{"id":22700206,"url":"https://github.com/simp/pupmod-simp-freeradius","last_synced_at":"2025-07-18T00:04:50.525Z","repository":{"id":32298685,"uuid":"35873645","full_name":"simp/pupmod-simp-freeradius","owner":"simp","description":"The SIMP freeradius Puppet Module","archived":false,"fork":false,"pushed_at":"2025-06-12T18:52:20.000Z","size":377,"stargazers_count":2,"open_issues_count":5,"forks_count":10,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-07-03T22:42:57.877Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simp.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-05-19T09:49:34.000Z","updated_at":"2025-06-12T18:48:38.000Z","dependencies_parsed_at":"2022-09-12T22:10:14.944Z","dependency_job_id":"d7be50d3-f7bf-4d56-866f-4b7ca5e5f7bf","html_url":"https://github.com/simp/pupmod-simp-freeradius","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/simp/pupmod-simp-freeradius","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-freeradius","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-freeradius/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-freeradius/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-freeradius/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simp","download_url":"https://codeload.github.com/simp/pupmod-simp-freeradius/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-freeradius/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264505205,"owners_count":23618902,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-10T06:10:28.743Z","updated_at":"2025-07-18T00:04:50.506Z","avatar_url":"https://github.com/simp.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](https://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/73/badge)](https://bestpractices.coreinfrastructure.org/projects/73)\n[![Puppet Forge](https://img.shields.io/puppetforge/v/simp/freeradius.svg)](https://forge.puppetlabs.com/simp/freeradius)\n[![Puppet Forge Downloads](https://img.shields.io/puppetforge/dt/simp/freeradius.svg)](https://forge.puppetlabs.com/simp/freeradius)\n[![Build Status](https://travis-ci.org/simp/pupmod-simp-freeradius.svg)](https://travis-ci.org/simp/pupmod-simp-freeradius)\n\n#### Table of Contents\n\n\u003c!-- vim-markdown-toc GFM --\u003e\n\n* [Overview](#overview)\n* [This is a SIMP module](#this-is-a-simp-module)\n* [Module Description](#module-description)\n* [Beginning with freeradius](#beginning-with-freeradius)\n* [Setup](#setup)\n  * [Defaults](#defaults)\n  * [Set up Radius Server to use LDAP](#set-up-radius-server-to-use-ldap)\n    * [Install freeradius and the LDAP module and site configuration.](#install-freeradius-and-the-ldap-module-and-site-configuration)\n    * [Add radius clients:](#add-radius-clients)\n  * [Other configuration](#other-configuration)\n    * [Add sites and modules](#add-sites-and-modules)\n  * [Configure the Radius Server with Rsync](#configure-the-radius-server-with-rsync)\n* [Development](#development)\n  * [Acceptance tests](#acceptance-tests)\n\n\u003c!-- vim-markdown-toc --\u003e\n\n## Overview\n\nThis module installs freeradius. The v3 manifests can be used to configure\nversion 3 of freeradius.  If an older version of freeradius is being used,\nrsync can be used to copy over configuration files created outside of Puppet.\nRsync can also be used to copy over version 3 files.\n\nThis module includes a radiusd site and module that can be used to configure\nfreeradius to work with a LDAP server.\n\n## This is a SIMP module\n\nThis module is a component of the [System Integrity Management Platform](https://simp-project.com),\na compliance-management framework built on Puppet.\n\nIf you find any issues, they can be submitted to our\n[JIRA](https://simp-project.atlassian.net/).\n\nPlease read our [Contribution Guide](https://simp.readthedocs.io/en/stable/contributors_guide/index.html).\n\nThis module is optimally designed for use within a larger SIMP ecosystem, but\nit can be used independently:\n\n* When included within the SIMP ecosystem, security compliance settings will be\n  managed from the Puppet server.\n\n## Module Description\n\nThis module installs and configures freeradius. Its main purpose is to\nintegrate freeradius with an existing LDAP server. It includes manifests that\ncreates a virtual server (site) that configures freeradius to listen on all\navailable interfaces and authenticate via LDAP.\n\nSee [REFERENCE.md](REFERENCE.md) for more details.\n\n## Beginning with freeradius\n\nBefore using pupmod-simp-freeradius make sure to read the\n[freeradius documentation](http://freeradius.org/documentation)\n\nMuch of the freeradius documentation is in the default configuration files,\nsome of which get overwritten by this module.  It could be helpful to extract\nand store these files in a separate location using the command:\n\n```shell\nrpm2cpio \u003cfree radius rpm\u003e | cpio -idmv\n```\n\n## Setup\n\n* Ensure the freeradius, freeradius-ldap and freeradius-utils packages are\n  available to your package manager.