Commit 33d8503d authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Provide facility to enable/disable EAP types

parent 8b97e7cb
Loading
Loading
Loading
Loading
+4 −0
Original line number Diff line number Diff line
@@ -67,6 +67,10 @@ define freeradius::module::eap (
  Optional[Freeradius::Boolean] $peap_require_client_cert           = undef,
  Optional[Freeradius::Boolean] $mschapv2_send_error                = undef,
  Optional[String] $mschapv2_identity                               = undef,
  Boolean $eap_md5                                                  = true,
  Boolean $eap_leap                                                 = true,
  Boolean $eap_gtc                                                  = true,
  Boolean $eap_peap                                                 = true,
) {

  freeradius::module{$name:
+9 −2
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ eap {

  # Supported EAP-types

<%- if @eap_md5 -%>
  #
  #  We do NOT recommend using EAP-MD5 authentication
  #  for wireless connections.  It is insecure, and does
@@ -72,6 +73,7 @@ eap {
  #
  md5 {
  }
<%- end -%>

  #
  # EAP-pwd -- secure password-based authentication
@@ -108,6 +110,7 @@ eap {
   }
<%- end -%>

<%- if @eap_leap -%>
  # Cisco LEAP
  #
  #  We do not recommend using LEAP in new deployments.  See:
@@ -122,7 +125,9 @@ eap {
  #
  leap {
  }
<%- end -%>

<%- if @eap_gtc -%>
  #  Generic Token Card.
  #
  #  Currently, this is only permitted inside of EAP-TTLS,
@@ -156,6 +161,7 @@ eap {
    #
    auth_type = <%= @gtc_auth_type %>
  }
<%- end -%>

  ## Common TLS configuration for TLS-based EAP types
  #
@@ -755,7 +761,7 @@ eap {
<%- end -%>
  }


<%- if @eap_peap -%>
  ## EAP-PEAP
  #

@@ -892,6 +898,7 @@ eap {
    require_client_cert = <%= @peap_require_client_cert %>
<%- end -%>
}
<%- end -%>

  #
  #  This takes no configuration.