Commit deb2fe6c authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Winbind support is now an optional component that can be enabled

parent a2bbfb76
...@@ -50,16 +50,18 @@ of the global settings to increase flexibility. Patches are welcome. ...@@ -50,16 +50,18 @@ of the global settings to increase flexibility. Patches are welcome.
* `utils_support` Install FreeRADIUS utils. Default: `false` * `utils_support` Install FreeRADIUS utils. Default: `false`
* `ldap_support` Install support for LDAP. Default: `false` * `ldap_support` Install support for LDAP. Default: `false`
* `wpa_supplicant`. Install wpa_supplicant utility. Default: `false` * `wpa_supplicant`. Install wpa_supplicant utility. Default: `false`
* `winbind_support`. Add the radius user to the winbind privileged group. You must install winbind separately. Default: `false`.
```puppet ```puppet
class { 'freeradius': class { 'freeradius':
control_socket => true, control_socket => true,
max_requests => 4096, max_requests => 4096,
max_servers => 4096, max_servers => 4096,
mysql_support => true, mysql_support => true,
perl_support => true, perl_support => true,
utils_support => true, utils_support => true,
wpa_supplicant => true, wpa_supplicant => true,
winbind_support => true,
} }
``` ```
......
# Base class to install FreeRADIUS # Base class to install FreeRADIUS
class freeradius ( class freeradius (
$control_socket = false, $control_socket = false,
$max_servers = '4096', $max_servers = '4096',
$max_requests = '4096', $max_requests = '4096',
$mysql_support = false, $mysql_support = false,
$perl_support = false, $perl_support = false,
$utils_support = false, $utils_support = false,
$ldap_support = false, $ldap_support = false,
$wpa_supplicant = false, $wpa_supplicant = false,
$winbind_support = false,
) inherits freeradius::params { ) inherits freeradius::params {
include samba
file { 'radiusd.conf': file { 'radiusd.conf':
name => "${fr_basepath}/radiusd.conf", name => "${fr_basepath}/radiusd.conf",
mode => '0640', mode => '0640',
...@@ -122,7 +121,6 @@ class freeradius ( ...@@ -122,7 +121,6 @@ class freeradius (
File['radiusd.conf'], File['radiusd.conf'],
User['radiusd'], User['radiusd'],
Package[$fr_package], Package[$fr_package],
Service['winbind']
], ],
enable => true, enable => true,
hasstatus => true, hasstatus => true,
...@@ -134,8 +132,11 @@ class freeradius ( ...@@ -134,8 +132,11 @@ class freeradius (
ensure => present, ensure => present,
uid => '95', uid => '95',
gid => 'radiusd', gid => 'radiusd',
groups => 'wbpriv', groups => $winbind_support ? {
require => Package[$fr_package, 'samba-winbind'], true => $fr_wbpriv_user,
default => undef,
},
require => Package[$fr_package],
} }
# Install a few modules required on all FR installations # Install a few modules required on all FR installations
......
...@@ -49,4 +49,11 @@ class freeradius::params { ...@@ -49,4 +49,11 @@ class freeradius::params {
'Debian' => 'freerad', 'Debian' => 'freerad',
default => 'radiusd', default => 'radiusd',
} }
# Privileged winbind user
$fr_wbpriv_user = $::osfamily ? {
'RedHat' => 'wbpriv',
'Debian' => 'winbindd_priv',
default => 'wbpriv',
}
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment