Commit 86c30070 authored by Nathan Ward's avatar Nathan Ward
Browse files

Remove FreeRADIUS v3.1.x options

FreeRADIUS v3.1.x branch is experimental and will never be completed now that v4.x is being worked on.
parent d857d620
......@@ -46,7 +46,7 @@
This module installs and configures [FreeRADIUS](http://freeradius.org/) server
on Linux. It supports FreeRADIUS 3.x only. It was designed with CentOS in mind
but should work on other distributions.
but should work on other distributions.
This module requires Puppet 4.0.0 or greater. Puppet 3.x was
[discontinued](https://puppet.com/misc/puppet-enterprise-lifecycle) at
......@@ -444,7 +444,7 @@ be "acct", or they all have to be "auth+acct".
The type of this pool controls how home servers are chosen.
* `fail-over` the request is sent to the first live home server in the list. i.e. If the first home server is marked "dead", the second one is chosen, etc.
* `load-balance` the least busy home server is chosen For non-EAP auth methods, and for acct packets, we recommend using "load-balance". It will ensure the highest availability for your network.
* `load-balance` the least busy home server is chosen For non-EAP auth methods, and for acct packets, we recommend using "load-balance". It will ensure the highest availability for your network.
* `client-balance` the home server is chosen by hashing the source IP address of the packet. This configuration is most useful to do simple load balancing for EAP sessions
* `client-port-balance` the home server is chosen by hashing the source IP address and source port of the packet.
* `keyed-balance` the home server is chosen by hashing (FNV) the contents of the Load-Balance-Key attribute from the control items.
......@@ -632,12 +632,6 @@ With `rebind` control whether the server follows references returned by LDAP dir
##### `rebind`
With `chase_referrals` control whether the server follows references returned by LDAP directory. Mostly used for AD compatibility. Default: `yes`.
##### `use_referral_credentials`
On rebind, use the credentials from the rebind url instead of admin credentials. Default: `no`.
##### `session_tracking`
If `yes`, then include draft-wahl-ldap-session tracking controls. Default: `undef`.
##### `uses`
How many times the connection can be used before being re-established. This is useful for things
like load balancers, which may exhibit sticky behaviour without it. `0` is unlimited. Default: `0`
......@@ -651,9 +645,6 @@ The lifetime (in seconds) of the connection. Default: `0` (forever).
##### `idle_timeout`
Idle timeout (in seconds). A connection which is unused for this length of time will be closed. Default: `60`.
##### `connect_timeout`
Connection timeout (in seconds). The maximum amount of time to wait for a new connection to be established. Default: `3.0`.
##### `idle`
Sets the idle time before keepalive probes are sent. Default `60`
......@@ -1415,7 +1406,7 @@ Default: `radius`. Name of the database. Normally you should leave this alone. I
##### `num_sql_socks`
Default: same as `max_servers`. Number of sql connections to make to the database server.
Default: same as `max_servers`. Number of sql connections to make to the database server.
Setting this to LESS than the number of threads means that some threads may starve, and
you will see errors like "No connections available and at max connection limit". Setting
this to MORE than the number of threads means that there are more connections than necessary.
......@@ -1532,11 +1523,6 @@ Spare connections to be left idle. Default: 1.
Idle timeout (in seconds). A connection which is unused for this length of time will
be closed. Default: 60.
##### `pool_connect_timeout`
Connection timeout (in seconds). The maximum amount of time to wait for a new
connection to be established. Default: '3.0'.
#### `freeradius::statusclient`
Define RADIUS clients, specifically to connect to the status server for monitoring.
......
......@@ -38,8 +38,6 @@ define freeradius::module::ldap (
Optional[Enum['never','searching','finding','always']] $dereference = undef,
Freeradius::Boolean $chase_referrals = 'yes',
Freeradius::Boolean $rebind = 'yes',
Freeradius::Boolean $use_referral_credentials = 'no',
Optional[Freeradius::Boolean] $session_tracking = undef,
Integer $timeout = 10,
Integer $timelimit = 3,
Integer $idle = 60,
......@@ -61,7 +59,6 @@ define freeradius::module::ldap (
Integer $retry_delay = 30,
Integer $lifetime = 0,
Integer $idle_timeout = 60,
Float $connect_timeout = 3.0,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
......@@ -31,7 +31,6 @@ define freeradius::sql (
Optional[Integer] $pool_min = 1,
Optional[Integer] $pool_spare = 1,
Optional[Integer] $pool_idle_timeout = 60,
Optional[Float] $pool_connect_timeout = 3.0,
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
......
......@@ -602,25 +602,6 @@ ldap <%= @name %> {
chase_referrals = <%= @chase_referrals %>
rebind = <%= @rebind %>
#
# On rebind, use the credentials from the rebind url instead
# of admin credentials used during the initial bind.
# Default 'no'
#
use_referral_credentials = <%= @use_referral_credentials %>
<%- if @session_tracking -%>
#
# If 'yes', then include draft-wahl-ldap-session tracking
# controls.
#
# These encode the NAS-IP-Address/NAS-IPv6-Address,
# User-Name, Acct-Session-ID, Acct-Multi-Session-ID
# as session tracking controls, in applicable LDAP operations.
# Default 'no'.
#
session_tracking = <%= @session_tracking %>
<%- end -%>
# SASL Security Properties (see SASL_SECPROPS in ldap.conf man page).
# Note - uncomment when using GSS-API sasl mechanism along with TLS
# encryption against Active-Directory LDAP servers (this disables
......@@ -784,11 +765,6 @@ ldap <%= @name %> {
# idle_timeout = 60
idle_timeout = <%= @idle_timeout %>
# Connection timeout (in seconds). The maximum amount of
# time to wait for a new connection to be established.
# Sets LDAP_OPT_NETWORK_TIMEOUT in libldap.
connect_timeout = <%= @connect_timeout %>
# NOTE: All configuration settings are enforced. If a
# connection is closed because of 'idle_timeout',
# 'uses', or 'lifetime', then the total number of
......
......@@ -334,15 +334,6 @@ sql <%= @name %> {
# idle_timeout = 60
idle_timeout = <%= @pool_idle_timeout %>
# Connection timeout (in seconds). The maximum amount of
# time to wait for a new connection to be established.
# Not supported by:
# rlm_sql_firebird - Likely possible but no documentation.
# rlm_sql_oracle - Not possible.
# rlm_sql_postgresql - Should be set via the radius_db string instead.
#
connect_timeout = <%= @pool_connect_timeout %>
# NOTE: All configuration settings are enforced. If a
# connection is closed because of "idle_timeout",
# "uses", or "lifetime", then the total number of
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment