{{ ansible_managed | comment }} server outer-aurore { listen { type = auth ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = auth ipv6addr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } authorize { rewrite_calling_station_id rewrite_called_station_id linelog_outer_authz_user filter_username split_username_nai if (!&Stripped-User-Domain || &Stripped-User-Domain == "auro.re") { eap } else { update control { Proxy-To-Realm := "federez" } } } authenticate { eap } preacct { } accounting { } post-auth { if (session-state:User-Name && reply:User-Name \ && request:User-Name \ && (reply:User-Name == request:User-Name)) { update reply { &User-Name !* ANY } } update { &reply: += &session-state: } Post-Auth-Type REJECT { attr_filter.access_reject eap remove_reply_message_if_eap linelog_outer_postauth } remove_reply_message_if_eap linelog_outer_postauth } pre-proxy { } post-proxy { split_username_nai eap } }