--- rad_clients: [] # rad_clients: # - name: ap-wifi # ip: 192.168.7.0/24 # secret: p@ssw0rd # nas_type: other rad_auth_port: 1812 rad_acc_port: 1813 rad_ports: [ "{{ rad_auth_port }}", "{{ rad_acc_port }}" ] rad_src_ip: [] # An optional password if the private key is protected # rad_tls_key_pass: # The CA (full chain) to verify client's certificates # rad_tls_ca: | # ---- BEGIN CERTIFICATE ---- # ---- END CERTIFICATE ---- # The certificate of the radius server # rad_tls_cert: | # ---- BEGIN CERTIFICATE ---- # ---- END CERTIFICATE ---- # The private key of the radius server # rad_tls_key: | # -----BEGIN RSA PRIVATE KEY----- # -----END RSA PRIVATE KEY----- # An optional CRL to check client's certificate against # Can either be a raw CRL in PEM format, or an http or https URL # where to fetch it # If undefined, no check will be performed, and revoked certificates will be accepted # rad_tls_crl: # An email address to notify in case of CRL issue. # In case the CRL couldn't be fetched or is outdated, and rad_notify_crl is defined # the validation script will allow the authentication and notify the adress instead of failing # rad_notify_crl: admin@example.org # The issuer of the clients certificate # This can be usefull if you have several intermediate CA # all signed by the same root CA, but only want to trust clients from # one of them # rad_tls_issuer: /C=FR/ST=Aquitaine/L=Bordeaux/O=Firewall Services/OU=Security/CN=wifi