diff options
| -rw-r--r-- | data/templates/system-login/pam_radius_auth.conf.tmpl | 2 | ||||
| -rw-r--r-- | interface-definitions/include/radius-server.xml.i | 12 | ||||
| -rwxr-xr-x | src/conf_mode/system-login.py | 7 |
3 files changed, 19 insertions, 2 deletions
diff --git a/data/templates/system-login/pam_radius_auth.conf.tmpl b/data/templates/system-login/pam_radius_auth.conf.tmpl index e38f45035..ec2d6df95 100644 --- a/data/templates/system-login/pam_radius_auth.conf.tmpl +++ b/data/templates/system-login/pam_radius_auth.conf.tmpl @@ -2,7 +2,7 @@ # RADIUS configuration file {% if radius_server %} # server[:port] shared_secret timeout source_ip -{% for s in radius_server if not s.disabled %} +{% for s in radius_server|sort(attribute='priority') if not s.disabled %} {% set addr_port = s.address + ":" + s.port %} {{ "%-22s" | format(addr_port) }} {{ "%-25s" | format(s.key) }} {{ "%-10s" | format(s.timeout) }} {{ radius_source_address if radius_source_address }} {% endfor %} diff --git a/interface-definitions/include/radius-server.xml.i b/interface-definitions/include/radius-server.xml.i index 047728233..4b39f251b 100644 --- a/interface-definitions/include/radius-server.xml.i +++ b/interface-definitions/include/radius-server.xml.i @@ -50,6 +50,18 @@ </constraint> </properties> </leafNode> + <leafNode name="priority"> + <properties> + <help>Server priority</help> + <valueHelp> + <format>1-255</format> + <description>Server priority (default: 255)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> </children> </tagNode> </children> diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 5990c3777..93d4cc679 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -144,7 +144,8 @@ def get_config(): 'disabled': False, 'key': '', 'port': '1812', - 'timeout': '2' + 'timeout': '2', + 'priority': 255 } conf.set_level(base_level + ['radius', 'server', server]) @@ -164,6 +165,10 @@ def get_config(): if conf.exists(['timeout']): server_cfg['timeout'] = conf.return_value(['timeout']) + # Check if RADIUS server has priority + if conf.exists(['priority']): + server_cfg['priority'] = int(conf.return_value(['priority'])) + # Append individual RADIUS server configuration to global server list login['radius_server'].append(server_cfg) |