jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-26 15:55:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
roles/radius_server/templates/modules/eap.conf.j2 Normal file
View File

@@ -0,0 +1,27 @@
eap {
default_eap_type = tls
tls-config tls-common {
{% if rad_tls_key_pass is defined %}
private_key_password = {{ rad_tls_key_pass }}
{% endif %}
private_key_file = /etc/radius/certs/key.pem
certificate_file = /etc/radius/certs/cert.pem
{% if rad_tls_ca is defined %}
ca_file = /etc/radius/certs/ca.pem
{% endif %}
dh_file = /etc/radius/certs/dh.pem
ca_path = /etc/radius/certs/
ecdh_curve = "prime256v1"
{% if rad_tls_issuert is defined %}
check_cert_issuer = "{{ rad_tls_issuer }}"
{% endif %}
verify {
tmpdir = /run/radiusd/tls
client = "/usr/local/bin/rad_check_client_cert --cert %{TLS-Client-Cert-Filename}{% if rad_tls_crl is defined %} --crl {{ (rad_tls_crl is search ('https?://')) | ternary(rad_tls_crl,'/etc/radius/certs/crl.pem') }}{% endif %}{% if rad_tls_issuer is defined %} --issuer '{{ rad_tls_issuer }}'{% endif %}{% if rad_crl_notify is defined %} --notify-crl='{{ rad_crl_notify }}'{% endif %}"
}
}
tls {
tls = tls-common
}
}