Skip to content

Latest commit

 

History

History

freeradius

Folders and files

NameName
Last commit message
Last commit date

parent directory

..

defaults

defaults

 
 

files/etc/systemd/system/radiusd.service.d

files/etc/systemd/system/radiusd.service.d

 
 

handlers

handlers

 
 

tasks

tasks

 
 

templates/etc/raddb

templates/etc/raddb

 
 

vars

vars

 
 

README.md

README.md

 
 

README.md

FreeRADIUS

Description

The freeradius role installs and configures FreeRADIUS for WPA2/WPA3 Enterprise authentication.

Authentication is supported via FreeIPA-issued user certificates (TLS) or username and password via TTLS-PAP.

Variables

This role accepts the following variables:

Variable Default Description
freeradius_clients [] List of RADIUS clients (see format below)
freeradius_ldap_servers {{ freeipa_hosts }} LDAP hosts for PAP authentication
freeradius_access_group role-wifi-access FreeIPA group for wifi access (will be created)

freeradius_clients

The freeradius_clients variable describes RADIUS client credentials. It should contain a list of dictionaries of the following format:

Key Default Description
name   Friendly name
address   Source address (IP or CIDR)
secret   Shared encryption secret

Usage

Example playbook:

- name: configure freeradius
  hosts: radius_servers
  roles:
    - role: freeradius
      vars:
        freeradius_access_group: wifi-users
        freeradius_ldap_servers:
          - freeipa1.ipa.example.com
          - freeipa2.ipa.example.com

        freeradius_clients:
          - name: unifi
            address: 192.168.100.0/24
            secret: s3cret