github/terraform-provider-unifi
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
terraform-provider-unifi/docs/resources/account.md
Mateusz Filipowicz b1688313c0 docs: improve provider documentation (#29) 
* docs: improve provider documentation

* fix accidentally changed type of stormctrl_ucast_rate

* docs: add badges and plans to readme
2025-02-26 18:56:45 +01:00

3.5 KiB
Raw Permalink Blame History

page_title, subcategory, description
page_title subcategory description
unifi_account Resource - terraform-provider-unifi The unifi_account resource manages RADIUS user accounts in the UniFi controller's built-in RADIUS server. This resource is used for: WPA2/WPA3-Enterprise wireless authentication802.1X wired authenticationMAC-based device authenticationVLAN assignment through RADIUS attributes Important Notes: For MAC-based authentication: Use the device's MAC address as both username and passwordConvert MAC address to uppercase with no separators (e.g., '00:11:22:33:44:55' becomes '001122334455')VLAN Assignment: If no VLAN is specified in the profile, clients will use the network's untagged VLANVLAN assignment uses standard RADIUS tunnel attributes Limitations: MAC-based authentication works only for wireless and wired clientsL2TP remote access VPN is not supported with MAC authenticationAccounts must be unique within a site

unifi_account (Resource)

The unifi_account resource manages RADIUS user accounts in the UniFi controller's built-in RADIUS server.

This resource is used for:

  • WPA2/WPA3-Enterprise wireless authentication
  • 802.1X wired authentication
  • MAC-based device authentication
  • VLAN assignment through RADIUS attributes

Important Notes:

  1. For MAC-based authentication:
    • Use the device's MAC address as both username and password
    • Convert MAC address to uppercase with no separators (e.g., '00:11:22:33:44:55' becomes '001122334455')
  2. VLAN Assignment:
    • If no VLAN is specified in the profile, clients will use the network's untagged VLAN
    • VLAN assignment uses standard RADIUS tunnel attributes

Limitations:

  • MAC-based authentication works only for wireless and wired clients
  • L2TP remote access VPN is not supported with MAC authentication
  • Accounts must be unique within a site

Schema

Required

  • name (String) The username for this RADIUS account. For regular users, this can be any unique identifier. For MAC-based authentication, this must be the device's MAC address in uppercase with no separators (e.g., '001122334455').
  • password (String, Sensitive) The password for this RADIUS account. For MAC-based authentication, this must match the username (the MAC address). For regular users, this should be a secure password following your organization's password policies.

Optional

  • network_id (String) The ID of the network (VLAN) to assign to clients authenticating with this account. This is used in conjunction with the tunnel attributes to provide VLAN assignment via RADIUS.
  • site (String) The name of the UniFi site where this RADIUS account should be created. If not specified, the default site will be used.
  • tunnel_medium_type (Number) The RADIUS tunnel medium type attribute (RFC 2868, section 3.2). Common values:
    • 6 - 802 (includes Ethernet, Token Ring, FDDI) (default)
    • 1 - IPv4
    • 2 - IPv6

Only change this if you need specific tunneling behavior. Defaults to 6.

  • tunnel_type (Number) The RADIUS tunnel type attribute (RFC 2868, section 3.1). Common values:
    • 13 - VLAN (default)
    • 1 - Point-to-Point Protocol (PPTP)
    • 9 - Point-to-Point Protocol (L2TP)

Only change this if you need specific tunneling behavior. Defaults to 13.

Read-Only

  • id (String) The unique identifier of the RADIUS account in the UniFi controller. This is automatically assigned.
Reference in New Issue View Git Blame Copy Permalink