Skip to content
Snippets Groups Projects
Commit e10263b7 authored by Lars Beckers's avatar Lars Beckers
Browse files

radius-server: fixes after buster upgrade

parent f3c347de
No related branches found
No related tags found
No related merge requests found
Pipeline #1511 passed
...@@ -6,8 +6,6 @@ ...@@ -6,8 +6,6 @@
- freeradius - freeradius
- freeradius-config - freeradius-config
- freeradius-ldap - freeradius-ldap
- freeradius-mysql
- freeradius-postgresql
- freeradius-utils - freeradius-utils
- winbind - winbind
state: present state: present
...@@ -18,7 +16,7 @@ ...@@ -18,7 +16,7 @@
- name: ensure freeradius server SSL configuration - name: ensure freeradius server SSL configuration
copy: copy:
src: "{{ radius_certs_dir }}/{{ item }}" src: "{{ radius_certs_dir }}/{{ item }}"
dest: /etc/freeradius/3.0/certs/ dest: /etc/freeradius/certs/
owner: root owner: root
group: freerad group: freerad
mode: '0640' mode: '0640'
...@@ -36,7 +34,7 @@ ...@@ -36,7 +34,7 @@
- name: configure available modules - name: configure available modules
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "/etc/freeradius/3.0/{{ item }}" dest: "/etc/freeradius/{{ item }}"
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
...@@ -52,7 +50,7 @@ ...@@ -52,7 +50,7 @@
- name: ensure freeradius server sites and policies are configured - name: ensure freeradius server sites and policies are configured
template: template:
src: "{{ item }}.j2" src: "{{ item }}.j2"
dest: "/etc/freeradius/3.0/{{ item }}" dest: "/etc/freeradius/{{ item }}"
owner: root owner: root
group: freerad group: freerad
mode: '0640' mode: '0640'
...@@ -72,10 +70,19 @@ ...@@ -72,10 +70,19 @@
tags: tags:
- freeradius - freeradius
- name: allow enabling freeradius server modules
file:
dest: "/etc/freeradius/mods-enabled/"
state: directory
notify:
- reload freeradius
tags:
- freeradius
- name: enable freeradius server modules - name: enable freeradius server modules
file: file:
src: "/etc/freeradius/3.0/mods-available/{{ item }}" src: "/etc/freeradius/mods-available/{{ item }}"
dest: "/etc/freeradius/3.0/mods-enabled/{{ item }}" dest: "/etc/freeradius/mods-enabled/{{ item }}"
state: link state: link
with_items: with_items:
- ldap - ldap
...@@ -88,10 +95,19 @@ ...@@ -88,10 +95,19 @@
tags: tags:
- freeradius - freeradius
- name: allow enabling freeradius server sites
file:
dest: "/etc/freeradius/sites-enabled/"
state: directory
notify:
- reload freeradius
tags:
- freeradius
- name: enable freeradius server sites - name: enable freeradius server sites
file: file:
src: "/etc/freeradius/3.0/sites-available/{{ item }}" src: "/etc/freeradius/sites-available/{{ item }}"
dest: "/etc/freeradius/3.0/sites-enabled/{{ item }}" dest: "/etc/freeradius/sites-enabled/{{ item }}"
state: link state: link
with_items: with_items:
- default - default
......
...@@ -289,7 +289,7 @@ ldap { ...@@ -289,7 +289,7 @@ ldap {
# The default is libldap's default, which varies based # The default is libldap's default, which varies based
# on the contents of ldap.conf. # on the contents of ldap.conf.
require_cert = 'demand' require_cert = 'allow'
} }
# As of version 3.0, the 'pool' section has replaced the # As of version 3.0, the 'pool' section has replaced the
......
...@@ -27,13 +27,13 @@ DEFAULT Realm == {{ radius_default_realm }}, FreeRADIUS-Proxied-To == 127.0.0.1 ...@@ -27,13 +27,13 @@ DEFAULT Realm == {{ radius_default_realm }}, FreeRADIUS-Proxied-To == 127.0.0.1
User-Name = '%{User-Name}', User-Name = '%{User-Name}',
Fall-Through = yes Fall-Through = yes
{%- for assign in radius_vlan_assignments %} {% for assign in radius_vlan_assignments %}
DEFAULT {{ assign.key }} {{ assign.condition }} {{ assign.value }} DEFAULT {{ assign.key }} {{ assign.condition }} {{ assign.value }}
Tunnel-Type = VLAN, Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802, Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = {{ assign.vlan }}, Tunnel-Private-Group-Id = {{ assign.vlan }},
Fall-Through = yes Fall-Through = yes
{% endfor -%} {% endfor %}
# #
# Deny access for a group of users. # Deny access for a group of users.
......
...@@ -252,9 +252,11 @@ preacct { ...@@ -252,9 +252,11 @@ preacct {
# The start time is: NOW - delay - session_length # The start time is: NOW - delay - session_length
# #
{% raw %}
# update request { # update request {
# FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" # FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
# } # }
{% endraw %}
# #
......
...@@ -94,22 +94,22 @@ authorize { ...@@ -94,22 +94,22 @@ authorize {
-sql -sql
ldap ldap
{%- for check in radius_tunnel_checks %} {% for check in radius_tunnel_checks %}
{%- if check.station %} {%- if check.station|default(False) %}
if ( &Called-Station-SSID == "{{ check.station }}" ) { if ( &Called-Station-SSID == "{{ check.station }}" ) {
{% endif -%} {% endif -%}
if {{ check.condition }} { if {{ check.condition }} {
} }
else { else {
update reply { update reply {
Reply-Message = "{{ check_error }}" Reply-Message = "{{ check.error }}"
} }
reject reject
} }
{%- if check.station %} {%- if check.station|default(False) %}
} }
{% endif -%} {% endif -%}
{% endfor -%} {% endfor %}
expiration expiration
logintime logintime
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment