diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-12 22:33:46 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-12 22:33:46 -0500 |
commit | 647066e3311883fabbff9491677e52b2bcb384b3 (patch) | |
tree | cf032aa69558512433c389a568694168a42ea109 | |
parent | f61a2579772f0e4d97f1b70cd8c0acd1d2aa7604 (diff) | |
download | selfhosted-647066e3311883fabbff9491677e52b2bcb384b3.tar.gz selfhosted-647066e3311883fabbff9491677e52b2bcb384b3.zip |
freeradius: add docs
-rw-r--r-- | roles/freeradius/README.md | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/roles/freeradius/README.md b/roles/freeradius/README.md new file mode 100644 index 0000000..4e26c99 --- /dev/null +++ b/roles/freeradius/README.md @@ -0,0 +1,55 @@ +FreeRADIUS +========== + +Description +----------- + +The `freeradius` role installs and configures [FreeRADIUS](https://freeradius.org/) +for WPA2/WPA3 Enterprise authentication. + +Authentication is supported via FreeIPA-issued user certificates (TLS) or +username and password via TTLS-PAP. + + +Variables +--------- + +This role **accepts** the following variables: + +Variable | Default | Description +--------------------------|-----------------------|------------ +`freeradius_clients` | `[]` | List of RADIUS clients (see [format](#freeradius_clients) below) +`freeradius_ldap_servers` | `{{ freeipa_hosts }}` | LDAP hosts for PAP authentication +`freeradius_access_group` | `role-wifi-access` | FreeIPA group for wifi access (will be created) + +### freeradius\_clients + +The `freeradius_clients` variable describes RADIUS client credentials. It should +contain a list of dictionaries of the following format: + +Key | Default | Description +-----------|---------|------------ +`name` | | Friendly name +`address` | | Source address (IP or CIDR) +`secret` | | Shared encryption secret + +Usage +----- + +Example playbook: + +````yaml +- hosts: radius_servers + roles: + - role: freeradius + vars: + freeradius_access_group: wifi-users + freeradius_ldap_servers: + - freeipa1.ipa.example.com + - freeipa2.ipa.example.com + + freeradius_clients: + - name: unifi + address: 192.168.100.0/24 + secret: s3cret +```` |