diff --git a/README.md b/README.md
index aa0c9992e377012415be10a5993cec66b09036d7..1af4aa08c90339e8282f14137546ef632412d84f 100644
--- a/README.md
+++ b/README.md
@@ -467,15 +467,24 @@ Default: `allow`
 
 #### `freeradius::module`
 
-Install a module from a flat file.
+Install a module from a flat file, or enable a stock module that came with your distribution of FreeRADIUS.
 
 ```puppet
+# Enable a stock module
+freeradius::module { 'pap':
+  preserve => true,
+}
+```
+
+```puppet
+# Install a custom module from a flat file
 freeradius::module { 'buffered-sql':
   source => 'puppet:///modules/site_freeradius/buffered-sql',
 }
 ```
 
 ```puppet
+# Install a custom module from a template
 freeradius::module { 'buffered-sql':
   content => template('some_template.erb)',
 }
diff --git a/manifests/init.pp b/manifests/init.pp
index 831d998b6e5220a913e3d6a7175f6b600a5cfe85..9a1ff116003e3c35efdd1c5293e26155039ac4cd 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -55,6 +55,7 @@ class freeradius (
     "${freeradius::fr_basepath}/certs",
     "${freeradius::fr_basepath}/clients.d",
     "${freeradius::fr_basepath}/sites-enabled",
+    "${freeradius::fr_basepath}/mods-enabled",
     "${freeradius::fr_basepath}/instantiate",
   ]:
     ensure  => directory,
@@ -73,6 +74,41 @@ class freeradius (
     ensure => absent,
   }
 
+  # Preserve some stock modules
+  freeradius::module { [
+    'always',
+    'cache_eap',
+    'chap',
+    'detail',
+    'detail.log',
+    'dhcp',
+    'digest',
+    'dynamic_clients',
+    'echo',
+    'exec',
+    'expiration',
+    'expr',
+    'files',
+    'linelog',
+    'logintime',
+    'mschap',
+    'ntlm_auth',
+    'pap',
+    'passwd',
+    'preprocess',
+    'radutmp',
+    'realm',
+    'replicate',
+    'soh',
+    'sradutmp',
+    'unix',
+    'unpack',
+    'utf8',
+  ]:
+    preserve => true,
+  }
+
+
   # Set up concat policy file, as there is only one global policy
   # We also add standard header and footer
   concat { "${freeradius::fr_basepath}/policy.conf":
diff --git a/manifests/module.pp b/manifests/module.pp
index 821a70d5d4016062f6a8542107b760a2749bdb26..a0df2128ad57db2f6c789a868ed2a33bd2ec7836 100644
--- a/manifests/module.pp
+++ b/manifests/module.pp
@@ -3,20 +3,31 @@ define freeradius::module (
   $source = undef,
   $content = undef,
   $ensure = present,
+  $preserve = false,
 ) {
   $fr_package  = $::freeradius::params::fr_package
   $fr_service  = $::freeradius::params::fr_service
   $fr_modulepath = $::freeradius::params::fr_modulepath
+  $fr_basepath = $::freeradius::params::fr_basepath
   $fr_group    = $::freeradius::params::fr_group
 
-  file { "${fr_modulepath}/${name}":
-    ensure  => $ensure,
-    mode    => '0640',
-    owner   => 'root',
-    group   => $fr_group,
-    source  => $source,
-    content => $content,
-    require => [Package[$fr_package], Group[$fr_group]],
-    notify  => Service[$fr_service],
+  if ($preserve) {
+    # Symlink to mods-available for stock modules
+    file { "${fr_modulepath}/${name}":
+      ensure => link,
+      target => "${fr_basepath}/mods-available/${name}",
+    }
+  } else {
+    # Deploy actual module to sites-enabled
+    file { "${fr_modulepath}/${name}":
+      ensure  => $ensure,
+      mode    => '0640',
+      owner   => 'root',
+      group   => $fr_group,
+      source  => $source,
+      content => $content,
+      require => [Package[$fr_package], Group[$fr_group]],
+      notify  => Service[$fr_service],
+    }
   }
 }