summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-03-16 13:14:07 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2023-03-16 13:19:00 +0000
commite540d0ad4c58f073a15d7064bef55f04be670ca9 (patch)
tree46e7c5f03b43bd7935335b6c265c369f2e64d909
parent7f0eb0b029c927e4b7b0003c934f682be9b36380 (diff)
downloadvyos-1x-e540d0ad4c58f073a15d7064bef55f04be670ca9.tar.gz
vyos-1x-e540d0ad4c58f073a15d7064bef55f04be670ca9.zip
T5091: IPoE-server verify RADIUS settings
As we don't have global option 'gateway-address' for ipoe-server we cannot use general configverify.verify_accel_ppp_base_service Add verify radius setting for configuration mode 'radius' Radius authentication required at least one RADIUS server
-rwxr-xr-xsrc/conf_mode/service_ipoe-server.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 9cdfa08ef..4fabe170f 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -60,6 +60,17 @@ def verify(ipoe):
'Use "ipoe client-ip-pool" instead.')
#verify_accel_ppp_base_service(ipoe, local_users=False)
+ # IPoE server does not have 'gateway' option in the CLI
+ # we cannot use configverify.py verify_accel_ppp_base_service for ipoe-server
+
+ if dict_search('authentication.mode', ipoe) == 'radius':
+ if not dict_search('authentication.radius.server', ipoe):
+ raise ConfigError('RADIUS authentication requires at least one server')
+
+ for server in dict_search('authentication.radius.server', ipoe):
+ radius_config = ipoe['authentication']['radius']['server'][server]
+ if 'key' not in radius_config:
+ raise ConfigError(f'Missing RADIUS secret key for server "{server}"')
if 'client_ipv6_pool' in ipoe:
if 'delegate' in ipoe['client_ipv6_pool'] and 'prefix' not in ipoe['client_ipv6_pool']: