roles/freeradius: Role to deploy RADIUS with EAP-TLS
The *freeradius* role is used to install and configure FreeRADIUS. The configuration system for it is extremely complicated, with dozens of files in several directories. The default configuration has a plethora of options enabled that are not needed in most cases, so they are disabled here. Since the initial (and perhaps only) use case I have for RADIUS is WiFi authentication via certificates, only the EAP-TLS mechanism is enabled currently.
This commit is contained in:
35
roles/freeradius/defaults/main.yml
Normal file
35
roles/freeradius/defaults/main.yml
Normal file
@@ -0,0 +1,35 @@
|
||||
radiusd_default_eap_type: tls
|
||||
radiusd_dhparm_size: 2048
|
||||
radius_client_secrets: {}
|
||||
radiusd_disable_modules:
|
||||
- attr_filter
|
||||
- cache_eap
|
||||
- chap
|
||||
- date
|
||||
- detail
|
||||
- detail.log
|
||||
- dhcp
|
||||
- digest
|
||||
- dynamic_clients
|
||||
- echo
|
||||
- exec
|
||||
- expiration
|
||||
- expr
|
||||
- files
|
||||
- linelog
|
||||
- logintime
|
||||
- mschap
|
||||
- ntlm_auth
|
||||
- pap
|
||||
- passwd
|
||||
- preprocess
|
||||
- radutmp
|
||||
- realm
|
||||
- replicate
|
||||
- soh
|
||||
- sradutmp
|
||||
- unix
|
||||
- unpack
|
||||
- utf8
|
||||
radiusd_disable_sites:
|
||||
- inner-tunnel
|
||||
Reference in New Issue
Block a user