diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-03-16 13:14:07 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-03-16 13:19:00 +0000 |
commit | e540d0ad4c58f073a15d7064bef55f04be670ca9 (patch) | |
tree | 46e7c5f03b43bd7935335b6c265c369f2e64d909 | |
parent | 7f0eb0b029c927e4b7b0003c934f682be9b36380 (diff) | |
download | vyos-1x-e540d0ad4c58f073a15d7064bef55f04be670ca9.tar.gz vyos-1x-e540d0ad4c58f073a15d7064bef55f04be670ca9.zip |
T5091: IPoE-server verify RADIUS settings
As we don't have global option 'gateway-address' for ipoe-server
we cannot use general configverify.verify_accel_ppp_base_service
Add verify radius setting for configuration mode 'radius'
Radius authentication required at least one RADIUS server
-rwxr-xr-x | src/conf_mode/service_ipoe-server.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index 9cdfa08ef..4fabe170f 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -60,6 +60,17 @@ def verify(ipoe): 'Use "ipoe client-ip-pool" instead.') #verify_accel_ppp_base_service(ipoe, local_users=False) + # IPoE server does not have 'gateway' option in the CLI + # we cannot use configverify.py verify_accel_ppp_base_service for ipoe-server + + if dict_search('authentication.mode', ipoe) == 'radius': + if not dict_search('authentication.radius.server', ipoe): + raise ConfigError('RADIUS authentication requires at least one server') + + for server in dict_search('authentication.radius.server', ipoe): + radius_config = ipoe['authentication']['radius']['server'][server] + if 'key' not in radius_config: + raise ConfigError(f'Missing RADIUS secret key for server "{server}"') if 'client_ipv6_pool' in ipoe: if 'delegate' in ipoe['client_ipv6_pool'] and 'prefix' not in ipoe['client_ipv6_pool']: |