The freeradius
role installs and configures FreeRADIUS
for WPA2/WPA3 Enterprise authentication.
Authentication is supported via FreeIPA-issued user certificates (TLS) or username and password via TTLS-PAP.
This role accepts the following variables:
Variable | Default | Description |
---|---|---|
freeradius_clients |
[] |
List of RADIUS clients (see format below) |
freeradius_ldap_servers |
{{ freeipa_hosts }} |
LDAP hosts for PAP authentication |
freeradius_access_group |
role-wifi-access |
FreeIPA group for wifi access (will be created) |
The freeradius_clients
variable describes RADIUS client credentials. It should
contain a list of dictionaries of the following format:
Key | Default | Description |
---|---|---|
name |
Friendly name | |
address |
Source address (IP or CIDR) | |
secret |
Shared encryption secret |
Example playbook:
- name: configure freeradius
hosts: radius_servers
roles:
- role: freeradius
vars:
freeradius_access_group: wifi-users
freeradius_ldap_servers:
- freeipa1.ipa.example.com
- freeipa2.ipa.example.com
freeradius_clients:
- name: unifi
address: 192.168.100.0/24
secret: s3cret