From 505f69ee1540581eef2465dc420525213d278473 Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Sat, 18 Nov 2017 19:34:34 +0100
Subject: space_server: radius: clean up configuration

Disable all the unused auth methods
---
 .../files/radius/sites-available/labitat-inner     | 46 ++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 roles/space_server/files/radius/sites-available/labitat-inner

(limited to 'roles/space_server/files/radius/sites-available/labitat-inner')

diff --git a/roles/space_server/files/radius/sites-available/labitat-inner b/roles/space_server/files/radius/sites-available/labitat-inner
new file mode 100644
index 0000000..94d5643
--- /dev/null
+++ b/roles/space_server/files/radius/sites-available/labitat-inner
@@ -0,0 +1,46 @@
+server labitat-inner {
+
+	authorize {
+		filter_username
+		filter_inner_identity
+		suffix
+
+		update control {
+			&Proxy-To-Realm := LOCAL
+		}
+
+		eap {
+			ok = return
+		}
+
+		files
+		expiration
+		logintime
+		pap
+	}
+
+	authenticate {
+		Auth-Type PAP {
+			pap
+		}
+
+		eap
+	}
+
+	post-auth {
+		Post-Auth-Type REJECT {
+			attr_filter.access_reject
+
+			update outer.session-state {
+				&Module-Failure-Message := &request:Module-Failure-Message
+			}
+		}
+	}
+
+	pre-proxy {
+	}
+
+	post-proxy {
+		eap
+	}
+}
-- 
cgit v1.2.1