mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 12:37:00 +01:00
3b3c029e30
* fix: outdated poetry.toml entries * fix: better handling errors on startup in radius_entrypoint * fix: radiusd eap config, removing dh_file per error message in freeradius startup * fix: updating docs to be a little clearer and reflect new config * fix: fixing up handling dhparam, trying to throw better errors * fix: unified how the config path is found in pykanidm radius, new default config path --------- Co-authored-by: Firstyear <william@blackhats.net.au>
29 lines
1.1 KiB
TOML
29 lines
1.1 KiB
TOML
uri = "https://example.com" # URL to the Kanidm server
|
|
verify_hostnames = true # verify the hostname of the Kanidm server
|
|
verify_ca = true # Strict CA verification
|
|
|
|
auth_token = "ABC..." # Auth token for the service account
|
|
# See: kanidm service-account api-token generate
|
|
|
|
# Default vlans for groups that don't specify one.
|
|
radius_default_vlan = 1
|
|
|
|
# A list of Kanidm groups which must be a member
|
|
# before they can authenticate via RADIUS.
|
|
radius_required_groups = ["radius_access_allowed@idm.example.com"]
|
|
|
|
# A mapping between Kanidm groups and VLANS
|
|
radius_groups = [{ spn = "radius_access_allowed@idm.example.com", vlan = 10 }]
|
|
|
|
# A mapping of clients and their authentication tokens
|
|
radius_clients = [
|
|
{ name = "test", ipaddr = "127.0.0.1", secret = "testing123" },
|
|
{ name = "docker", ipaddr = "172.17.0.0/16", secret = "testing123" },
|
|
]
|
|
|
|
# radius_cert_path = "/etc/raddb/certs/cert.pem"
|
|
# the signing key for radius TLS
|
|
# radius_key_path = "/etc/raddb/certs/key.pem"
|
|
radius_ca_path = "/data/ca.pem" # Path to the kanidm ca
|
|
# radius_ca_dir = "/data/ca"
|