blob: 4e26c991aeb158a3218f65c3135389c9271d7eb9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
FreeRADIUS
==========
Description
-----------
The `freeradius` role installs and configures [FreeRADIUS](https://freeradius.org/)
for WPA2/WPA3 Enterprise authentication.
Authentication is supported via FreeIPA-issued user certificates (TLS) or
username and password via TTLS-PAP.
Variables
---------
This role **accepts** the following variables:
Variable | Default | Description
--------------------------|-----------------------|------------
`freeradius_clients` | `[]` | List of RADIUS clients (see [format](#freeradius_clients) below)
`freeradius_ldap_servers` | `{{ freeipa_hosts }}` | LDAP hosts for PAP authentication
`freeradius_access_group` | `role-wifi-access` | FreeIPA group for wifi access (will be created)
### freeradius\_clients
The `freeradius_clients` variable describes RADIUS client credentials. It should
contain a list of dictionaries of the following format:
Key | Default | Description
-----------|---------|------------
`name` | | Friendly name
`address` | | Source address (IP or CIDR)
`secret` | | Shared encryption secret
Usage
-----
Example playbook:
````yaml
- hosts: radius_servers
roles:
- role: freeradius
vars:
freeradius_access_group: wifi-users
freeradius_ldap_servers:
- freeipa1.ipa.example.com
- freeipa2.ipa.example.com
freeradius_clients:
- name: unifi
address: 192.168.100.0/24
secret: s3cret
````
|