ansible/roles/freeradius/templates/sites-available/outer-aurore.j2

{{ ansible_managed | comment }}

server outer-aurore {

    listen {
        type = auth
        ipaddr = *
        port = 0
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }

    listen {
        type = auth
        ipv6addr = *
        port = 0
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }

    authorize {
        filter_username # TODO
        suffix
        eap
    }

    authenticate {
        eap
    }

    preacct {
    }

    accounting {
    }

    post-auth {
        if (session-state:User-Name && reply:User-Name \
                && request:User-Name \
                && (reply:User-Name == request:User-Name)) {
            update reply {
                &User-Name !* ANY
            }
        }
        update {
            &reply: += &session-state:
        }
        Post-Auth-Type REJECT {
            attr_filter.access_reject
            eap
            remove_reply_message_if_eap
            log_auth_outer
        }
        remove_reply_message_if_eap
        log_auth_outer
    }

    pre-proxy {
    }

    post-proxy {
        eap
    }

}
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00			`{{ ansible_managed \| comment }}`

freeradius: add logging 2023-06-25 00:27:08 +02:00			`server outer-aurore {`
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00
			`listen {`
			`type = auth`
			`ipaddr = *`
			`port = 0`
			`limit {`
			`max_connections = 16`
			`lifetime = 0`
			`idle_timeout = 30`
			`}`
			`}`

			`listen {`
			`type = auth`
			`ipv6addr = *`
			`port = 0`
			`limit {`
			`max_connections = 16`
			`lifetime = 0`
			`idle_timeout = 30`
			`}`
			`}`

			`authorize {`
			`filter_username # TODO`
			`suffix`
			`eap`
			`}`

			`authenticate {`
			`eap`
			`}`

			`preacct {`
			`}`

			`accounting {`
			`}`

			`post-auth {`
			`if (session-state:User-Name && reply:User-Name \`
			`&& request:User-Name \`
			`&& (reply:User-Name == request:User-Name)) {`
			`update reply {`
			`&User-Name !* ANY`
			`}`
			`}`
			`update {`
			`&reply: += &session-state:`
			`}`
			`Post-Auth-Type REJECT {`
			`attr_filter.access_reject`
			`eap`
			`remove_reply_message_if_eap`
freeradius: add logging 2023-06-25 00:27:08 +02:00			`log_auth_outer`
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00			`}`
			`remove_reply_message_if_eap`
freeradius: add logging 2023-06-25 00:27:08 +02:00			`log_auth_outer`
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00			`}`

			`pre-proxy {`
			`}`

			`post-proxy {`
			`eap`
			`}`

			`}`