aboutsummaryrefslogtreecommitdiff
path: root/files/usr/local/etc/raddb/mods-available/eap.radius_server
diff options
context:
space:
mode:
Diffstat (limited to 'files/usr/local/etc/raddb/mods-available/eap.radius_server')
-rw-r--r--files/usr/local/etc/raddb/mods-available/eap.radius_server42
1 files changed, 42 insertions, 0 deletions
diff --git a/files/usr/local/etc/raddb/mods-available/eap.radius_server b/files/usr/local/etc/raddb/mods-available/eap.radius_server
new file mode 100644
index 0000000..5c1aafd
--- /dev/null
+++ b/files/usr/local/etc/raddb/mods-available/eap.radius_server
@@ -0,0 +1,42 @@
+eap {
+ default_eap_type = tls
+ timer_expire = 60
+ ignore_unknown_eap_types = yes
+ cisco_accounting_username_bug = no
+ max_sessions = \${max_requests}
+
+ tls-config tls-common {
+ private_key_password =
+ private_key_file = ${freeradius_tls_key}
+ certificate_file = ${freeradius_tls_cert}
+ ca_file = ${site_cacert_path}
+ ca_path = \${cadir}
+ auto_chain = no
+ check_crl = no
+ cipher_list = "DEFAULT"
+ cipher_server_preference = no
+ tls_min_version = "1.2"
+ tls_max_version = "1.3"
+ ecdh_curve = ""
+
+ cache {
+ enable = yes
+ lifetime = 24 # hours
+ name = "EAP module"
+ persist_dir = "${freeradius_tlscache_dir}"
+ store {
+ Tunnel-Private-Group-Id
+ }
+ }
+
+ verify { }
+
+ ocsp {
+ enable = no
+ }
+ }
+
+ tls {
+ tls = tls-common
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 00:14:17 -0400