Commit 10722d20 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Re-jig client IP address handling for FR3

parent 0816047b
......@@ -224,20 +224,7 @@ freeradius::client { "wlan-controller01":
```
```puppet
# Range example on FreeRADIUS 2
freeradius::client { "wlan-controllers":
ip => '192.168.0.0',
netmask => '24',
secret => 'testing123',
shortname => 'wlc01',
nastype => 'other',
port => '1645-1646',
firewall => true,
}
```
```puppet
# Range example in FreeRADIUS 3
# Range example
freeradius::client { "wlan-controllers":
ip => '192.168.0.0/24',
secret => 'testing123',
......@@ -249,14 +236,11 @@ freeradius::client { "wlan-controllers":
```
##### `ip`
The IP address of the client or range. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied.
On FreeRADIUS 2, specify the netmask separately. On FreeRADIUS 3, set `ip` in CIDR format. Default: `undef`.
The IP address of the client or range in CIDR format. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied.
On FreeRADIUS 2, specify the netmask separately. Default: `undef`.
##### `ip6`
The IPv6 address of the client or range in CIDR notation. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.
##### `netmask`
The netmask of the client, specified as an integer, e.g. `24`. Only to be set on FreeRADIUS 2. Default: `undef`.
The IPv6 address of the client or range in CIDR format. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.
##### `shortname`
A short alias that is used in place of the IP address or fully qualified hostname provided in the first line of the section. Required.
......@@ -704,10 +688,10 @@ Define RADIUS clients, specifically to connect to the status server for monitori
Very similar usage to `freeradius::client` but with fewer options.
##### `ip`
Default: `undef`. The IP address of the client. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied.
Default: `undef`. The IP address of the client in CIDR format. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied.
##### `ip6`
Default: `undef`. The IPv6 address of the client. `ip` and `ip6` are mutually exclusive but one must be supplied.
Default: `undef`. The IPv6 address of the client in CIDR format. `ip` and `ip6` are mutually exclusive but one must be supplied.
##### `secret`
required. The RADIUS shared secret used for communication between the client/NAS and the RADIUS server.
......
......@@ -6,7 +6,6 @@ define freeradius::client (
$ip6 = undef,
$virtual_server = undef,
$nastype = undef,
$netmask = undef,
$redirect = undef,
$port = undef,
$srcip = undef,
......@@ -18,21 +17,6 @@ define freeradius::client (
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
# Calculate CIDR format IP now that FreeRADIUS has obsoleted use of separate netmask.
# This workaround means no syntax change is necessary, although we print a warning.
$cidr = $netmask ? {
undef => $ip,
default => "${ip}/${netmask}",
}
$cidr6 = $netmask ? {
undef => $ip6,
default => "${ip6}/${netmask}",
}
if ($netmask) {
warning("netmask field found in client ${shortname} is deprecated, use CIDR notation instead. Please fix your configuration.")
}
file { "${fr_basepath}/clients.d/${shortname}.conf":
ensure => $ensure,
mode => '0640',
......@@ -50,7 +34,7 @@ define freeradius::client (
proto => 'udp',
dport => $port,
action => 'accept',
source => $cidr,
source => $ip,
}
} elsif $ip6 {
firewall { "100-${shortname}-${port}-v6":
......@@ -58,7 +42,7 @@ define freeradius::client (
dport => $port,
action => 'accept',
provider => 'ip6tables',
source => $cidr6,
source => $ip6,
}
}
} else {
......
......@@ -5,7 +5,6 @@ define freeradius::statusclient (
$ip6 = undef,
$port = undef,
$shortname = $name,
$netmask = undef,
$ensure = present,
) {
$fr_package = $::freeradius::params::fr_package
......@@ -13,19 +12,6 @@ define freeradius::statusclient (
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
$cidr = $netmask ? {
undef => $ip,
default => "${ip}/${netmask}",
}
$cidr6 = $netmask ? {
undef => $ip6,
default => "${ip6}/${netmask}",
}
if ($netmask) {
warning("netmask field found in client ${shortname} is deprecated, use CIDR notation instead. Please fix your configuration.")
}
file { "${fr_basepath}/statusclients.d/${name}.conf":
ensure => $ensure,
mode => '0640',
......
client <%= @shortname %> {
<% if @ip %>ipaddr = <%= @cidr %><% end %>
<% if @ip6 %>ipv6addr = <%= @cidr6 %><% end %>
<% if @ip %>ipaddr = <%= @ip %><% end %>
<% if @ip6 %>ipv6addr = <%= @ip6 %><% end %>
shortname = <%= @shortname %>
secret = "<%= @secret %>"
<% if @virtual_server %>virtual_server = <%= @virtual_server %><% end %>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment