{{ ansible_managed | comment }} server outer-aurore { listen { type = auth ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = auth ipv6addr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } authorize { filter_username # TODO suffix eap } authenticate { eap } preacct { } accounting { } post-auth { if (session-state:User-Name && reply:User-Name \ && request:User-Name \ && (reply:User-Name == request:User-Name)) { update reply { &User-Name !* ANY } } update { &reply: += &session-state: } Post-Auth-Type REJECT { attr_filter.access_reject eap remove_reply_message_if_eap log_auth_outer } remove_reply_message_if_eap log_auth_outer } pre-proxy { } post-proxy { eap } }