\n\n\n### Defaults\n\n* Configuration directory: `/etc/raddb`\n* Log Directory: `/var/log/freeradius`\n* Ldap Bind user: `bind_dn`\n* Rsync: `false`\n\n### Set up Radius Server to use LDAP\n\nThis basic setup will configure RADIUS to listen on all interfaces and\nauthenticate using LDAP.\n\n#### Install freeradius and the LDAP module and site configuration.\n\nInclude the following in your Puppet code:\n\n```puppet\ninclude 'freeradius'\ninclude 'freeradius::v3::sites::ldap'\ninclude 'freeradius::v3::modules::ldap'\n```\n\nIf you are using a SIMP system, you can alternatively include the classes via\nHiera:\n\n```yaml\n---\nsimp::classes:\n  - 'freeradius'\n  - 'freeradius::v3::sites::ldap'\n  - 'freeradius::v3::modules::ldap'\n```\n\nThe default settings for `radiusd.conf` can be found in\n  - `freeradius::v3::conf`\n  - `freeradius::v3::conf::log`\n  - `freeradius::v3::conf::security`\n  - `freeradius::v3::conf::thread_pool`\nand can be changed using Hiera. See [REFERENCE.md](REFERENCE.md) for more\ndetails.\n\nThe listener is setup in the `freeradius::v3::sites::ldap` class.  Review that\nmodule if there is a need to change the listener or to use a global listener\ninstead of one linked to a site.\n\n#### Add radius clients:\n\nClient configurations will need to be created to allow clients to talk to the\nserver.  See the default `client.conf` file installed by freeradius for\ninformation on how to configure clients.\n\nThe `freeradius::v3::client` defined type lets clients be created individually.\nAlternatively, a complete `clients.conf` file can be copied in by specifying\nthe file source in Hiera with the variable\n`freeradius::v3::conf::clients_conf_content`.\n\nExample clients:\n\n``` ruby\n  freeradius::v3::client { 'localhost':\n    ipaddr =\u003e '127.0.0.1',\n    secret =\u003e 'testing123',\n    require_message_authenticator =\u003e false,\n    nas_type =\u003e 'other',\n    }\n\n  freeradius::v3::client { 'mynetwork':\n    ipaddr =\u003e '10.0.71.0/24',\n    secret =\u003e 'testing123'\n  }\n```\n\nor to copy over a file with clients defined, set the hiera variable:\n\n``` yaml\n---\n# The setting is\n# freeradius::v3::conf::clients_conf_content: \u003cexact content to add to file\u003e\nfreeradius::v3::conf::clients_conf_content: \u003e\n  Your entire\n  configuration\n  goes here\n```\n\n\n### Other configuration\n\nThe following configurations are not needed for connection to LDAP.  These are\na few examples of alternate application configurations.\n\n#### Add sites and modules\n\nOther sites and modules you write can be added individually using\n`freeradius::v3::site` or `freeradius::v3::module`.  In both cases, you specify\nthe source file to be copied.  For example, to specify a custom site:\n\n``` ruby\nfreeradius::v3::site { 'mysite':\n  source =\u003e puppet::///modules/mymodule/freeradius/mysite,\n  enable =\u003e true\n}\n```\n\nExisting sites that are in the sites-available directory can be added using\n\n``` ruby\nfreeradius::v3::site { 'inner-triggers':\n  enable =\u003e true\n}\n```\n\nThis will create the link and, if `manage_sites_enabled` is set to `true`, it\nwill not be removed.\n\nSee the `sites-available` and `mods-available` directories on your system for\nexamples and information on how to build the content of these files.\n\n### Configure the Radius Server with Rsync\n\nIf enabled, Freeradius will use the\n`/var/simp/environments/\u003cos\u003e/Global/freeradius` share on the SIMP `rsync`\nserver. This allows for large or complex configurations that may not be\nappropriate for inclusion directly into puppet `File` resources.\n\nFiles in this directory will be copied via `rsync` to `/etc/raddb`. Make sure\nall permissions are correct, including the SELinux context.\n\nIn Hiera:\n\n``` yaml\nfreeradius::use_rsync: true\n```\n\nRsync will copy over all the files and overwrite anything that already exists.\nIt will not purge any files.\n\n## Development\n\nPlease read our [Contribution Guide](https://simp.readthedocs.io/en/stable/contributors_guide/index.html).\n\n### Acceptance tests\n\nThis module includes [Beaker](https://github.com/puppetlabs/beaker) acceptance\ntests using the SIMP [Beaker Helpers](https://github.com/simp/rubygem-simp-beaker-helpers).\nBy default the tests use [Vagrant](https://www.vagrantup.com/) with\n[VirtualBox](https://www.virtualbox.org) as a back-end; Vagrant and VirtualBox\nmust both be installed to run these tests without modification. To execute the\ntests run the following:\n\n```shell\nbundle install\nbundle exec rake beaker:suites\n```\n\nPlease refer to the [SIMP Beaker Helpers documentation](https://github.com/simp/rubygem-simp-beaker-helpers/blob/master/README.md)\nfor more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimp%2Fpupmod-simp-freeradius","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimp%2Fpupmod-simp-freeradius","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimp%2Fpupmod-simp-freeradius/lists"}