checkpoint radius client work

2025-02-25 18:55:28 -06:00 · 2007-11-13 13:06:18 -05:00
parent f36872383c 24d5777bd6
commit 152f8e3392
16 changed files with 424 additions and 14 deletions
--- a/ipa-server/ipa-install/share/Makefile.am
+++ b/ipa-server/ipa-install/share/Makefile.am
@@ -20,6 +20,8 @@ app_DATA =				\
 	ntp.conf.server.template 	\
 	radius.radiusd.conf.template	\
 	referint-conf.ldif		\
+	dna-posix.ldif			\
+	master-entry.ldif		\
 	$(NULL)

 EXTRA_DIST =				\
--- a/ipa-server/ipa-install/share/bootstrap-template.ldif
+++ b/ipa-server/ipa-install/share/bootstrap-template.ldif
@@ -39,6 +39,18 @@ objectClass: nsContainer
 objectClass: top
 cn: sysaccounts

+dn: cn=ipa,cn=etc,$SUFFIX
+changetype: add
+objectClass: nsContainer
+objectClass: top
+cn: ipa
+
+dn: cn=masters,cn=ipa,cn=etc,$SUFFIX
+changetype: add
+objectClass: nsContainer
+objectClass: top
+cn: masters
+
 dn: uid=admin,cn=sysaccounts,cn=etc,$SUFFIX
 changetype: add
 objectClass: top
@@ -50,7 +62,7 @@ uid: admin
 krbPrincipalName: admin@$REALM
 cn: Administrator
 sn: Administrator
-uidNumber: 1000
+uidNumber: 999
 gidNumber: 1001
 homeDirectory: /home/admin
 loginShell: /bin/bash
@@ -74,6 +86,18 @@ objectClass: nsContainer
 objectClass: top
 cn: clients

+dn: cn=profiles,cn=radius,cn=services,cn=etc,$SUFFIX
+changetype: add
+objectClass: nsContainer
+objectClass: top
+cn: profiles
+
+dn: uid=ipa_default, cn=profiles,cn=radius,cn=services,cn=etc,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: radiusprofile
+uid: ipa_default
+
 dn: cn=admins,cn=groups,cn=accounts,$SUFFIX
 changetype: add
 objectClass: top
--- a/ipa-server/ipa-install/share/dna-posix.ldif
+++ b/ipa-server/ipa-install/share/dna-posix.ldif
@@ -0,0 +1,37 @@
+# add container for posix configuration
+
+dn: cn=Posix,cn=ipa-dna,cn=plugins,cn=config
+changetype: add
+objectclass: top
+objectclass: nsContainer
+objectclass: extensibleObject
+cn: Posix
+
+# add plugin configuration for posix users
+
+dn: cn=Accounts,cn=Posix,cn=ipa-dna,cn=plugins,cn=config
+changetype: add
+objectclass: top
+objectclass: extensibleObject
+cn: Accounts
+dnaType: uidNumber
+dnaNextValue: 1100
+dnaInterval: 4
+dnaMagicRegen: 999
+dnaFilter: (objectclass=posixAccount)
+dnaScope: $SUFFIX
+
+# add plugin configuration for posix groups
+
+dn: cn=Groups,cn=Posix,cn=ipa-dna,cn=plugins,cn=config
+changetype: add
+objectclass: top
+objectclass: extensibleObject
+cn: Groups
+dnaType: gidNumber
+dnaNextValue: 1100
+dnaInterval: 4
+dnaMagicRegen: 999
+dnaFilter: (objectclass=posixGroup)
+dnaScope: $SUFFIX
+
--- a/ipa-server/ipa-install/share/encrypted_attribute.ldif
+++ b/ipa-server/ipa-install/share/encrypted_attribute.ldif
@@ -0,0 +1,6 @@
+dn: cn=$ENCRYPTED_ATTRIBUTE, cn=encrypted attributes, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
+changetype: add
+objectClass: top
+objectClass: nsAttributeEncryption
+cn: $ENCRYPTED_ATTRIBUTE
+nsEncryptionAlgorithm: AES
--- a/ipa-server/ipa-install/share/master-entry.ldif
+++ b/ipa-server/ipa-install/share/master-entry.ldif
@@ -0,0 +1,7 @@
+dn: cn=$FQHN,cn=masters,cn=ipa,cn=etc,$SUFFIX
+changetype: add
+objectclass: top
+objectclass: extensibleObject
+cn: $FQHN
+dnabase: 1100
+dnainterval: 4
--- a/ipa-server/ipa-install/share/radius.radiusd.conf.template
+++ b/ipa-server/ipa-install/share/radius.radiusd.conf.template
@@ -82,6 +82,8 @@ $$INCLUDE $${confdir}/eap.conf
 		filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
 		base_filter = "(objectclass=radiusprofile)"
 		start_tls = no
+		profile_attribute = "radiusProfileDn"
+		default_profile = "uid=ipa_default,cn=profiles,cn=radius,cn=services,cn=etc,$SUFFIX
 		# FIXME: we'll want to toggle the access_attr feature on/off,
 		# but it needs a control, so disable it for now.
 		#access_attr = "$ACCESS_ATTRIBUTE"