diff options
author | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-26 00:07:03 -0400 |
---|---|---|
committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-26 00:07:03 -0400 |
commit | 6e2a5993ce470341bed0e0c6ba8e44de3712d50e (patch) | |
tree | 7a6bad35bac69e5f9264a5dde460335b1068ec9e /files/usr/local/etc/raddb/mods-available | |
parent | 7bb5176a0e1d3a7d8a119b92758404d514f59be9 (diff) | |
download | infrastructure-6e2a5993ce470341bed0e0c6ba8e44de3712d50e.tar.gz |
more icinga stuff
Diffstat (limited to 'files/usr/local/etc/raddb/mods-available')
-rw-r--r-- | files/usr/local/etc/raddb/mods-available/eap.radius_server | 8 | ||||
-rw-r--r-- | files/usr/local/etc/raddb/mods-available/ldap.radius_server | 107 |
2 files changed, 115 insertions, 0 deletions
diff --git a/files/usr/local/etc/raddb/mods-available/eap.radius_server b/files/usr/local/etc/raddb/mods-available/eap.radius_server index 5c1aafd..789bc0e 100644 --- a/files/usr/local/etc/raddb/mods-available/eap.radius_server +++ b/files/usr/local/etc/raddb/mods-available/eap.radius_server @@ -39,4 +39,12 @@ eap { tls { tls = tls-common } + + ttls { + tls = tls-common + default_eap_type = md5 + copy_request_to_tunnel = no + use_tunneled_reply = no + virtual_server = "inner-tunnel" + } } diff --git a/files/usr/local/etc/raddb/mods-available/ldap.radius_server b/files/usr/local/etc/raddb/mods-available/ldap.radius_server new file mode 100644 index 0000000..09442f0 --- /dev/null +++ b/files/usr/local/etc/raddb/mods-available/ldap.radius_server @@ -0,0 +1,107 @@ +ldap { + $(printf " server = '%s'\n" ${ldap_hosts}) + + base_dn = '${users_basedn}' + + sasl { + mech = 'GSSAPI' + realm = '${realm}' + } + + update { + control:Password-With-Header += 'userPassword' + control: += 'radiusControlAttribute' + request: += 'radiusRequestAttribute' + reply: += 'radiusReplyAttribute' + } + + user_dn = "LDAP-UserDn" + + user { + base_dn = "\${..base_dn}" + filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" + } + + group { + base_dn = '${groups_basedn}' + filter = '(objectClass=groupOfMembers)' + name_attribute = cn + membership_filter = "(member=%{control:\${..user_dn}})" + membership_attribute = 'memberOf' + cacheable_name = 'yes' + cacheable_dn = 'yes' + allow_dangling_group_ref = 'yes' + } + + profile { } + + client { + base_dn = "\${..base_dn}" + filter = '(objectClass=radiusClient)' + + template { } + + attribute { + ipaddr = 'radiusClientIdentifier' + secret = 'radiusClientSecret' + } + } + + read_clients = no + + accounting { + reference = "%{tolower:type.%{Acct-Status-Type}}" + + type { + start { + update { + description := "Online at %S" + } + } + + interim-update { + update { + description := "Last seen at %S" + } + } + + stop { + update { + description := "Offline at %S" + } + } + } + } + + post-auth { + update { + description := "Authenticated at %S" + } + } + + options { + chase_referrals = yes + rebind = yes + res_timeout = 10 + srv_timelimit = 3 + net_timeout = 1 + idle = 60 + probes = 3 + interval = 3 + ldap_debug = 0x0000 + } + + tls { } + + pool { + start = \${thread[pool].start_servers} + min = \${thread[pool].min_spare_servers} + max = \${thread[pool].max_servers} + + spare = \${thread[pool].max_spare_servers} + uses = 0 + retry_delay = 30 + lifetime = 0 + idle_timeout = 60 + } +} |