Enable wlan on boot by variable instead of membership in group teacherlaptop
This commit is contained in:
Raphael Dannecker
parent
5092969c8e
commit
a8736395c8
4 changed files with 527 additions and 528 deletions
94
doc/wlan.md
94
doc/wlan.md
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
Supported modes authenticating via WLAN:
|
||||
|
||||
* **WPA-Personal** (WPA-PSK)\
|
||||
* **WPA-Personal** (WPA-PSK)
|
||||
authentication via preshared key (psk)
|
||||
* **WPA-Enterprise** (WPA-802.1x) with **EAP-TLS**\
|
||||
* **WPA-Enterprise** (WPA-802.1x) with **EAP-TLS**
|
||||
authentication via client certificates (eap-tls)
|
||||
|
||||
Which method is used is determined by the variable `wlan`
|
||||
|
|
@ -14,27 +14,34 @@ Choices:
|
|||
* `"psk"`
|
||||
* `"eap-tls"`
|
||||
|
||||
## Common Configuration / Variables
|
||||
|
||||
* **wlan**
|
||||
Authentication mode
|
||||
Type: *String*
|
||||
Values:
|
||||
* "none" <-- (default)
|
||||
* "psk" <-- set to use WPA-Personal
|
||||
* "eap-tls" <-- set to use WPA-Enterprise with EAP-TLS
|
||||
* **wlan_ssid**
|
||||
SSID of used WLAN
|
||||
Type: *String*
|
||||
* **wlan_enable_on_boot**
|
||||
If set to `true` wlan will be enabled on boot
|
||||
Type: *Boolean*
|
||||
Default: `true`
|
||||
|
||||
## WPA-Personal
|
||||
|
||||
### Requirements
|
||||
|
||||
WLAN with configured WPA-Personal (WPA-PSK)
|
||||
|
||||
### Configuration / Variables
|
||||
### Additional Configuration / Variables
|
||||
|
||||
* **wlan**
|
||||
Authentication mode
|
||||
Type: *String*
|
||||
Values:
|
||||
* "none" <-- (default)
|
||||
* "psk" <-- set to use WPA-Personal
|
||||
* "eap-tls"
|
||||
* **wlan_ssid**
|
||||
SSID of used WLAN
|
||||
Type: *String*
|
||||
* **wlan_password**
|
||||
Password of WLAN. Only for `wlan: "psk"`
|
||||
Type: *String*
|
||||
* **wlan_password**
|
||||
Password of WLAN. Only for `wlan: "psk"`
|
||||
Type: *String*
|
||||
|
||||
### Examples
|
||||
|
||||
|
|
@ -73,44 +80,32 @@ laptop_teachers:
|
|||
|
||||
## WPA-Enterprise with EAP-TLS
|
||||
|
||||
Authentication is based on individual certificates, which will be automaticaly created on the radius server.
|
||||
Authentication is based on individual certificates, which will be automaticaly created on the radius server.
|
||||
Every devices gets his own certificate. When creating new certificates, the old one will be revoked.
|
||||
|
||||
### Requirements
|
||||
|
||||
* You need to run a freeradius server. For installation see https://codeberg....
|
||||
* The user, running this playbook, must have access to the radius-Server via ssh.
|
||||
* You need to run a freeradius server. For installation see https://codeberg....
|
||||
* The user, running this playbook, must have access to the radius-Server via ssh.
|
||||
|
||||
### Configuration / Variables
|
||||
### Additional Configuration / Variables
|
||||
|
||||
* **wlan**
|
||||
Authentication mode
|
||||
Type: *String*
|
||||
Values:
|
||||
* "none" <-- (default)
|
||||
* "psk"
|
||||
* "eap-tls" <-- set to use WPA Enterprise with EAP-TLS
|
||||
* **wlan_ssid**
|
||||
SSID of used WLAN
|
||||
Type: *String*
|
||||
* **wlan_eap_ca**
|
||||
CA data for certs and crl
|
||||
Type: *Dictionary of Strings*
|
||||
Keys:
|
||||
* C <-- default: "DE"
|
||||
* ST <-- default: "Baden-Wuerttemberg"
|
||||
* L <-- default: "Reutlingen"
|
||||
* O <-- default: "Linuxschule"
|
||||
* emailAddress <-- default: "admin@example.com"
|
||||
* CN <-- default: "Radius Certificate Authority"
|
||||
* password <-- default: "OtherVerySecurePassw0rd"
|
||||
* **wlan_force_issue**
|
||||
Force to issue a new certificate
|
||||
Only for `wlan: "eap-tls"`
|
||||
Type: *Bolean*
|
||||
Values:
|
||||
* true
|
||||
* false <-- (default)
|
||||
* **wlan_eap_ca**
|
||||
CA data for certs and crl
|
||||
Type: *Dictionary of Strings*Keys:
|
||||
* C <-- default: "DE"
|
||||
* ST <-- default: "Baden-Wuerttemberg"
|
||||
* L <-- default: "Reutlingen"
|
||||
* O <-- default: "Linuxschule"
|
||||
* emailAddress <-- default: "admin@example.com"
|
||||
* CN <-- default: "Radius Certificate Authority"
|
||||
* password <-- default: "OtherVerySecurePassw0rd"
|
||||
* **wlan_force_issue**
|
||||
Force to issue a new certificateOnly for `wlan: "eap-tls"`
|
||||
Type: *Bolean*
|
||||
Values:
|
||||
* true
|
||||
* false <-- (default)
|
||||
|
||||
### Examples
|
||||
|
||||
|
|
@ -169,6 +164,7 @@ laptop_teachers:
|
|||
10.0.23.[1-82]:
|
||||
vars:
|
||||
wlan: "eap-tls"
|
||||
wlan_enable_on_boot: false
|
||||
laptop_staff:
|
||||
hosts:
|
||||
10.0.61.[1-20]:
|
||||
|
|
@ -183,4 +179,4 @@ The issue of certificates can be forced.
|
|||
Force issue of new certs for hosts in group laptop_teacher.
|
||||
If there is a valid certificate, the old one will be revoked and a new certificate will be issued.
|
||||
|
||||
ansible-playbook -i myinventory.yml -l laptop_teachers lmn-client.yml -e "wlan_force_issue=true"
|
||||
ansible-playbook -i myinventory.yml -l laptop_teachers lmn-client.yml -e "wlan_force_issue=true"
|
||||
Loading…
Add table
Add a link
Reference in a new issue