I am building a Podman container that runs Samba Active Directory with Bind9 and Freeradius support using Ansible and have runned into a bit of a snag.
Samba runs fine with DLZ_BIND as backend in my container, but I need to integrate Freeradius into the container, so I can support logins via VPN.
I am trying to templating the following line in /etc/freeradius/3.0/mods-available/mschap
:
ntlm_auth = "/usr/bin/ntlm_auth --allow-mschapv2
--request-nt-key
--username={mschap:User-Name}
--domain={{ ad_info.netbios_domain }}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}"
For the sake of the exercise you can assume that the value of {{ ad_info.netbios_domain }}
is EXAMPLE
.
It is the only place in the file where I use a Jinja variable.
However running ansible-playbook makes Ansible basically blow up in my face, when it tries to template the file.
I presume it is because the Jinja variable is inserted inside a qouted string? Because a BASH shell script containing the following line will not blow up in ansible:
SAMBA_ADMIN_PASSWORD="{{ ad_info.admin_password }}"
So what are the right way to use Jinja, when you have a quoted string?
Edit
I made a template containing only the line in question and got the follwing error from ansible:
failed: [myhost.example.com] (item=etc/freeradius/3.0/mods-available/mschap) =>
{
"ansible_loop_var": "item",
"changed": false, "item":
"etc/freeradius/3.0/mods-available/mschap-jinja",
"msg": "AnsibleError: template error while templating string: tag name expected.
String: ntlm_auth = \"/usr/bin/ntlm_auth
--allow-mschapv2
--request-nt-key
--username={mschap:User-Name}
--domain={{ ad_info.netbios_domain }}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}\"
"}