Commit 6d78b1e3 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Install default attribute filtesr

parent 97c33b88
......@@ -33,5 +33,6 @@ define freeradius::attr (
concat::fragment { "attr-${name}":
target => "${fr_modulepath}/attr_filter",
content => template("freeradius/attr.fr${::freeradius_maj_version}.erb"),
order => 20,
}
}
......@@ -108,6 +108,12 @@ class freeradius (
notify => Service[$freeradius::fr_service],
}
# Install default attribute filters
concat::fragment { "attr-default":
target => "${fr_modulepath}/attr_filter",
content => template("freeradius/attr_default.fr${::freeradius_maj_version}.erb"),
order => 10,
}
# Install a slightly tweaked stock dictionary that includes
# our custom dictionaries
......
# -*- text -*-
#
# $Id$
#
# This file defines a number of instances of the "attr_filter" module.
#
# attr_filter - filters the attributes received in replies from
# proxied servers, to make sure we send back to our RADIUS client
# only allowed attributes.
attr_filter attr_filter.post-proxy {
attrsfile = ${confdir}/attrs
}
# attr_filter - filters the attributes in the packets we send to
# the RADIUS home servers.
attr_filter attr_filter.pre-proxy {
attrsfile = ${confdir}/attrs.pre-proxy
}
# Enforce RFC requirements on the contents of Access-Reject
# packets. See the comments at the top of the file for
# more details.
#
attr_filter attr_filter.access_reject {
key = %{User-Name}
attrsfile = ${confdir}/attrs.access_reject
}
# Enforce RFC requirements on the contents of Access-Reject
# packets. See the comments at the top of the file for
# more details.
#
attr_filter attr_filter.access_challenge {
key = %{User-Name}
attrsfile = ${confdir}/attrs.access_challenge
}
# Enforce RFC requirements on the contents of the
# Accounting-Response packets. See the comments at the
# top of the file for more details.
#
attr_filter attr_filter.accounting_response {
key = %{User-Name}
attrsfile = ${confdir}/attrs.accounting_response
}
# -*- text -*-
#
# $Id$
#
# This file defines a number of instances of the "attr_filter" module.
#
# attr_filter - filters the attributes received in replies from
# proxied servers, to make sure we send back to our RADIUS client
# only allowed attributes.
attr_filter attr_filter.post-proxy {
key = "%{Realm}"
filename = ${modconfdir}/${.:name}/post-proxy
}
# attr_filter - filters the attributes in the packets we send to
# the RADIUS home servers.
attr_filter attr_filter.pre-proxy {
key = "%{Realm}"
filename = ${modconfdir}/${.:name}/pre-proxy
}
# Enforce RFC requirements on the contents of Access-Reject
# packets. See the comments at the top of the file for
# more details.
#
attr_filter attr_filter.access_reject {
key = "%{User-Name}"
filename = ${modconfdir}/${.:name}/access_reject
}
# Enforce RFC requirements on the contents of Access-Challenge
# packets. See the comments at the top of the file for
# more details.
#
attr_filter attr_filter.access_challenge {
key = "%{User-Name}"
filename = ${modconfdir}/${.:name}/access_challenge
}
# Enforce RFC requirements on the contents of the
# Accounting-Response packets. See the comments at the
# top of the file for more details.
#
attr_filter attr_filter.accounting_response {
key = "%{User-Name}"
filename = ${modconfdir}/${.:name}/accounting_response
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment