{{ ansible_managed | comment }}

server outer-aurore {

    listen {
        type = auth
        ipaddr = *
        port = 0
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }

    listen {
        type = auth
        ipv6addr = *
        port = 0
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }

    authorize {
        rewrite_calling_station_id
        rewrite_called_station_id
        linelog_outer_authz_user
        filter_username
        split_username_nai
        if (!&Stripped-User-Domain || &Stripped-User-Domain == "auro.re") {
            eap
        } else {
            update control {
                Proxy-To-Realm := "FEDEREZ"
            }
        }
    }

    authenticate {
        eap
    }

    preacct {
    }

    accounting {
    }

    post-auth {
        eap
        if (&session-state:User-Name && &reply:User-Name \
                && &request:User-Name \
                && (&reply:User-Name == &request:User-Name)) {
            update reply {
                User-Name !* ANY
            }
        }
        update reply {
            Tunnel-Medium-Type := IEEE-802
            Tunnel-Type := VLAN
        }
        if (&session-state:Tunnel-Private-Group-ID) {
            update reply {
                Tunnel-Private-Group-ID := &session-state:Tunnel-Private-Group-ID
            }
        } else {
            update reply {
                Tunnel-Private-Group-ID := {{ radiusd__guest_vlan | int }}
            }
        }
        Post-Auth-Type reject {
            attr_filter.access_reject
            eap
            remove_reply_message_if_eap
            linelog_outer_postauth
        }
        remove_reply_message_if_eap
        linelog_outer_postauth
    }

    pre-proxy {
    }

    post-proxy {
        split_username_nai
        eap
    }

}