diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-15 23:35:53 -0400 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-15 23:35:53 -0400 |
| commit | 145668c3dd67c5271eddcb62d1e7843487d768a7 (patch) | |
| tree | 4c7d563e9d320e6b122ee3dbf048d93eee6776c3 /scripts/hostclass/radius_server | |
| parent | b2af400a1098ebf445575d169e11a6717867045f (diff) | |
| download | infrastructure-145668c3dd67c5271eddcb62d1e7843487d768a7.tar.gz | |
huge amount of fixes
Diffstat (limited to 'scripts/hostclass/radius_server')
| -rw-r--r-- | scripts/hostclass/radius_server | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/scripts/hostclass/radius_server b/scripts/hostclass/radius_server new file mode 100644 index 0000000..bde1be2 --- /dev/null +++ b/scripts/hostclass/radius_server @@ -0,0 +1,56 @@ +#!/bin/sh + +# radius_clients=client1 +# radius_client1_address='192.168.1.0/24' +# radius_client1_secret='s3cret' + +: ${radius_clients=''} + +freeradius_user=freeradius +freeradius_conf_dir=/usr/local/etc/raddb +freeradius_tls_cert="${freeradius_conf_dir}/freeradius.crt" +freeradius_tls_key="${freeradius_conf_dir}/freeradius.key" +freeradius_cache_dir=/var/cache/radiusd +freeradius_tlscache_dir="${freeradius_cache_dir}/tlscache" + +# Install packages. +pkg install -y freeradius3 + +freeradius_version=$(pkg info freeradius3 | awk '$1 == "Version" { print $3 }') + +# Generate configuration. +install_directory -m 0755 "${freeradius_conf_dir}/certs" +install_template -o "$freeradius_user" -g "$freeradius_user" -m 0640 \ + "${freeradius_conf_dir}/radiusd.conf" \ + "${freeradius_conf_dir}/mods-available/eap" +rm -f "${freeradius_conf_dir}/sites-enabled/inner-tunnel" + +# Copy TLS certificate for freeradius. +install_certificate -g "$freeradius_user" freeradius "$freeradius_tls_cert" +install_certificate_key -g "$freeradius_user" freeradius "$freeradius_tls_key" + +# Generate clients.conf. +install -Cv -o "$freeradius_user" -g "$freeradius_user" -m 0660 /dev/null "${freeradius_conf_dir}/clients.conf" +for client_name in $radius_clients; do + eval "client_address=\$radius_${client_name}_address" + eval "client_secret=\$radius_${client_name}_secret" + cat <<EOF >> "${freeradius_conf_dir}/clients.conf" +client ${client_name} { + ipaddr = ${client_address} + secret = ${client_secret} +} + +EOF +done + +# Create cache directories. +install_directory -o "$freeradius_user" -g "$freeradius_user" -m 700 \ + "$freeradius_cache_dir" \ + "$freeradius_tlscache_dir" + +# Clean up tlscache with cron job. +install_template -m 0644 /etc/cron.d/freeradius + +# Enable and start daemons. +sysrc -v radiusd_enable=YES +service radiusd restart |