freeradius: minimal config for attr_filter

2022-09-01 03:39:02 +02:00 · 2022-09-01 03:39:02 +02:00 · ea843e2f47
commit ea843e2f47
parent c6afab5728
5 changed files with 34 additions and 1 deletions
--- a/roles/freeradius/defaults/main.yml
+++ b/roles/freeradius/defaults/main.yml
@ -4,7 +4,7 @@ radiusd__status_server: true
 radiusd__clients: {}
 radiusd__enabled_modules_minimal:
  - always
-  - attr_filter # TODO
+  - attr_filter
  - cache_eap # TODO
  - detail # TODO
  - detail.log # TODO
--- a/roles/freeradius/tasks/main.yml
+++ b/roles/freeradius/tasks/main.yml
@ -52,6 +52,8 @@
    - mods-available/always
    - mods-available/eap
    - mods-available/eap_inner
    - mods-config/attr_filter/access_challenge
    - mods-config/attr_filter/access_reject
  notify:
    - Restart freeradius
--- a/roles/freeradius/templates/mods-available/attr_filter.j2
+++ b/roles/freeradius/templates/mods-available/attr_filter.j2
@ -0,0 +1,11 @@
 {{ ansible_managed | comment }}
 attr_filter attr_filter.access_reject {
    key = "%{User-Name}"
    filename = ${modconfdir}/${.:name}/access_reject
 }
 attr_filter attr_filter.access_challenge {
    key = "%{User-Name}"
    filename = ${modconfdir}/${.:name}/access_challenge
 }
--- a/roles/freeradius/templates/mods-config/attr_filter/access_challenge.j2
+++ b/roles/freeradius/templates/mods-config/attr_filter/access_challenge.j2
@ -0,0 +1,10 @@
 {{ ansible_managed | comment }}
 DEFAULT
 	EAP-Message =* ANY,
 	State =* ANY,
 	Message-Authenticator =* ANY,
 	Reply-Message =* ANY,
 	Proxy-State =* ANY,
 	Session-Timeout =* ANY,
 	Idle-Timeout =* ANY
--- a/roles/freeradius/templates/mods-config/attr_filter/access_reject.j2
+++ b/roles/freeradius/templates/mods-config/attr_filter/access_reject.j2
@ -0,0 +1,10 @@
 {{ ansible_managed | comment }}
 DEFAULT
 	EAP-Message =* ANY,
 	State =* ANY,
 	Message-Authenticator =* ANY,
 	Error-Cause =* ANY,
 	Reply-Message =* ANY,
 	MS-CHAP-Error =* ANY,
 	Proxy-State =* ANY