aboutsummaryrefslogtreecommitdiffstats
path: root/config/freeradius2
diff options
context:
space:
mode:
Diffstat (limited to 'config/freeradius2')
-rw-r--r--config/freeradius2/freeradiusmodulesldap.xml98
1 files changed, 96 insertions, 2 deletions
diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml
index cf7f5b33..f6619afd 100644
--- a/config/freeradius2/freeradiusmodulesldap.xml
+++ b/config/freeradius2/freeradiusmodulesldap.xml
@@ -106,7 +106,7 @@
<fieldname>varmodulesldapenableauthorize</fieldname>
<description><![CDATA[This enables LDAP in authorize section. The ldap module will set Auth-Type to LDAP if it has not already been set. (Default: unchecked)]]></description>
<type>checkbox</type>
- <enablefields>varmodulesldap2enableauthenticate,varmodulesldapkeepaliveinterval,varmodulesldapkeepaliveprobes,varmodulesldapkeepaliveidle,varmodulesldapmsadcompatibilityenable,varmodulesldapnettimeout,varmodulesldaptimelimit,varmodulesldaptimeout,varmodulesldapldapconnectionsnumber,varmodulesldapbasefilter,varmodulesldapfilter,varmodulesldapbasedn,varmodulesldappassword,varmodulesldapidentity,varmodulesldapserver,varmodulesldap2enableauthorize,varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields>
+ <enablefields>varmodulesldapenabletlssupport,varmodulesldap2failover,varmodulesldap2enableauthenticate,varmodulesldapkeepaliveinterval,varmodulesldapkeepaliveprobes,varmodulesldapkeepaliveidle,varmodulesldapmsadcompatibilityenable,varmodulesldapnettimeout,varmodulesldaptimelimit,varmodulesldaptimeout,varmodulesldapldapconnectionsnumber,varmodulesldapbasefilter,varmodulesldapfilter,varmodulesldapbasedn,varmodulesldappassword,varmodulesldapidentity,varmodulesldapserver,varmodulesldap2enableauthorize,varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields>
</field>
<field>
<fielddescr>Enable LDAP For Authentication</fielddescr>
@@ -340,6 +340,53 @@
<size>80</size>
<default_value>3</default_value>
</field>
+ <field>
+ <name>LDAP TLS SUPPORT - SERVER 1</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Enable TSL support</fielddescr>
+ <fieldname>varmodulesldapenabletlssupport</fieldname>
+ <description><![CDATA[Enable TLS support for LDAP server 1. If enabled then certs in ../raddb/certs/ will be checked against the certs on LDAP.]]></description>
+ <type>checkbox</type>
+ <enablefields>ssl_ca_cert1,ssl_server_cert1,varmodulesldaprequirecert</enablefields>
+ </field>
+ <field>
+ <fielddescr>SSL CA Certificate</fielddescr>
+ <fieldname>ssl_ca_cert1</fieldname>
+ <description><![CDATA[Choose the SSL CA Certficate here which you created with the pfSense Cert Manager.<br>
+ Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description>
+ <type>select_source</type>
+ <source><![CDATA[freeradius_get_ca_certs()]]></source>
+ <source_name>descr</source_name>
+ <source_value>refid</source_value>
+ </field>
+ <field>
+ <fielddescr>SSL Server Certificate</fielddescr>
+ <fieldname>ssl_server_cert1</fieldname>
+ <description><![CDATA[Choose the SSL Server Certficate here which you created with the pfSense Cert Manager.<br>
+ Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description>
+ <type>select_source</type>
+ <source><![CDATA[freeradius_get_server_certs()]]></source>
+ <source_name>descr</source_name>
+ <source_value>refid</source_value>
+ </field>
+ <field>
+ <fielddescr>Choose certificate verification method</fielddescr>
+ <fieldname>varmodulesldaprequirecert</fieldname>
+ <description><![CDATA[Choose how the certs should be checked:<br><br>
+
+ <b>never: </b>don't even bother trying<br>
+ <b>allow: </b>try but don't fail if the cerificate can't be verified<br>
+ <b>demand: </b>fail if the certificate doesn't verify]]></description>
+ <type>select</type>
+ <default_value>never</default_value>
+ <options>
+ <option><name>Never</name><value>never</value></option>
+ <option><name>Allow</name><value>allow</value></option>
+ <option><name>Demand</name><value>demand</value></option>
+ </options>
+ </field>
<field>
@@ -370,7 +417,7 @@
<fieldname>varmodulesldap2enableauthorize</fieldname>
<description><![CDATA[This enables LDAP in authorize section. The ldap module will set Auth-Type to LDAP if it has not already been set. (Default: unchecked)]]></description>
<type>checkbox</type>
- <enablefields>varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields>
+ <enablefields>varmodulesldap2enabletlssupport,varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields>
</field>
<field>
<fielddescr>Enable LDAP For Authentication</fielddescr>
@@ -604,6 +651,53 @@
<size>80</size>
<default_value>3</default_value>
</field>
+ <field>
+ <name>LDAP TLS SUPPORT - SERVER 2</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Enable TSL support</fielddescr>
+ <fieldname>varmodulesldap2enabletlssupport</fieldname>
+ <description><![CDATA[Enable TLS support for LDAP server 1. If enabled then certs in ../raddb/certs/ will be checked against the certs on LDAP.]]></description>
+ <type>checkbox</type>
+ <enablefields>ssl_ca_cert2,ssl_server_cert2,varmodulesldap2requirecert</enablefields>
+ </field>
+ <field>
+ <fielddescr>SSL CA Certificate</fielddescr>
+ <fieldname>ssl_ca_cert2</fieldname>
+ <description><![CDATA[Choose the SSL CA Certficate here which you created with the pfSense Cert Manager.<br>
+ Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description>
+ <type>select_source</type>
+ <source><![CDATA[freeradius_get_ca_certs()]]></source>
+ <source_name>descr</source_name>
+ <source_value>refid</source_value>
+ </field>
+ <field>
+ <fielddescr>SSL Server Certificate</fielddescr>
+ <fieldname>ssl_server_cert2</fieldname>
+ <description><![CDATA[Choose the SSL Server Certficate here which you created with the pfSense Cert Manager.<br>
+ Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description>
+ <type>select_source</type>
+ <source><![CDATA[freeradius_get_server_certs()]]></source>
+ <source_name>descr</source_name>
+ <source_value>refid</source_value>
+ </field>
+ <field>
+ <fielddescr>Choose certificate verification method</fielddescr>
+ <fieldname>varmodulesldap2requirecert</fieldname>
+ <description><![CDATA[Choose how the certs should be checked:<br><br>
+
+ <b>never: </b>don't even bother trying<br>
+ <b>allow: </b>try but don't fail if the cerificate can't be verified<br>
+ <b>demand: </b>fail if the certificate doesn't verify]]></description>
+ <type>select</type>
+ <default_value>never</default_value>
+ <options>
+ <option><name>Never</name><value>never</value></option>
+ <option><name>Allow</name><value>allow</value></option>
+ <option><name>Demand</name><value>demand</value></option>
+ </options>
+ </field>
</fields>
<custom_delete_php_command>
freeradius_modulesldap_resync();