github/terraform-provider-unifi
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
terraform-provider-unifi/docs/resources/radius_profile.md
Mateusz Filipowicz b1688313c0 docs: improve provider documentation (#29) 
* docs: improve provider documentation

* fix accidentally changed type of stormctrl_ucast_rate

* docs: add badges and plans to readme
2025-02-26 18:56:45 +01:00

4.9 KiB
Raw Permalink Blame History

page_title, subcategory, description
page_title subcategory description
unifi_radius_profile Resource - terraform-provider-unifi The unifi_radius_profile resource manages RADIUS authentication profiles for UniFi networks. RADIUS (Remote Authentication Dial-In User Service) profiles enable enterprise-grade authentication and authorization for: 802.1X network access controlWPA2/WPA3-Enterprise wireless networksDynamic VLAN assignmentUser activity accounting Each profile can be configured with: Multiple authentication and accounting serversVLAN assignment settingsAccounting update intervals

unifi_radius_profile (Resource)

The unifi_radius_profile resource manages RADIUS authentication profiles for UniFi networks.

RADIUS (Remote Authentication Dial-In User Service) profiles enable enterprise-grade authentication and authorization for:

  • 802.1X network access control
  • WPA2/WPA3-Enterprise wireless networks
  • Dynamic VLAN assignment
  • User activity accounting

Each profile can be configured with:

  • Multiple authentication and accounting servers
  • VLAN assignment settings
  • Accounting update intervals

Schema

Required

  • name (String) A friendly name for the RADIUS profile to help identify its purpose (e.g., 'Corporate Users' or 'Guest Access').

Optional

  • accounting_enabled (Boolean) Enable RADIUS accounting to track user sessions, including login/logout times and data usage. Useful for billing and audit purposes. Defaults to false.
  • acct_server (Block List) List of RADIUS accounting servers to use with this profile. Accounting servers track session data like connection time and data usage. Each server requires:
    • IP address of the RADIUS server
    • Port number (default: 1813)
    • Shared secret for secure communication (see below for nested schema)
  • auth_server (Block List) List of RADIUS authentication servers to use with this profile. Multiple servers provide failover - if the first server is unreachable, the system will try the next server in the list. Each server requires:
  • interim_update_enabled (Boolean) Enable periodic updates during active sessions. This allows tracking of ongoing session data like bandwidth usage. Defaults to false.
  • interim_update_interval (Number) The interval (in seconds) between interim updates when interim_update_enabled is true. Default is 3600 seconds (1 hour). Defaults to 3600.
  • site (String) The name of the UniFi site where the RADIUS profile should be created. If not specified, the default site will be used.
  • use_usg_acct_server (Boolean) Use the controller as a RADIUS accounting server. This allows local accounting without an external RADIUS server. Defaults to false.
  • use_usg_auth_server (Boolean) Use the controller as a RADIUS authentication server. This allows local authentication without an external RADIUS server. Defaults to false.
  • vlan_enabled (Boolean) Enable VLAN assignment for wired clients based on RADIUS attributes. This allows network segmentation based on user authentication. Defaults to false.
  • vlan_wlan_mode (String) VLAN assignment mode for wireless networks. Valid values are:
    • disabled - Do not use RADIUS-assigned VLANs
    • optional - Use RADIUS-assigned VLAN if provided
    • required - Require RADIUS-assigned VLAN for authentication to succeed Defaults to ``.

Read-Only

  • id (String) The unique identifier of the RADIUS profile in the UniFi controller.

Nested Schema for acct_server

Required:

  • ip (String) The IPv4 address of the RADIUS accounting server (e.g., '192.168.1.100'). Must be reachable from your UniFi network.
  • xsecret (String, Sensitive) The shared secret key used to secure communication between the UniFi controller and the RADIUS server. This must match the secret configured on your RADIUS server.

Optional:

  • port (Number) The UDP port number where the RADIUS accounting service is listening. The standard port is 1813, but this can be changed if needed to match your server configuration. Defaults to 1813.

Nested Schema for auth_server

Required:

  • ip (String) The IPv4 address of the RADIUS authentication server (e.g., '192.168.1.100'). Must be reachable from your UniFi network.
  • xsecret (String, Sensitive) The shared secret key used to secure communication between the UniFi controller and the RADIUS server. This must match the secret configured on your RADIUS server.

Optional:

  • port (Number) The UDP port number where the RADIUS authentication service is listening. The standard port is 1812, but this can be changed if needed to match your server configuration. Defaults to 1812.
Reference in New Issue View Git Blame Copy Permalink