diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-04-23 12:40:39 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-04-23 12:40:39 +0200 |
| commit | 811479dfe458341bfd6c64714e729545cd03573c (patch) | |
| tree | 1d84af9fcd0f2a9c7a10af1d0f5505c54e4b2649 | |
| parent | bce32de9b73d7ff2d1120ada9c32d9fd022787a8 (diff) | |
| download | vyatta-cfg-system-811479dfe458341bfd6c64714e729545cd03573c.tar.gz vyatta-cfg-system-811479dfe458341bfd6c64714e729545cd03573c.zip | |
T1345: specify RADIUS source IP for system login command
set system login radius-source-address '172.18.201.10'
| -rw-r--r-- | lib/Vyatta/Login/RadiusServer.pm | 8 | ||||
| -rwxr-xr-x | scripts/system/vyatta_update_login.pl | 3 | ||||
| -rw-r--r-- | templates/system/login/radius-source-address/node.def | 2 |
3 files changed, 11 insertions, 2 deletions
diff --git a/lib/Vyatta/Login/RadiusServer.pm b/lib/Vyatta/Login/RadiusServer.pm index 5a71b1f8..f2e15de2 100644 --- a/lib/Vyatta/Login/RadiusServer.pm +++ b/lib/Vyatta/Login/RadiusServer.pm @@ -63,6 +63,10 @@ sub add_pam_radius { sub update { my $rconfig = new Vyatta::Config; + my $bindaddr = $rconfig->returnValue("system login radius-source-address"); + if (!defined($bindaddr)) { + $bindaddr = "0"; + } $rconfig->setLevel("system login radius-server"); my %servers = $rconfig->listNodeStatus(); my $count = 0; @@ -72,14 +76,14 @@ sub update { print $cfg "# RADIUS configuration file\n"; print $cfg "# automatically generated do not edit\n"; - print $cfg "# Server\tSecret\tTimeout\n"; + print $cfg "# server[:port]\t\tshared_secret\t\t\ttimeout (s)\tsource_ip\n"; for my $server ( sort keys %servers ) { next if ( $servers{$server} eq 'deleted' ); my $port = $rconfig->returnValue("$server port"); my $secret = $rconfig->returnValue("$server secret"); my $timeout = $rconfig->returnValue("$server timeout"); - print $cfg "$server:$port\t$secret\t$timeout\n"; + print $cfg "$server:$port\t$secret\t$timeout\t$bindaddr\n"; ++$count; print $cfg "priv-lvl 15\n"; print $cfg "mapped_priv_user radius_priv_user\n"; diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl index c41bb9df..550beb8e 100755 --- a/scripts/system/vyatta_update_login.pl +++ b/scripts/system/vyatta_update_login.pl @@ -35,6 +35,9 @@ while ( my ($type, $status) = each %loginNodes) { my $kind = ucfirst $type; $kind =~ s/-server/Server/; + # convert radius-source-address to RadiusServer + $kind =~ s/-source-address/Server/; + # Dynamically load the module to handle that login method require "Vyatta/Login/$kind.pm"; diff --git a/templates/system/login/radius-source-address/node.def b/templates/system/login/radius-source-address/node.def new file mode 100644 index 00000000..546bfaa3 --- /dev/null +++ b/templates/system/login/radius-source-address/node.def @@ -0,0 +1,2 @@ +type: ipv4 +help: Local RADIUS client address from which packets are sent |