2022-09-01 17:35:22 +02:00
|
|
|
{{ ansible_managed | comment }}
|
|
|
|
|
2023-06-25 00:27:08 +02:00
|
|
|
server outer-aurore {
|
2022-09-01 17:35:22 +02:00
|
|
|
|
|
|
|
listen {
|
|
|
|
type = auth
|
|
|
|
ipaddr = *
|
|
|
|
port = 0
|
|
|
|
limit {
|
|
|
|
max_connections = 16
|
|
|
|
lifetime = 0
|
|
|
|
idle_timeout = 30
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
listen {
|
|
|
|
type = auth
|
|
|
|
ipv6addr = *
|
|
|
|
port = 0
|
|
|
|
limit {
|
|
|
|
max_connections = 16
|
|
|
|
lifetime = 0
|
|
|
|
idle_timeout = 30
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
authorize {
|
2023-06-25 19:49:12 +02:00
|
|
|
rewrite_calling_station_id
|
|
|
|
rewrite_called_station_id
|
2023-06-25 19:25:50 +02:00
|
|
|
linelog_outer_authz_user
|
|
|
|
filter_username
|
|
|
|
split_username_nai
|
2023-07-02 16:45:32 +02:00
|
|
|
if (!&Stripped-User-Domain || &Stripped-User-Domain == "auro.re") {
|
|
|
|
eap
|
|
|
|
} else {
|
|
|
|
update control {
|
2023-07-02 20:51:42 +02:00
|
|
|
Proxy-To-Realm := "FEDEREZ"
|
2023-07-02 16:45:32 +02:00
|
|
|
}
|
2023-06-25 19:25:50 +02:00
|
|
|
}
|
2022-09-01 17:35:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
authenticate {
|
|
|
|
eap
|
|
|
|
}
|
|
|
|
|
|
|
|
preacct {
|
|
|
|
}
|
|
|
|
|
|
|
|
accounting {
|
|
|
|
}
|
|
|
|
|
|
|
|
post-auth {
|
2023-07-02 20:51:42 +02:00
|
|
|
eap
|
|
|
|
if (&session-state:User-Name && &reply:User-Name \
|
|
|
|
&& &request:User-Name \
|
|
|
|
&& (&reply:User-Name == &request:User-Name)) {
|
2022-09-01 17:35:22 +02:00
|
|
|
update reply {
|
2023-07-02 21:26:02 +02:00
|
|
|
User-Name !* ANY
|
2022-09-01 17:35:22 +02:00
|
|
|
}
|
|
|
|
}
|
2023-07-02 21:26:02 +02:00
|
|
|
update reply {
|
|
|
|
Tunnel-Medium-Type := IEEE-802
|
|
|
|
Tunnel-Type := VLAN
|
|
|
|
}
|
|
|
|
if (&session-state:Tunnel-Private-Group-ID) {
|
|
|
|
update reply {
|
|
|
|
Tunnel-Private-Group-ID := &session-state:Tunnel-Private-Group-ID
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
update reply {
|
|
|
|
Tunnel-Private-Group-ID := {{ radiusd__guest_vlan | int }}
|
|
|
|
}
|
2022-09-01 17:35:22 +02:00
|
|
|
}
|
2023-07-02 20:51:42 +02:00
|
|
|
Post-Auth-Type reject {
|
2022-09-01 17:35:22 +02:00
|
|
|
attr_filter.access_reject
|
|
|
|
eap
|
|
|
|
remove_reply_message_if_eap
|
2023-06-25 19:25:50 +02:00
|
|
|
linelog_outer_postauth
|
2022-09-01 17:35:22 +02:00
|
|
|
}
|
|
|
|
remove_reply_message_if_eap
|
2023-06-25 19:25:50 +02:00
|
|
|
linelog_outer_postauth
|
2022-09-01 17:35:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
pre-proxy {
|
|
|
|
}
|
|
|
|
|
|
|
|
post-proxy {
|
2023-06-25 19:25:50 +02:00
|
|
|
split_username_nai
|
2022-09-01 17:35:22 +02:00
|
|
|
eap
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|