diff options
Diffstat (limited to 'roles/freeradius/README.md')
-rw-r--r-- | roles/freeradius/README.md | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/roles/freeradius/README.md b/roles/freeradius/README.md new file mode 100644 index 0000000..4e26c99 --- /dev/null +++ b/roles/freeradius/README.md @@ -0,0 +1,55 @@ +FreeRADIUS +========== + +Description +----------- + +The `freeradius` role installs and configures [FreeRADIUS](https://freeradius.org/) +for WPA2/WPA3 Enterprise authentication. + +Authentication is supported via FreeIPA-issued user certificates (TLS) or +username and password via TTLS-PAP. + + +Variables +--------- + +This role **accepts** the following variables: + +Variable | Default | Description +--------------------------|-----------------------|------------ +`freeradius_clients` | `[]` | List of RADIUS clients (see [format](#freeradius_clients) below) +`freeradius_ldap_servers` | `{{ freeipa_hosts }}` | LDAP hosts for PAP authentication +`freeradius_access_group` | `role-wifi-access` | FreeIPA group for wifi access (will be created) + +### freeradius\_clients + +The `freeradius_clients` variable describes RADIUS client credentials. It should +contain a list of dictionaries of the following format: + +Key | Default | Description +-----------|---------|------------ +`name` | | Friendly name +`address` | | Source address (IP or CIDR) +`secret` | | Shared encryption secret + +Usage +----- + +Example playbook: + +````yaml +- hosts: radius_servers + roles: + - role: freeradius + vars: + freeradius_access_group: wifi-users + freeradius_ldap_servers: + - freeipa1.ipa.example.com + - freeipa2.ipa.example.com + + freeradius_clients: + - name: unifi + address: 192.168.100.0/24 + secret: s3cret +```` |