Add exhaustive parameter list to freeradius::client

It defines all the parameters included at sample config

Add exhaustive parameter list to freeradius::client
343179c6 · Angel L. Mateo · 35c1e759 · 343179c6 · 343179c6 · 343179c6
Commit 343179c6 authored 8 years ago by Angel L. Mateo
--- a/README.md
+++ b/README.md
@@ -278,6 +278,34 @@ The virtual server that traffic from this client should be sent to. Default: `un
 ##### `nastype`
 The `nastype` attribute is used to tell the `checkrad.pl` script which NAS-specific method it should use when checking simultaneous use. See [`man clients.conf`](http://freeradius.org/radiusd/man/clients.conf.txt) for a list of all options. Default: `undef`.

+##### `proto`
+Transport protocol used by the client. If unspecified, defaults to "udp", which is the traditional RADIUS transport. Valid values are `udp`, `tcp` or `*` for both of them. Default: `undef`.
+
+##### `require_message_authenticator`
+Old-style clients do not send a Message-Authenticator in an Access-Request.  RFC 5080 suggests that all clients SHOULD include it in an Access-Request. Valid values are `yes` and `no`. Default: `no`.
+
+##### `login`
+Login used by checkrad.pl when querying the NAS for simultaneous use. Default: `undef`.
+
+##### `password`
+Password used by checkrad.pl when querying the NAS for simultaneous use. Default: `undef`.
+
+##### `coa_server`
+A pointer to the "home_server_pool" OR a "home_server" section that contains the CoA configuration for this client. Default: `undef`.
+
+##### `response_window`
+Response window for proxied packets. Default: `undef`.
+
+##### `max_connections`
+Limit the number of simultaneous TCP connections from a client. It is ignored for clients sending UDP traffic. Default: `undef`.
+
+##### `lifetime`
+The lifetime, in seconds, of a TCP connection. It is ignored for clients sending UDP traffic. Default: `undef`.
+
+##### `idle_timeout`
+The idle timeout, in seconds, of a TCP connection. It is ignored for clients sending UDP traffic. Default: `undef`.
+
+
 ##### `port`
 The UDP port that this virtual server should listen on. Leave blank if this client is not tied to a virtual server. Currently the port number is only used to create firewall exceptions and you only need to specify it if you set `firewall => true`. Use port range syntax as in [`puppetlabs-firewall`](https://forge.puppetlabs.com/puppetlabs/firewall). Default: `undef`.


--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -4,8 +4,17 @@ define freeradius::client (
  $secret,
  $ip                            = undef,
  $ip6                           = undef,
+  $proto                         = undef,
+  $require_message_authenticator = 'no',
  $virtual_server                = undef,
  $nastype                       = undef,
+  $login                         = undef,
+  $password                      = undef,
+  $coa_server                    = undef,
+  $response_window               = undef,
+  $max_connections               = undef,
+  $lifetime                      = undef,
+  $idle_timeout                  = undef,
  $redirect                      = undef,
  $port                          = undef,
  $srcip                         = undef,
@@ -18,6 +27,23 @@ define freeradius::client (
  $fr_basepath = $::freeradius::params::fr_basepath
  $fr_group    = $::freeradius::params::fr_group

+  if $proto {
+    unless $proto in ['*', 'udp', 'tcp'] {
+      fail('$proto must be one of udp, tcp or *')
+    }
+  }
+
+  unless $require_message_authenticator in ['yes', 'no'] {
+    fail('$require_message_authenticator must be one of yes or no')
+  }
+
+  if $nastype {
+    unless $nastype in ['cisco', 'computone', 'livingston', 'juniper', 'max40xx',
+    'multitech', 'netserver', 'pathras', 'patton', 'portslave', 'tc', 'usrhiper', 'other'] {
+      fail('$nastype must be one of cisco, computone, livingston, juniper, max40xx, multitech, netserver, pathras, patton, portslave, tc, usrhiper, other')
+    }
+  }
+
  file { "${fr_basepath}/clients.d/${shortname}.conf":
    ensure  => $ensure,
    mode    => '0640',

--- a/templates/client.conf.erb
+++ b/templates/client.conf.erb
 client <%= @shortname %> {
 	<% if @ip %>ipaddr = <%= @ip %><% end %>
 	<% if @ip6 %>ipv6addr = <%= @ip6 %><% end %>
+  <% if @proto %>proto = <%= @proto %><% end %>
 	shortname = <%= @shortname %>
 	secret = "<%= @secret %>"
 	<% if @virtual_server %>virtual_server = <%= @virtual_server %><% end %>
 	<% if @nastype %>nas_type = <%= @nastype %><% end %>
-	require_message_authenticator = no
+  require_message_authenticator = <%= @require_message_authenticator %>
+  <% if @login %>login = <%= @login %><% end %>
+  <% if @password %>password = <%= @password %><% end %>
+  <% if @coa_server %>coa_server = <%= @coa_server %><% end %>
+  <% if @response_window %>response_window = <%= @response_window %><% end %>
+  <%- if @lifetime or @idle_timeout or @max_connections -%>
+  limit {
+    <% if @max_connections %>max_connections = <%= @max_connections %><% end %>
+    <% if @lifetime %>lifetime = <%= @lifetime %><% end %>
+    <% if @idle_timeout %>idle_timeout = <%= @idle_timeout %><% end %>
+  }
+  <%- end -%>
  <%- if !@attributes.empty? -%>
    <%- if @attributes.respond_to?('join') -%>
  <%= @attributes.join("\n  ") %>