1 files changed, 33 insertions, 0 deletions

diff --git a/data/templates/login/pam_radius_auth.conf.tmpl b/data/templates/login/pam_radius_auth.conf.tmpl
new file mode 100644
index 000000000..56a5e10ee
--- /dev/null
+++ b/data/templates/login/pam_radius_auth.conf.tmpl
@@ -0,0 +1,33 @@
+# Automatically generated by system-login.py
+# RADIUS configuration file
+
+{#   RADIUS IPv6 source address must be specified in [] notation #}
+{%   set source_address = namespace()  %}
+{%   if radius_source_address is defined and radius_source_address is not none %}
+{%     for address in radius_source_address %}
+{%       if address | is_ipv4 %}
+{%         set source_address.ipv4 = address %}
+{%       elif address | is_ipv6 %}
+{%         set source_address.ipv6 = "[" + address + "]" %}
+{%       endif %}
+{%     endfor %}
+{%   endif %}
+{% if radius_server is defined and radius_server is not none %}
+# server[:port]        shared_secret             timeout    source_ip
+{% for server in radius_server | sort(attribute='priority') if not server.disabled %}
+{#   RADIUS IPv6 servers must be specified in [] notation #}
+{%   if server.address | is_ipv4 %}
+{{ server.address }}:{{ server.port }} {{ "%-25s" | format(server.key) }} {{ "%-10s" | format(server.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is defined }}
+{%   else %}
+[{{ server.address }}]:{{ server.port }} {{ "%-25s" | format(server.key) }} {{ "%-10s" | format(server.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is defined }}
+{%   endif %}
+{% endfor %}
+
+priv-lvl 15
+mapped_priv_user radius_priv_user
+
+{% if radius_vrf %}
+vrf-name {{ radius_vrf }}
+{% endif %}
+{% endif %}
+