Skip to content
Snippets Groups Projects
Select Git revision
  • c88a39a92066d88cbe8d014bdb7b95d712ebeecd
  • master default protected
  • main
  • update_github_actions
  • 144_rocky8_support
  • 195-update-pdk-to-300
  • 144-rocky8
  • add_test_github_test_workflow
  • pdk_2.4.0
  • fix_unclosed_let_block_in_defines_client_spec
  • validation_fixes
  • freeradius_3_0_21_config_updates
  • data_types
  • PrepareBuster
  • travis
  • 4.0.1
  • 4.0.0
  • 3.9.2
  • 3.9.1
  • 3.9.0
  • 3.8.2
  • 3.8.1
  • 3.8.0
  • 3.7.0
  • 3.6.0
  • 3.5.0
  • 3.4.3
  • 3.4.2
  • 3.4.1
  • 3.4.0
  • 3.3.0
  • 3.2.0
  • 3.1.0
  • 3.0.0
  • 2.3.1
35 results

client.pp

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    client.pp 2.57 KiB
    # Install FreeRADIUS clients (WISMs or testing servers)
    define freeradius::client (
      $secret,
      $shortname                     = $title,
      $ip                            = undef,
      $ip6                           = undef,
      $proto                         = undef,
      $require_message_authenticator = 'no',
      $virtual_server                = undef,
      $nastype                       = undef,
      $login                         = undef,
      $password                      = undef,
      $coa_server                    = undef,
      $response_window               = undef,
      $max_connections               = undef,
      $lifetime                      = undef,
      $idle_timeout                  = undef,
      $redirect                      = undef,
      $port                          = undef,
      $srcip                         = undef,
      $firewall                      = false,
      $ensure                        = present,
      $attributes                    = [],
    ) {
      $fr_package  = $::freeradius::params::fr_package
      $fr_service  = $::freeradius::params::fr_service
      $fr_basepath = $::freeradius::params::fr_basepath
      $fr_group    = $::freeradius::params::fr_group
    
      if $proto {
        unless $proto in ['*', 'udp', 'tcp'] {
          fail('$proto must be one of udp, tcp or *')
        }
      }
    
      unless $require_message_authenticator in ['yes', 'no'] {
        fail('$require_message_authenticator must be one of yes or no')
      }
    
      if $nastype {
        unless $nastype in ['cisco', 'computone', 'livingston', 'juniper', 'max40xx',
        'multitech', 'netserver', 'pathras', 'patton', 'portslave', 'tc', 'usrhiper', 'other'] {
          fail('$nastype must be one of cisco, computone, livingston, juniper, max40xx, multitech, netserver, pathras, patton, portslave, tc, usrhiper, other')
        }
      }
    
      file { "${fr_basepath}/clients.d/${shortname}.conf":
        ensure  => $ensure,
        mode    => '0640',
        owner   => 'root',
        group   => $fr_group,
        content => template('freeradius/client.conf.erb'),
        require => [File["${fr_basepath}/clients.d"], Group[$fr_group]],
        notify  => Service[$fr_service],
      }
    
      if ($firewall and $ensure == 'present') {
        if $port {
          if $ip {
            firewall { "100-${shortname}-${port}-v4":
              proto  => 'udp',
              dport  => $port,
              action => 'accept',
              source => $ip,
            }
          } elsif $ip6 {
            firewall { "100-${shortname}-${port}-v6":
              proto    => 'udp',
              dport    => $port,
              action   => 'accept',
              provider => 'ip6tables',
              source   => $ip6,
            }
          }
        } else {
          fail('Must specify $port if you specify $firewall')
        }
      }
    }