Commit 343179c6 authored by Angel L. Mateo's avatar Angel L. Mateo
Browse files

Add exhaustive parameter list to freeradius::client

It defines all the parameters included at sample config
parent 35c1e759
......@@ -278,6 +278,34 @@ The virtual server that traffic from this client should be sent to. Default: `un
##### `nastype`
The `nastype` attribute is used to tell the `checkrad.pl` script which NAS-specific method it should use when checking simultaneous use. See [`man clients.conf`](http://freeradius.org/radiusd/man/clients.conf.txt) for a list of all options. Default: `undef`.
##### `proto`
Transport protocol used by the client. If unspecified, defaults to "udp", which is the traditional RADIUS transport. Valid values are `udp`, `tcp` or `*` for both of them. Default: `undef`.
##### `require_message_authenticator`
Old-style clients do not send a Message-Authenticator in an Access-Request. RFC 5080 suggests that all clients SHOULD include it in an Access-Request. Valid values are `yes` and `no`. Default: `no`.
##### `login`
Login used by checkrad.pl when querying the NAS for simultaneous use. Default: `undef`.
##### `password`
Password used by checkrad.pl when querying the NAS for simultaneous use. Default: `undef`.
##### `coa_server`
A pointer to the "home_server_pool" OR a "home_server" section that contains the CoA configuration for this client. Default: `undef`.
##### `response_window`
Response window for proxied packets. Default: `undef`.
##### `max_connections`
Limit the number of simultaneous TCP connections from a client. It is ignored for clients sending UDP traffic. Default: `undef`.
##### `lifetime`
The lifetime, in seconds, of a TCP connection. It is ignored for clients sending UDP traffic. Default: `undef`.
##### `idle_timeout`
The idle timeout, in seconds, of a TCP connection. It is ignored for clients sending UDP traffic. Default: `undef`.
##### `port`
The UDP port that this virtual server should listen on. Leave blank if this client is not tied to a virtual server. Currently the port number is only used to create firewall exceptions and you only need to specify it if you set `firewall => true`. Use port range syntax as in [`puppetlabs-firewall`](https://forge.puppetlabs.com/puppetlabs/firewall). Default: `undef`.
......
......@@ -2,22 +2,48 @@
define freeradius::client (
$shortname,
$secret,
$ip = undef,
$ip6 = undef,
$virtual_server = undef,
$nastype = undef,
$redirect = undef,
$port = undef,
$srcip = undef,
$firewall = false,
$ensure = present,
$attributes = [],
$ip = undef,
$ip6 = undef,
$proto = undef,
$require_message_authenticator = 'no',
$virtual_server = undef,
$nastype = undef,
$login = undef,
$password = undef,
$coa_server = undef,
$response_window = undef,
$max_connections = undef,
$lifetime = undef,
$idle_timeout = undef,
$redirect = undef,
$port = undef,
$srcip = undef,
$firewall = false,
$ensure = present,
$attributes = [],
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
if $proto {
unless $proto in ['*', 'udp', 'tcp'] {
fail('$proto must be one of udp, tcp or *')
}
}
unless $require_message_authenticator in ['yes', 'no'] {
fail('$require_message_authenticator must be one of yes or no')
}
if $nastype {
unless $nastype in ['cisco', 'computone', 'livingston', 'juniper', 'max40xx',
'multitech', 'netserver', 'pathras', 'patton', 'portslave', 'tc', 'usrhiper', 'other'] {
fail('$nastype must be one of cisco, computone, livingston, juniper, max40xx, multitech, netserver, pathras, patton, portslave, tc, usrhiper, other')
}
}
file { "${fr_basepath}/clients.d/${shortname}.conf":
ensure => $ensure,
mode => '0640',
......
client <%= @shortname %> {
<% if @ip %>ipaddr = <%= @ip %><% end %>
<% if @ip6 %>ipv6addr = <%= @ip6 %><% end %>
<% if @proto %>proto = <%= @proto %><% end %>
shortname = <%= @shortname %>
secret = "<%= @secret %>"
<% if @virtual_server %>virtual_server = <%= @virtual_server %><% end %>
<% if @nastype %>nas_type = <%= @nastype %><% end %>
require_message_authenticator = no
require_message_authenticator = <%= @require_message_authenticator %>
<% if @login %>login = <%= @login %><% end %>
<% if @password %>password = <%= @password %><% end %>
<% if @coa_server %>coa_server = <%= @coa_server %><% end %>
<% if @response_window %>response_window = <%= @response_window %><% end %>
<%- if @lifetime or @idle_timeout or @max_connections -%>
limit {
<% if @max_connections %>max_connections = <%= @max_connections %><% end %>
<% if @lifetime %>lifetime = <%= @lifetime %><% end %>
<% if @idle_timeout %>idle_timeout = <%= @idle_timeout %><% end %>
}
<%- end -%>
<%- if !@attributes.empty? -%>
<%- if @attributes.respond_to?('join') -%>
<%= @attributes.join("\n ") %>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment