-
Jonathan Gazeley authoredJonathan Gazeley authored
freeradius
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
-
Usage - Configuration options and additional functionality
- Classes
-
Resources
freeradius::attr
freeradius::blank
freeradius::cert
freeradius::client
freeradius::config
freeradius::dictionary
freeradius::home_server
freeradius::home_server_pool
freeradius::instantiate
freeradius::ldap
freeradius::module
freeradius::policy
freeradius::realm
freeradius::site
freeradius::sql
freeradius::statusclient
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- Release Notes
Overview
This module installs and configures FreeRADIUS server on Linux. It supports FreeRADIUS 2.x and 3.x. It was designed with CentOS in mind but should work on other distributions.
Module Description
This module installs FreeRADIUS from a distro-provided package and installs a
number of customised config files to enable flexibility. It then provides some
helpers to allow you to easily configure virtual servers (sites), modules, clients
and other config items. Most of these items accept a flat config file which you
supply either as a static file or a template - similar to the source
and content
parameters in Puppet's file
resource.
This module is designed to make it more straightforward for RADIUS administrators to deploy RADIUS servers using Puppet. This module does not serve as a wizard and does not avoid having to have an understanding of FreeRADIUS.
Usage
This module provides several classes and defined types which take parameters.
Classes
freeradius
The freeradius
class installs the base server. In the early releases, this class does not
have many parameters as most values are hard-coded. I am working on parameterising more
of the global settings to increase flexibility. Patches are welcome.
control_socket
Use of the control_socket parameter in the freeradius class is deprecated. Use the freeradius::control_socket
class instead.
max_requests
The maximum number of requests which the server keeps track of. This should be 256 multiplied by the number of clients. Default: 4096
max_servers
Limit on the total number of servers running. Default: 4096
mysql_support
Install support for MySQL. Note this only installs the package. Use freeradius::sql
to configure SQL support. Default: false
perl_support
Install support for Perl. Default: false
utils_support
Install FreeRADIUS utils. Default: false
ldap_support
Install support for LDAP. Default: false
wpa_supplicant
Install wpa_supplicant utility. Default: false
winbind_support
Add the radius user to the winbind privileged group. You must install winbind separately. Default: false
.
syslog
Add a syslog rule (using the saz/rsyslog
module). Default: false
.
class { 'freeradius':
max_requests => 4096,
max_servers => 4096,
mysql_support => true,
perl_support => true,
utils_support => true,
wpa_supplicant => true,
winbind_support => true,
syslog => true,
}
freeradius::status_server
The freeradius::status_server
class enabled the status server.
To remove the status server, do not include this class and the server will be removed.
secret
The shared secret for the status server. Required.
port
The port to listen for status requests on. Default: 18121
listen
The address to listen on. Defaults to listen on all addresses but you could set this to $::ipaddress
or 127.0.0.1
. Default: *
# Enable status server
class { 'freeradius::status_server':
port => '18120',
secret => 't0pSecret!',
}
freeradius::control_socket
The freeradius::control_socket
class enables the control socket which can be used with RADMIN.
To remove the control socket, do not include this class and the socket will be removed.
mode
Whether the control socket should be read-only or read-write. Choose from ro
, rw
. Default: ro
.
# Enable control socket
class { 'freeradius::control_socket':
mode => 'ro',
}
Resources
freeradius::attr
Install arbitrary attribute filters from a flat file. These are installed in an appropriate module config directory.
The contents of the attr_filter
module are automatically updated to reference the filters.
key
Specify a RADIUS attribute to be the key for this attribute filter. Enter only the string part of the name.
prefix
Specify the prefix for the attribute filter name before the dot, e.g. filter.post_proxy
. This is usually set
to filter
on FR2 and attr_filter
on FR3. Default: filter
.
freeradius::attr { 'eduroamlocal':
key => 'User-Name',
prefix => 'attr_filter',
source => 'puppet:///modules/site_freeradius/eduroamlocal',
}
freeradius::blank
Selectively blank certain stock config files that aren't required. This is preferable to deleting them because the package manager will replace certain files next time the package is upgraded, potentially causing unexpected behaviour.
The resource title should be the relative path from the FreeRADIUS config directory to the file(s) you want to blank. You can pass multiple files in an array.
freeradius::blank { 'sites-enabled/default': }
freeradius::blank { [
'sites-enabled/default',
'eap.conf',
]: }