forked from irasnyd/freeradius-ldap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
init
executable file
·45 lines (38 loc) · 1.38 KB
/
init
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
# vim: set ts=4 sts=4 sw=4 et:
LDAP_HOST="${LDAP_HOST:-ldap1.example.com ldap2.example.com}"
LDAP_USER="${LDAP_USER:-cn=admin,dc=example,dc=com}"
LDAP_PASS="${LDAP_PASS:-password}"
LDAP_BASEDN="${LDAP_BASEDN:-dc=example,dc=com}"
LDAP_USER_BASEDN="${LDAP_USER_BASEDN:-ou=Users,dc=example,dc=com}"
LDAP_GROUP_BASEDN="${LDAP_GROUP_BASEDN:-ou=Groups,dc=example,dc=com}"
RADIUS_CLIENT_CREDENTIALS="${RADIUS_CLIENT_CREDENTIALS:-}"
# to turn on debugging, use "-x -f -l stdout"
RADIUSD_ARGS="${RADIUSD_ARGS:--X -f -l stdout}"
ldap_subst() {
sed -i -e "s/${1}/${2}/g" /etc/freeradius/3.0/mods-available/ldap
}
# substitute variables into LDAP configuration file
ldap_subst "@LDAP_HOST@" "${LDAP_HOST}"
ldap_subst "@LDAP_USER@" "${LDAP_USER}"
ldap_subst "@LDAP_PASS@" "${LDAP_PASS}"
ldap_subst "@LDAP_BASEDN@" "${LDAP_BASEDN}"
ldap_subst "@LDAP_USER_BASEDN@" "${LDAP_USER_BASEDN}"
ldap_subst "@LDAP_GROUP_BASEDN@" "${LDAP_GROUP_BASEDN}"
# setup clients
IFS=$',' read -ra RADIUS_CLIENT_CREDENTIALS_ARRAY <<< "$RADIUS_CLIENT_CREDENTIALS"
for i in "${RADIUS_CLIENT_CREDENTIALS_ARRAY[@]}"; do
SHORTNAME=`echo $i | cut -f 1 -d :`
CLIENT=`echo $i | cut -f 2 -d :`
SECRET=`echo $i | cut -f 3 -d :`
cat >> /etc/freeradius/3.0/clients.conf << EOF
client $SHORTNAME {
ipaddr = $CLIENT
secret = $SECRET
nas_type = other
}
EOF
done
# run radiusd
freeradius $RADIUSD_ARGS
# /bin/bash