blob: 842926aaa080b9a33e44e9bbe9ab2e3cba064c8a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#!/bin/sh
# radius_clients=client1
# radius_client1_address='192.168.1.0/24'
# radius_client1_secret='s3cret'
: ${radius_clients=''}
freeradius_user=freeradius
freeradius_conf_dir=/usr/local/etc/raddb
freeradius_tls_cert="${freeradius_conf_dir}/freeradius.crt"
freeradius_tls_key="${freeradius_conf_dir}/freeradius.key"
freeradius_cache_dir=/var/cache/radiusd
freeradius_tlscache_dir="${freeradius_cache_dir}/tlscache"
# Install packages.
pkg install -y freeradius3
freeradius_version=$(pkg info freeradius3 | awk '$1 == "Version" { print $3 }')
# Generate configuration.
install_directory -m 0755 "${freeradius_conf_dir}/certs"
install_template -o "$freeradius_user" -g "$freeradius_user" -m 0640 \
"${freeradius_conf_dir}/radiusd.conf" \
"${freeradius_conf_dir}/mods-available/eap" \
"${freeradius_conf_dir}/mods-available/ldap" \
"${freeradius_conf_dir}/sites-available/inner-tunnel" \
"${freeradius_conf_dir}/clients.conf"
ln -snfv '../mods-available/ldap' "${freeradius_conf_dir}/mods-enabled/ldap"
ln -snfv '../sites-available/inner-tunnel' "${freeradius_conf_dir}/sites-enabled/inner-tunnel"
# Copy TLS certificate for freeradius.
install_certificate -g "$freeradius_user" freeradius "$freeradius_tls_cert"
install_certificate_key -g "$freeradius_user" freeradius "$freeradius_tls_key"
# Create cache directories.
install_directory -o "$freeradius_user" -g "$freeradius_user" -m 700 \
"$freeradius_cache_dir" \
"$freeradius_tlscache_dir"
# Clean up tlscache with cron job.
install_template -m 0644 /etc/cron.d/freeradius
# Enable and start daemons.
sysrc -v radiusd_enable=YES
service radiusd restart
# Create wifi access role.
ldap_add "cn=${wifi_access_role},${roles_basedn}" <<EOF
objectClass: groupOfMembers
cn: ${wifi_access_role}
EOF
|
