From 6e2a5993ce470341bed0e0c6ba8e44de3712d50e Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Sat, 26 Oct 2024 00:07:03 -0400
Subject: more icinga stuff
---
.../sites-available/inner-tunnel.radius_server | 90 ++++++++++++++++++++++
1 file changed, 90 insertions(+)
create mode 100644 files/usr/local/etc/raddb/sites-available/inner-tunnel.radius_server
(limited to 'files/usr/local/etc/raddb/sites-available/inner-tunnel.radius_server')
diff --git a/files/usr/local/etc/raddb/sites-available/inner-tunnel.radius_server b/files/usr/local/etc/raddb/sites-available/inner-tunnel.radius_server
new file mode 100644
index 0000000..81b2a41
--- /dev/null
+++ b/files/usr/local/etc/raddb/sites-available/inner-tunnel.radius_server
@@ -0,0 +1,90 @@
+server inner-tunnel {
+ listen {
+ ipaddr = 127.0.0.1
+ port = 18120
+ type = auth
+ }
+
+ authorize {
+ filter_username
+ chap
+ suffix
+
+ update control {
+ &Proxy-To-Realm := LOCAL
+ }
+
+ eap {
+ ok = return
+ }
+
+ ldap
+ if (ok || updated) {
+ update {
+ control:Auth-Type := ldap
+ }
+ }
+
+ expiration
+ logintime
+ pap
+ }
+
+ authenticate {
+ Auth-Type PAP {
+ pap
+ }
+
+ Auth-Type CHAP {
+ chap
+ }
+
+ Auth-Type LDAP {
+ ldap
+ }
+
+ eap
+ }
+
+ session {
+ radutmp
+ }
+
+
+ post-auth {
+ -sql
+ update reply {
+ User-Name !* ANY
+ Message-Authenticator !* ANY
+ EAP-Message !* ANY
+ Proxy-State !* ANY
+ MS-MPPE-Encryption-Types !* ANY
+ MS-MPPE-Encryption-Policy !* ANY
+ MS-MPPE-Send-Key !* ANY
+ MS-MPPE-Recv-Key !* ANY
+ }
+
+ update {
+ &outer.session-state: += &reply:
+ }
+
+ Post-Auth-Type REJECT {
+ -sql
+ attr_filter.access_reject
+
+ update outer.session-state {
+ &Module-Failure-Message := &request:Module-Failure-Message
+ }
+ }
+
+ if (LDAP-Group != "${wifi_access_role}") {
+ reject
+ }
+ }
+
+ pre-proxy { }
+
+ post-proxy {
+ eap
+ }
+}
--
cgit v1.2.3