summaryrefslogtreecommitdiff
path: root/data/templates/login
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-01-07 18:33:23 +0100
committerChristian Poessinger <christian@poessinger.com>2021-01-07 18:33:23 +0100
commitb9feaf0d6be3adf179df6f35fcd8416d128750f6 (patch)
tree75d137c2ae589b6351700b7f1af4c79f229fed26 /data/templates/login
parent582f52764afce78b9be0d95b88f6dc8d0bff9690 (diff)
downloadvyos-1x-b9feaf0d6be3adf179df6f35fcd8416d128750f6.tar.gz
vyos-1x-b9feaf0d6be3adf179df6f35fcd8416d128750f6.zip
login: radius: T3192: support IPv6 server(s) and source-address
Diffstat (limited to 'data/templates/login')
-rw-r--r--data/templates/login/pam_radius_auth.conf.tmpl33
1 files changed, 33 insertions, 0 deletions
diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl
new file mode 100644
index 000000000..56a5e10ee
--- /dev/null
+++ b/data/templates/login/pam_radius_auth.conf.tmpl
@@ -0,0 +1,33 @@
+# Automatically generated by system-login.py
+# RADIUS configuration file
+
+{# RADIUS IPv6 source address must be specified in [] notation #}
+{% set source_address = namespace() %}
+{% if radius_source_address is defined and radius_source_address is not none %}
+{% for address in radius_source_address %}
+{% if address | is_ipv4 %}
+{% set source_address.ipv4 = address %}
+{% elif address | is_ipv6 %}
+{% set source_address.ipv6 = "[" + address + "]" %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if radius_server is defined and radius_server is not none %}
+# server[:port] shared_secret timeout source_ip
+{% for server in radius_server | sort(attribute='priority') if not server.disabled %}
+{# RADIUS IPv6 servers must be specified in [] notation #}
+{% if server.address | is_ipv4 %}
+{{ server.address }}:{{ server.port }} {{ "%-25s" | format(server.key) }} {{ "%-10s" | format(server.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is defined }}
+{% else %}
+[{{ server.address }}]:{{ server.port }} {{ "%-25s" | format(server.key) }} {{ "%-10s" | format(server.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is defined }}
+{% endif %}
+{% endfor %}
+
+priv-lvl 15
+mapped_priv_user radius_priv_user
+
+{% if radius_vrf %}
+vrf-name {{ radius_vrf }}
+{% endif %}
+{% endif %}
+