summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-01-07 18:33:23 +0100
committerChristian Poessinger <christian@poessinger.com>2021-01-07 18:33:23 +0100
commitb9feaf0d6be3adf179df6f35fcd8416d128750f6 (patch)
tree75d137c2ae589b6351700b7f1af4c79f229fed26 /data/templates
parent582f52764afce78b9be0d95b88f6dc8d0bff9690 (diff)
downloadvyos-1x-b9feaf0d6be3adf179df6f35fcd8416d128750f6.tar.gz
vyos-1x-b9feaf0d6be3adf179df6f35fcd8416d128750f6.zip
login: radius: T3192: support IPv6 server(s) and source-address
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/login/pam_radius_auth.conf.tmpl33
-rw-r--r--data/templates/system-login/pam_radius_auth.conf.tmpl16
2 files changed, 33 insertions, 16 deletions
diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl
new file mode 100644
index 000000000..56a5e10ee
--- /dev/null
+++ b/data/templates/login/pam_radius_auth.conf.tmpl
@@ -0,0 +1,33 @@
+# Automatically generated by system-login.py
+# RADIUS configuration file
+
+{# RADIUS IPv6 source address must be specified in [] notation #}
+{% set source_address = namespace() %}
+{% if radius_source_address is defined and radius_source_address is not none %}
+{% for address in radius_source_address %}
+{% if address | is_ipv4 %}
+{% set source_address.ipv4 = address %}
+{% elif address | is_ipv6 %}
+{% set source_address.ipv6 = "[" + address + "]" %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if radius_server is defined and radius_server is not none %}
+# server[:port] shared_secret timeout source_ip
+{% for server in radius_server | sort(attribute='priority') if not server.disabled %}
+{# RADIUS IPv6 servers must be specified in [] notation #}
+{% if server.address | is_ipv4 %}
+{{ server.address }}:{{ server.port }} {{ "%-25s" | format(server.key) }} {{ "%-10s" | format(server.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is defined }}
+{% else %}
+[{{ server.address }}]:{{ server.port }} {{ "%-25s" | format(server.key) }} {{ "%-10s" | format(server.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is defined }}
+{% endif %}
+{% endfor %}
+
+priv-lvl 15
+mapped_priv_user radius_priv_user
+
+{% if radius_vrf %}
+vrf-name {{ radius_vrf }}
+{% endif %}
+{% endif %}
+
diff --git a/data/templates/system-login/pam_radius_auth.conf.tmpl b/data/templates/system-login/pam_radius_auth.conf.tmpl
deleted file mode 100644
index ec2d6df95..000000000
--- a/data/templates/system-login/pam_radius_auth.conf.tmpl
+++ /dev/null
@@ -1,16 +0,0 @@
-# Automatically generated by system-login.py
-# RADIUS configuration file
-{% if radius_server %}
-# server[:port] shared_secret timeout source_ip
-{% for s in radius_server|sort(attribute='priority') if not s.disabled %}
-{% set addr_port = s.address + ":" + s.port %}
-{{ "%-22s" | format(addr_port) }} {{ "%-25s" | format(s.key) }} {{ "%-10s" | format(s.timeout) }} {{ radius_source_address if radius_source_address }}
-{% endfor %}
-
-priv-lvl 15
-mapped_priv_user radius_priv_user
-
-{% if radius_vrf %}
-vrf-name {{ radius_vrf }}
-{% endif %}
-{% endif %}