radius-server: fixes after buster upgrade

radius-server/tasks/main.yml

@@ -6,8 +6,6 @@
       - freeradius
       - freeradius-config
       - freeradius-ldap
-      - freeradius-mysql
-      - freeradius-postgresql
       - freeradius-utils
       - winbind
     state: present
@@ -18,7 +16,7 @@
 - name: ensure freeradius server SSL configuration
   copy:
     src: "{{ radius_certs_dir }}/{{ item }}"
-    dest: /etc/freeradius/3.0/certs/
+    dest: /etc/freeradius/certs/
     owner: root
     group: freerad
     mode: '0640'
@@ -36,7 +34,7 @@
 - name: configure available modules
   template:
     src: "{{ item }}.j2"
-    dest: "/etc/freeradius/3.0/{{ item }}"
+    dest: "/etc/freeradius/{{ item }}"
     owner: root
     group: root
     mode: '0644'
@@ -52,7 +50,7 @@
 - name: ensure freeradius server sites and policies are configured
   template:
     src: "{{ item }}.j2"
-    dest: "/etc/freeradius/3.0/{{ item }}"
+    dest: "/etc/freeradius/{{ item }}"
     owner: root
     group: freerad
     mode: '0640'
@@ -72,10 +70,19 @@
   tags:
     - freeradius
 
+- name: allow enabling freeradius server modules
+  file:
+    dest: "/etc/freeradius/mods-enabled/"
+    state: directory
+  notify:
+    - reload freeradius
+  tags:
+    - freeradius
+
 - name: enable freeradius server modules
   file:
-    src: "/etc/freeradius/3.0/mods-available/{{ item }}"
-    dest: "/etc/freeradius/3.0/mods-enabled/{{ item }}"
+    src: "/etc/freeradius/mods-available/{{ item }}"
+    dest: "/etc/freeradius/mods-enabled/{{ item }}"
     state: link
   with_items:
     - ldap
@@ -88,10 +95,19 @@
   tags:
     - freeradius
 
+- name: allow enabling freeradius server sites
+  file:
+    dest: "/etc/freeradius/sites-enabled/"
+    state: directory
+  notify:
+    - reload freeradius
+  tags:
+    - freeradius
+
 - name: enable freeradius server sites
   file:
-    src: "/etc/freeradius/3.0/sites-available/{{ item }}"
-    dest: "/etc/freeradius/3.0/sites-enabled/{{ item }}"
+    src: "/etc/freeradius/sites-available/{{ item }}"
+    dest: "/etc/freeradius/sites-enabled/{{ item }}"
     state: link
   with_items:
     - default

radius-server/templates/mods-available/ldap.j2

@@ -289,7 +289,7 @@ ldap {
 		#  The default is libldap's default, which varies based
 		#  on the contents of ldap.conf.
 
-		require_cert	= 'demand'
+		require_cert	= 'allow'
 	}
 
 	#  As of version 3.0, the 'pool' section has replaced the

radius-server/templates/mods-config/files/authorize.j2

@@ -27,13 +27,13 @@ DEFAULT		Realm == {{ radius_default_realm }}, FreeRADIUS-Proxied-To == 127.0.0.1
 		User-Name = '%{User-Name}',
 		Fall-Through = yes
 
-{%- for assign in radius_vlan_assignments %}
+{% for assign in radius_vlan_assignments %}
 DEFAULT   {{ assign.key }} {{ assign.condition }} {{ assign.value }}
 		Tunnel-Type = VLAN,
 		Tunnel-Medium-Type = IEEE-802,
 		Tunnel-Private-Group-Id = {{ assign.vlan }},
 		Fall-Through = yes
-{% endfor -%}
+{% endfor %}
 
 #
 # Deny access for a group of users.

radius-server/templates/sites-available/default.j2

@@ -252,9 +252,11 @@ preacct {
 	#  The start time is: NOW - delay - session_length
 	#
 
+{% raw %}
 #	update request {
 #	  	FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
 #	}
+{% endraw %}
 
 
 	#

radius-server/templates/sites-available/inner-tunnel.j2

@@ -94,22 +94,22 @@ authorize {
 	-sql
 	ldap
 
-	{%- for check in radius_tunnel_checks %}
-	{%- if check.station %}
+	{% for check in radius_tunnel_checks %}
+	{%- if check.station|default(False) %}
 	if ( &Called-Station-SSID == "{{ check.station }}" ) {
 	{% endif -%}
 	if {{ check.condition }} {
 	}
 	else {
 		update reply {
-			Reply-Message = "{{ check_error }}"
+			Reply-Message = "{{ check.error }}"
 		}
 		reject
 	}
-	{%- if check.station %}
+	{%- if check.station|default(False) %}
 	}
 	{% endif -%}
-	{% endfor -%}
+	{% endfor %}
 
 	expiration
 	logintime