{{ ansible_managed | comment }}

server outer-aurore {

    listen {
        type = auth
        ipaddr = *
        port = 0
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }

    listen {
        type = auth
        ipv6addr = *
        port = 0
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }

    authorize {
        linelog_outer_authz_user
        filter_username
        split_username_nai
        if (&Stripped-User-Domain && &Stripped-User-Domain != "auro.re") {
            linelog_outer_unknown_domain
            reject
        }
        eap
    }

    authenticate {
        eap
    }

    preacct {
    }

    accounting {
    }

    post-auth {
        if (session-state:User-Name && reply:User-Name \
                && request:User-Name \
                && (reply:User-Name == request:User-Name)) {
            update reply {
                &User-Name !* ANY
            }
        }
        update {
            &reply: += &session-state:
        }
        Post-Auth-Type REJECT {
            attr_filter.access_reject
            eap
            remove_reply_message_if_eap
            linelog_outer_postauth
        }
        remove_reply_message_if_eap
        linelog_outer_postauth
    }

    pre-proxy {
    }

    post-proxy {
        split_username_nai
        eap
    }

}