ansible/roles/freeradius/templates/sites-available/outer-aurore.j2

93 lines
1.9 KiB
Text
Raw Permalink Normal View History

{{ ansible_managed | comment }}
2023-06-25 00:27:08 +02:00
server outer-aurore {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = auth
ipv6addr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
authorize {
rewrite_calling_station_id
rewrite_called_station_id
2023-06-25 19:25:50 +02:00
linelog_outer_authz_user
filter_username
split_username_nai
2023-07-02 16:45:32 +02:00
if (!&Stripped-User-Domain || &Stripped-User-Domain == "auro.re") {
eap
} else {
update control {
Proxy-To-Realm := "FEDEREZ"
2023-07-02 16:45:32 +02:00
}
2023-06-25 19:25:50 +02:00
}
}
authenticate {
eap
}
preacct {
}
accounting {
}
post-auth {
eap
if (&session-state:User-Name && &reply:User-Name \
&& &request:User-Name \
&& (&reply:User-Name == &request:User-Name)) {
update reply {
User-Name !* ANY
}
}
update reply {
Tunnel-Medium-Type := IEEE-802
Tunnel-Type := VLAN
}
if (&session-state:Tunnel-Private-Group-ID) {
update reply {
Tunnel-Private-Group-ID := &session-state:Tunnel-Private-Group-ID
}
} else {
update reply {
Tunnel-Private-Group-ID := {{ radiusd__guest_vlan | int }}
}
}
Post-Auth-Type reject {
attr_filter.access_reject
eap
remove_reply_message_if_eap
2023-06-25 19:25:50 +02:00
linelog_outer_postauth
}
remove_reply_message_if_eap
2023-06-25 19:25:50 +02:00
linelog_outer_postauth
}
pre-proxy {
}
post-proxy {
2023-06-25 19:25:50 +02:00
split_username_nai
eap
}
}