2022-09-01 17:35:22 +02:00
|
|
|
{{ ansible_managed | comment }}
|
|
|
|
|
2023-06-25 00:27:08 +02:00
|
|
|
server outer-aurore {
|
2022-09-01 17:35:22 +02:00
|
|
|
|
|
|
|
listen {
|
|
|
|
type = auth
|
|
|
|
ipaddr = *
|
|
|
|
port = 0
|
|
|
|
limit {
|
|
|
|
max_connections = 16
|
|
|
|
lifetime = 0
|
|
|
|
idle_timeout = 30
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
listen {
|
|
|
|
type = auth
|
|
|
|
ipv6addr = *
|
|
|
|
port = 0
|
|
|
|
limit {
|
|
|
|
max_connections = 16
|
|
|
|
lifetime = 0
|
|
|
|
idle_timeout = 30
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
authorize {
|
|
|
|
filter_username # TODO
|
|
|
|
suffix
|
|
|
|
eap
|
|
|
|
}
|
|
|
|
|
|
|
|
authenticate {
|
|
|
|
eap
|
|
|
|
}
|
|
|
|
|
|
|
|
preacct {
|
|
|
|
}
|
|
|
|
|
|
|
|
accounting {
|
|
|
|
}
|
|
|
|
|
|
|
|
post-auth {
|
|
|
|
if (session-state:User-Name && reply:User-Name \
|
|
|
|
&& request:User-Name \
|
|
|
|
&& (reply:User-Name == request:User-Name)) {
|
|
|
|
update reply {
|
|
|
|
&User-Name !* ANY
|
|
|
|
}
|
|
|
|
}
|
|
|
|
update {
|
|
|
|
&reply: += &session-state:
|
|
|
|
}
|
|
|
|
Post-Auth-Type REJECT {
|
|
|
|
attr_filter.access_reject
|
|
|
|
eap
|
|
|
|
remove_reply_message_if_eap
|
2023-06-25 00:27:08 +02:00
|
|
|
log_auth_outer
|
2022-09-01 17:35:22 +02:00
|
|
|
}
|
|
|
|
remove_reply_message_if_eap
|
2023-06-25 00:27:08 +02:00
|
|
|
log_auth_outer
|
2022-09-01 17:35:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
pre-proxy {
|
|
|
|
}
|
|
|
|
|
|
|
|
post-proxy {
|
|
|
|
eap
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|