net/freeradius: proposal for #5050

net/freeradius/Makefile

@@ -1,5 +1,6 @@
 PLUGIN_NAME=		freeradius
 PLUGIN_VERSION=		1.9.28
+PLUGIN_REVISION=	1
 PLUGIN_COMMENT=		RADIUS Authentication, Authorization and Accounting Server
 PLUGIN_DEPENDS=		freeradius3
 PLUGIN_MAINTAINER=	m.muenz@gmail.com

net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/General.xml

@@ -25,7 +25,7 @@
             <MaximumValue>4096</MaximumValue>
             <Constraints>
                 <check001>
-                    <ValidationMessage>You need to set a propper VLAN ID.</ValidationMessage>
+                    <ValidationMessage>VLAN fallback assignment needs to be enabled.</ValidationMessage>
                     <type>DependConstraint</type>
                     <addFields>
                         <field1>fallbackvlan_enabled</field1>
@@ -33,6 +33,18 @@
                 </check001>
             </Constraints>
         </fallbackvlan_id>
+        <fallback_tunnel_password type="TextField">
+            <Mask>/^([0-9a-zA-Z._\-\!\$\%\/\(\)\+\#\=\{\}:]){1,128}$/u</Mask>
+            <Constraints>
+                <check001>
+                    <ValidationMessage>VLAN fallback assignment needs to be enabled.</ValidationMessage>
+                    <type>DependConstraint</type>
+                    <addFields>
+                        <field1>fallbackvlan_enabled</field1>
+                    </addFields>
+                </check001>
+            </Constraints>
+        </fallback_tunnel_password>
         <ldap_enabled type="BooleanField">
             <Default>0</Default>
             <Required>N</Required>
@@ -152,8 +164,5 @@
             <Default>0</Default>
             <Required>Y</Required>
         </fallbackproxy>
-        <fallback_tunnel_password type="TextField">
-            <Mask>/^([0-9a-zA-Z._\-\!\$\%\/\(\)\+\#\=\{\}:]){1,128}$/u</Mask>
-        </fallback_tunnel_password>
     </items>
 </model>

net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/users

@@ -113,14 +113,14 @@ DEFAULT Ldap-Group == "{{ ldapgroup_list.ldapgroupname }}"
 {%    endfor %}
 {%  endif %}
 
-{%  if helpers.exists('OPNsense.freeradius.general.fallbackvlan_enabled') or helpers.exists('OPNsense.freeradius.general.fallback_tunnel_password') %}
+{%  if OPNsense.freeradius.general.fallbackvlan_enabled == '1' %}
 DEFAULT Auth-Type := Accept
-{%  if helpers.exists('OPNsense.freeradius.general.fallbackvlan_enabled') and OPNsense.freeradius.general.fallbackvlan_enabled == '1' %}
        Tunnel-Type = VLAN,
        Tunnel-Medium-Type = IEEE-802,
+{%  if helpers.exists('OPNsense.freeradius.general.fallbackvlan_id') and OPNsense.freeradius.general.fallbackvlan_id != '' %}
        Tunnel-Private-Group-Id = {{ OPNsense.freeradius.general.fallbackvlan_id }},
 {%  endif %}
-{%  if helpers.exists('OPNsense.freeradius.general.fallback_tunnel_password') %}
+{%  if helpers.exists('OPNsense.freeradius.general.fallback_tunnel_password') and OPNsense.freeradius.general.fallback_tunnel_password != '' %}
        Tunnel-Password = {{ OPNsense.freeradius.general.fallback_tunnel_password }},
 {%  endif %}
        Framed-Protocol = PPP