239 lines
4.1 KiB
Django/Jinja
239 lines
4.1 KiB
Django/Jinja
######################################################################
|
|
#
|
|
# As of 2.0.0, FreeRADIUS supports virtual hosts using the
|
|
# "server" section, and configuration directives.
|
|
#
|
|
# Virtual hosts should be put into the "sites-available"
|
|
# directory. Soft links should be created in the "sites-enabled"
|
|
# directory to these files. This is done in a normal installation.
|
|
#
|
|
# If you are using 802.1X (EAP) authentication, please see also
|
|
# the "inner-tunnel" virtual server. You will likely have to edit
|
|
# that, too, for authentication to work.
|
|
#
|
|
# $Id: 083407596aa5074d665adac9606e7de655b634aa $
|
|
#
|
|
######################################################################
|
|
#
|
|
# Read "man radiusd" before editing this file. See the section
|
|
# titled DEBUGGING. It outlines a method where you can quickly
|
|
# obtain the configuration you want, without running into
|
|
# trouble. See also "man unlang", which documents the format
|
|
# of this file.
|
|
#
|
|
# This configuration is designed to work in the widest possible
|
|
# set of circumstances, with the widest possible number of
|
|
# authentication methods. This means that in general, you should
|
|
# need to make very few changes to this file.
|
|
#
|
|
# The best way to configure the server for your local system
|
|
# is to CAREFULLY edit this file. Most attempts to make large
|
|
# edits to this file will BREAK THE SERVER. Any edits should
|
|
# be small, and tested by running the server with "radiusd -X".
|
|
# Once the edits have been verified to work, save a copy of these
|
|
# configuration files somewhere. (e.g. as a "tar" file). Then,
|
|
# make more edits, and test, as above.
|
|
#
|
|
# There are many "commented out" references to modules such
|
|
# as ldap, sql, etc. These references serve as place-holders.
|
|
# If you need the functionality of that module, then configure
|
|
# it in radiusd.conf, and un-comment the references to it in
|
|
# this file. In most cases, those small changes will result
|
|
# in the server being able to connect to the DB, and to
|
|
# authenticate users.
|
|
#
|
|
######################################################################
|
|
|
|
server default {
|
|
listen {
|
|
type = auth
|
|
ipaddr = *
|
|
port = 0
|
|
|
|
limit {
|
|
max_connections = 16
|
|
lifetime = 0
|
|
idle_timeout = 30
|
|
}
|
|
}
|
|
|
|
listen {
|
|
ipaddr = *
|
|
port = 0
|
|
type = acct
|
|
|
|
limit {
|
|
}
|
|
}
|
|
|
|
# IPv6 versions of the above - read their full config to understand options
|
|
listen {
|
|
type = auth
|
|
ipv6addr = :: # any. ::1 == localhost
|
|
port = 0
|
|
limit {
|
|
max_connections = 16
|
|
lifetime = 0
|
|
idle_timeout = 30
|
|
}
|
|
}
|
|
|
|
listen {
|
|
ipv6addr = ::
|
|
port = 0
|
|
type = acct
|
|
|
|
limit {
|
|
}
|
|
}
|
|
}
|
|
|
|
server radius-wifi {
|
|
authorize {
|
|
rewrite_calling_station_id
|
|
|
|
if (User-Name =~ /^(.*)@(.*)/){
|
|
if (User-Name !~ /^(.*)@(.*)auro(.*)/){
|
|
update control{
|
|
Proxy-To-Realm := 'AUROREFEDEREZ'
|
|
}
|
|
}
|
|
|
|
if ("%{request:User-Name}" =~ /^(.*)@(.*)auro(.*)/){
|
|
update request{
|
|
Stripped-User-Name := "%{1}"
|
|
}
|
|
}
|
|
}
|
|
|
|
filter_username
|
|
|
|
preprocess
|
|
|
|
suffix
|
|
|
|
eap {
|
|
ok = return
|
|
}
|
|
|
|
expiration
|
|
logintime
|
|
|
|
pap
|
|
|
|
}
|
|
|
|
authenticate {
|
|
Auth-Type PAP {
|
|
pap
|
|
}
|
|
|
|
Auth-Type CHAP {
|
|
chap
|
|
}
|
|
|
|
Auth-Type MS-CHAP {
|
|
mschap
|
|
}
|
|
|
|
mschap
|
|
|
|
digest
|
|
|
|
eap
|
|
}
|
|
|
|
|
|
preacct {
|
|
preprocess
|
|
|
|
acct_unique
|
|
|
|
suffix
|
|
files
|
|
}
|
|
|
|
accounting {
|
|
|
|
detail
|
|
|
|
unix
|
|
exec
|
|
|
|
}
|
|
|
|
session {
|
|
}
|
|
|
|
post-auth {
|
|
update {
|
|
&reply: += &session-state:
|
|
}
|
|
|
|
exec
|
|
|
|
|
|
remove_reply_message_if_eap
|
|
|
|
Post-Auth-Type REJECT {
|
|
-sql
|
|
attr_filter.access_reject
|
|
|
|
eap
|
|
|
|
remove_reply_message_if_eap
|
|
}
|
|
}
|
|
|
|
pre-proxy {
|
|
}
|
|
|
|
post-proxy {
|
|
eap
|
|
}
|
|
}
|
|
|
|
|
|
|
|
server radius-filaire{
|
|
authorize{
|
|
|
|
re2o
|
|
expiration
|
|
logintime
|
|
pap
|
|
}
|
|
authenticate{
|
|
Auth-Type PAP{
|
|
pap
|
|
}
|
|
Auth-Type CHAP{
|
|
chap
|
|
}
|
|
Auth-Type MS-CHAP{
|
|
mschap
|
|
}
|
|
digest
|
|
eap
|
|
|
|
}
|
|
preacct{
|
|
preprocess
|
|
acct_unique
|
|
suffix
|
|
files
|
|
}
|
|
accounting{
|
|
}
|
|
session{
|
|
}
|
|
post-auth{
|
|
re2o
|
|
exec
|
|
}
|
|
pre-proxy{
|
|
}
|
|
post-proxy{
|
|
eap
|
|
}
|
|
}
|