Commit 10722d20 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Re-jig client IP address handling for FR3

parent 0816047b
...@@ -224,20 +224,7 @@ freeradius::client { "wlan-controller01": ...@@ -224,20 +224,7 @@ freeradius::client { "wlan-controller01":
``` ```
```puppet ```puppet
# Range example on FreeRADIUS 2 # Range example
freeradius::client { "wlan-controllers":
ip => '192.168.0.0',
netmask => '24',
secret => 'testing123',
shortname => 'wlc01',
nastype => 'other',
port => '1645-1646',
firewall => true,
}
```
```puppet
# Range example in FreeRADIUS 3
freeradius::client { "wlan-controllers": freeradius::client { "wlan-controllers":
ip => '192.168.0.0/24', ip => '192.168.0.0/24',
secret => 'testing123', secret => 'testing123',
...@@ -249,14 +236,11 @@ freeradius::client { "wlan-controllers": ...@@ -249,14 +236,11 @@ freeradius::client { "wlan-controllers":
``` ```
##### `ip` ##### `ip`
The IP address of the client or range. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied. The IP address of the client or range in CIDR format. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied.
On FreeRADIUS 2, specify the netmask separately. On FreeRADIUS 3, set `ip` in CIDR format. Default: `undef`. On FreeRADIUS 2, specify the netmask separately. Default: `undef`.
##### `ip6` ##### `ip6`
The IPv6 address of the client or range in CIDR notation. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`. The IPv6 address of the client or range in CIDR format. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`.
##### `netmask`
The netmask of the client, specified as an integer, e.g. `24`. Only to be set on FreeRADIUS 2. Default: `undef`.
##### `shortname` ##### `shortname`
A short alias that is used in place of the IP address or fully qualified hostname provided in the first line of the section. Required. A short alias that is used in place of the IP address or fully qualified hostname provided in the first line of the section. Required.
...@@ -704,10 +688,10 @@ Define RADIUS clients, specifically to connect to the status server for monitori ...@@ -704,10 +688,10 @@ Define RADIUS clients, specifically to connect to the status server for monitori
Very similar usage to `freeradius::client` but with fewer options. Very similar usage to `freeradius::client` but with fewer options.
##### `ip` ##### `ip`
Default: `undef`. The IP address of the client. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`. The IP address of the client in CIDR format. For IPv6, use `ipv6addr`. `ip` and `ip6` are mutually exclusive but one must be supplied.
##### `ip6` ##### `ip6`
Default: `undef`. The IPv6 address of the client. `ip` and `ip6` are mutually exclusive but one must be supplied. Default: `undef`. The IPv6 address of the client in CIDR format. `ip` and `ip6` are mutually exclusive but one must be supplied.
##### `secret` ##### `secret`
required. The RADIUS shared secret used for communication between the client/NAS and the RADIUS server. required. The RADIUS shared secret used for communication between the client/NAS and the RADIUS server.
......
...@@ -6,7 +6,6 @@ define freeradius::client ( ...@@ -6,7 +6,6 @@ define freeradius::client (
$ip6 = undef, $ip6 = undef,
$virtual_server = undef, $virtual_server = undef,
$nastype = undef, $nastype = undef,
$netmask = undef,
$redirect = undef, $redirect = undef,
$port = undef, $port = undef,
$srcip = undef, $srcip = undef,
...@@ -18,21 +17,6 @@ define freeradius::client ( ...@@ -18,21 +17,6 @@ define freeradius::client (
$fr_basepath = $::freeradius::params::fr_basepath $fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group $fr_group = $::freeradius::params::fr_group
# Calculate CIDR format IP now that FreeRADIUS has obsoleted use of separate netmask.
# This workaround means no syntax change is necessary, although we print a warning.
$cidr = $netmask ? {
undef => $ip,
default => "${ip}/${netmask}",
}
$cidr6 = $netmask ? {
undef => $ip6,
default => "${ip6}/${netmask}",
}
if ($netmask) {
warning("netmask field found in client ${shortname} is deprecated, use CIDR notation instead. Please fix your configuration.")
}
file { "${fr_basepath}/clients.d/${shortname}.conf": file { "${fr_basepath}/clients.d/${shortname}.conf":
ensure => $ensure, ensure => $ensure,
mode => '0640', mode => '0640',
...@@ -50,7 +34,7 @@ define freeradius::client ( ...@@ -50,7 +34,7 @@ define freeradius::client (
proto => 'udp', proto => 'udp',
dport => $port, dport => $port,
action => 'accept', action => 'accept',
source => $cidr, source => $ip,
} }
} elsif $ip6 { } elsif $ip6 {
firewall { "100-${shortname}-${port}-v6": firewall { "100-${shortname}-${port}-v6":
...@@ -58,7 +42,7 @@ define freeradius::client ( ...@@ -58,7 +42,7 @@ define freeradius::client (
dport => $port, dport => $port,
action => 'accept', action => 'accept',
provider => 'ip6tables', provider => 'ip6tables',
source => $cidr6, source => $ip6,
} }
} }
} else { } else {
......
...@@ -5,7 +5,6 @@ define freeradius::statusclient ( ...@@ -5,7 +5,6 @@ define freeradius::statusclient (
$ip6 = undef, $ip6 = undef,
$port = undef, $port = undef,
$shortname = $name, $shortname = $name,
$netmask = undef,
$ensure = present, $ensure = present,
) { ) {
$fr_package = $::freeradius::params::fr_package $fr_package = $::freeradius::params::fr_package
...@@ -13,19 +12,6 @@ define freeradius::statusclient ( ...@@ -13,19 +12,6 @@ define freeradius::statusclient (
$fr_basepath = $::freeradius::params::fr_basepath $fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group $fr_group = $::freeradius::params::fr_group
$cidr = $netmask ? {
undef => $ip,
default => "${ip}/${netmask}",
}
$cidr6 = $netmask ? {
undef => $ip6,
default => "${ip6}/${netmask}",
}
if ($netmask) {
warning("netmask field found in client ${shortname} is deprecated, use CIDR notation instead. Please fix your configuration.")
}
file { "${fr_basepath}/statusclients.d/${name}.conf": file { "${fr_basepath}/statusclients.d/${name}.conf":
ensure => $ensure, ensure => $ensure,
mode => '0640', mode => '0640',
......
client <%= @shortname %> { client <%= @shortname %> {
<% if @ip %>ipaddr = <%= @cidr %><% end %> <% if @ip %>ipaddr = <%= @ip %><% end %>
<% if @ip6 %>ipv6addr = <%= @cidr6 %><% end %> <% if @ip6 %>ipv6addr = <%= @ip6 %><% end %>
shortname = <%= @shortname %> shortname = <%= @shortname %>
secret = "<%= @secret %>" secret = "<%= @secret %>"
<% if @virtual_server %>virtual_server = <%= @virtual_server %><% end %> <% if @virtual_server %>virtual_server = <%= @virtual_server %><% end %>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment