Puppet Class: freeradius::v3::conf::security

Defined in:
manifests/v3/conf/security.pp

Summary

Add a 'security' section to freeradius.

Overview

Parameters:

  • max_attributes (Integer) (defaults to: 200)
  • reject_delay (Integer[1,5]) (defaults to: 1)
  • status_server (Boolean) (defaults to: true)
  • allow_core_dumps (Boolean) (defaults to: false)
  • chroot (Boolean) (defaults to: false)

    whether or not to run radiusd in a chroot

  • chroot_path (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    directory where the server does “chroot”

  • chroot_user (Optional[String]) (defaults to: undef)

    User to run daemon as,must be defined if using a chroot

  • chroot_group (Optional[String]) (defaults to: undef)

    Group to run daemon as.

See Also:

  • detailed information on the parameters, extract the original /etc/raddb/radiusd.conf from the freeradius rpm using rpm2cpio < free radius rpm> | cpio -idmv


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'manifests/v3/conf/security.pp', line 23

class freeradius::v3::conf::security (
  Integer                        $max_attributes    = 200,
  Integer[1,5]                   $reject_delay      = 1,
  Boolean                        $status_server     = true,
  Boolean                        $allow_core_dumps  = false,
  Boolean                        $chroot            = false,
  Optional[Stdlib::Absolutepath] $chroot_path       = undef,
  Optional[String]               $chroot_user       = undef,
  Optional[String]               $chroot_group      = undef
) {

  include 'freeradius'

  if $chroot {
    if ! $chroot_user {
      fail('Radiusd requires the chroot_user be set if you are using a chroot. See
      radiusd.conf help.')
    }
  }

  ensure_resource ('file',  "${freeradius::confdir}/conf.d",
    {
      ensure => 'directory',
      owner  => 'root',
      group  => $freeradius::group,
      mode   => '0640',
      purge  => true,
      before => Service['radiusd'],
    })

  file { "${freeradius::confdir}/conf.d/security.inc":
    ensure  => 'file',
    owner   => 'root',
    group   => $freeradius::group,
    mode    => '0640',
    content => template('freeradius/3/conf.d/security.erb'),
    notify  => Service['radiusd']
  }

}