usage

    This module provides several classes and defined types which take parameters.

    Classes

    freeradius

    The freeradius class installs the base server. In the early releases, this class does not have many parameters as most values are hard-coded. I am working on parameterising more of the global settings to increase flexibility. Patches are welcome.

    control_socket

    Use of the control_socket parameter in the freeradius class is deprecated. Use the freeradius::control_socket class instead.

    max_requests

    The maximum number of requests which the server keeps track of. This should be 256 multiplied by the number of clients. Default: 4096

    max_servers

    Limit on the total number of servers running. Default: 4096

    mysql_support

    Install support for MySQL. Note this only installs the package. Use freeradius::sql to configure SQL support. Default: false

    perl_support

    Install support for Perl. Default: false

    utils_support

    Install FreeRADIUS utils. Default: false

    ldap_support

    Install support for LDAP. Default: false

    wpa_supplicant

    Install wpa_supplicant utility. Default: false

    winbind_support

    Add the radius user to the winbind privileged group. You must install winbind separately. Default: false.

    syslog

    Add a syslog rule (using the saz/rsyslog module). Default: false.

    class { 'freeradius':
      max_requests    => 4096,
      max_servers     => 4096,
      mysql_support   => true,
      perl_support    => true,
      utils_support   => true,
      wpa_supplicant  => true,
      winbind_support => true,
      syslog          => true,
    }

    freeradius::status_server

    The freeradius::status_server class enabled the status server. To remove the status server, do not include this class and the server will be removed.

    secret

    The shared secret for the status server. Required.

    port

    The port to listen for status requests on. Default: 18121

    listen

    The address to listen on. Defaults to listen on all addresses but you could set this to $::ipaddress or 127.0.0.1. Default: *

      # Enable status server
      class { 'freeradius::status_server':
        port   => '18120',
        secret => 't0pSecret!',
      }

    freeradius::control_socket

    The freeradius::control_socket class enables the control socket which can be used with RADMIN. To remove the control socket, do not include this class and the socket will be removed.

    mode

    Whether the control socket should be read-only or read-write. Choose from ro, rw. Default: ro.

      # Enable control socket
      class { 'freeradius::control_socket':
        mode => 'ro',
      }

    Resources

    freeradius::attr

    Install arbitrary attribute filters from a flat file. These are installed in an appropriate module config directory. The contents of the attr_filter module are automatically updated to reference the filters.

    key

    Specify a RADIUS attribute to be the key for this attribute filter. Enter only the string part of the name.

    prefix

    Specify the prefix for the attribute filter name before the dot, e.g. filter.post_proxy. This is usually set to filter on FR2 and attr_filter on FR3. Default: filter.

    freeradius::attr { 'eduroamlocal':
      key    => 'User-Name',
      prefix => 'attr_filter',
      source => 'puppet:///modules/site_freeradius/eduroamlocal',
    }

    freeradius::blank

    Selectively blank certain stock config files that aren't required. This is preferable to deleting them because the package manager will replace certain files next time the package is upgraded, potentially causing unexpected behaviour.

    The resource title should be the relative path from the FreeRADIUS config directory to the file(s) you want to blank. You can pass multiple files in an array.

    freeradius::blank { 'sites-enabled/default': }
    
    freeradius::blank { [
      'sites-enabled/default',
      'eap.conf',
    ]: }