huge amount of fixes

author: Cullum Smith <cullum@sacredheartsc.com> 2024-10-15 23:35:53 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-10-15 23:35:53 -0400
commit: 145668c3dd67c5271eddcb62d1e7843487d768a7 (patch)
tree: 4c7d563e9d320e6b122ee3dbf048d93eee6776c3 /files/usr/local/etc/raddb
parent: b2af400a1098ebf445575d169e11a6717867045f (diff)
download: infrastructure-145668c3dd67c5271eddcb62d1e7843487d768a7.tar.gz
2 files changed, 122 insertions, 0 deletions
diff --git a/files/usr/local/etc/raddb/mods-available/eap.radius_server b/files/usr/local/etc/raddb/mods-available/eap.radius_server
new file mode 100644
index 0000000..5c1aafd
--- /dev/null
+++ b/files/usr/local/etc/raddb/mods-available/eap.radius_server
@@ -0,0 +1,42 @@
+eap {
+  default_eap_type = tls
+  timer_expire = 60
+  ignore_unknown_eap_types = yes
+  cisco_accounting_username_bug = no
+  max_sessions = \${max_requests}
+
+  tls-config tls-common {
+    private_key_password =
+    private_key_file = ${freeradius_tls_key}
+    certificate_file = ${freeradius_tls_cert}
+    ca_file = ${site_cacert_path}
+    ca_path = \${cadir}
+    auto_chain = no
+    check_crl = no
+    cipher_list = "DEFAULT"
+    cipher_server_preference = no
+    tls_min_version = "1.2"
+    tls_max_version = "1.3"
+    ecdh_curve = ""
+
+    cache {
+      enable = yes
+      lifetime = 24 # hours
+      name = "EAP module"
+      persist_dir = "${freeradius_tlscache_dir}"
+      store {
+        Tunnel-Private-Group-Id
+      }
+    }
+
+    verify { }
+
+    ocsp {
+      enable = no
+    }
+  }
+
+  tls {
+    tls = tls-common
+  }
+}
diff --git a/files/usr/local/etc/raddb/radiusd.conf.radius_server b/files/usr/local/etc/raddb/radiusd.conf.radius_server
new file mode 100644
index 0000000..cc5a7a3
--- /dev/null
+++ b/files/usr/local/etc/raddb/radiusd.conf.radius_server
@@ -0,0 +1,80 @@
+prefix = /usr/local
+exec_prefix = \${prefix}
+sysconfdir = \${prefix}/etc
+localstatedir = /var
+sbindir = \${exec_prefix}/sbin
+logdir = /var/log
+raddbdir = \${sysconfdir}/raddb
+radacctdir = \${logdir}/radacct
+
+name = radiusd
+
+confdir = \${raddbdir}
+modconfdir = \${confdir}/mods-config
+certdir = \${confdir}/certs
+cadir   = \${confdir}/certs
+run_dir = \${localstatedir}/run/\${name}
+
+db_dir = \${raddbdir}
+
+libdir = /usr/local/lib/freeradius-${freeradius_version}
+
+pidfile = \${run_dir}/\${name}.pid
+
+max_request_time = 30
+
+cleanup_delay = 5
+
+max_requests = 16384
+
+hostname_lookups = no
+
+log {
+	destination = syslog
+	colourise = no
+	file = \${logdir}/radius.log
+	syslog_facility = daemon
+	stripped_names = no
+	auth = yes
+	auth_badpass = no
+	auth_goodpass = no
+	msg_denied = "You are already logged in - access denied"
+}
+
+checkrad = \${sbindir}/checkrad
+
+ENV { }
+
+security {
+	allow_core_dumps = no
+	max_attributes = 200
+	reject_delay = 1
+	status_server = yes
+}
+
+proxy_requests  = yes
+\$INCLUDE proxy.conf
+
+\$INCLUDE clients.conf
+
+
+thread pool {
+	start_servers = 5
+	max_servers = 32
+	min_spare_servers = 3
+	max_spare_servers = 10
+	max_requests_per_server = 0
+	auto_limit_acct = no
+}
+
+modules {
+	\$INCLUDE mods-enabled/
+}
+
+instantiate { }
+
+policy {
+	\$INCLUDE policy.d/
+}
+
+\$INCLUDE sites-enabled/
author	Cullum Smith <cullum@sacredheartsc.com>	2024-10-15 23:35:53 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-10-15 23:35:53 -0400
commit	145668c3dd67c5271eddcb62d1e7843487d768a7 (patch)
tree	4c7d563e9d320e6b122ee3dbf048d93eee6776c3 /files/usr/local/etc/raddb
parent	b2af400a1098ebf445575d169e11a6717867045f (diff)
download	infrastructure-145668c3dd67c5271eddcb62d1e7843487d768a7.tar.gz