StartupHook sub { require "/etc/radiator/CUI.pm" ; }; include %D/cui.cfg <Client DEFAULT> Secret tajemstvi </Client> <Client **10.0.1.1**> #AP01 Secret **tajemstvi123** </Client> <Client **10.0.1.2**> #AP02 Secret **tajemstvi213** </Client> <Client **10.0.1.3**> #AP03 Secret **tajemstvi321** </Client> # . # . # . <Client radius1.eduroam.cz> # narodni radius server Secret **tajemstvi231** //**DupInterval 0**// </Client> <Client ermon.cesnet.cz> # monitoring Secret **tajemstvi132** //**DupInterval 0**// </Client> <Client **accounting.cesnet.cz**> Secret **TAJEMSTVI** </Client> <ServerRADSEC> Secret radsec UseTLS TLS_CAPath /etc/ssl/certs TLS_CertificateFile /etc/ssl/certs/ipsec_**certifikat**.crt.pem TLS_CertificateType PEM TLS_PrivateKeyFile /etc/ssl/private/ipsec_**certifikat**.key.pem TLS_RequireClientCert TLS_CRLCheck TLS_CRLFile /etc/ssl/certs/9b59ecad.r0 TLS_ExpectedPeerName radius1.eduroam.cz </ServerRADSEC> <Realm cesnet.cz> . . . </Realm> <Handler attribute=value,attribute=value, ....> . . . </Handler> <Handler Realm=/^$/> <AuthBy INTERNAL> DefaultResult REJECT </AuthBy> </Handler> <Handler Request-Type=Accounting-Request, Realm=/^**cesnet\.cz**$|^**radius1\.cesnet\.cz**$/i> AcctLogFileName /var/log/arch/radiator/radiator.**cesnet.cz**.%Y_%m_%d.acc <AuthBy RADIUS> <Host **accounting.cesnet.cz**> AuthPort 1812 AcctPort 1813 Secret **TAJEMSTVI** </Host> </AuthBy> PreProcessingHook sub { CUI::add(@_); }; #AccountingHandled </Handler> <Handler Realm=/^**cesnet\.cz**$|^**radius1\.cesnet\.cz**$/i> AuthBy CheckLDAP AuthLog authlogger PostProcessingHook sub { CUI::add(@_); }; </Realm> <Handler TunnelledByTTLS=1> AuthBy CheckLDAP AuthLog authlogger PostProcessingHook file:"/etc/radiator/eap_acct_username.pl" PostAuthHook sub { CUI::add(@_); }; </Handler> <Handler TunnelledByPEAP=1> AuthBy CheckLDAP AuthLog authlogger PostProcessingHook file:"/etc/radiator/eap_acct_username.pl" PostAuthHook sub { CUI::add(@_); }; </Handler> <Handler Request-Type=Accounting-Request> AcctLogFileName /var/log/arch/radiator/radiator.global.%Y_%m_%d.acc <AuthBy RADIUS> <Host **accounting.cesnet.cz**> AuthPort 1812 AcctPort 1813 Secret **TAJEMSTVI** </Host> </AuthBy> PreProcessingHook sub { CUI::add(@_); }; </Handler> <Handler Realm=/^.+$/> <AuthBy RADSEC> Host radius1.eduroam.cz Secret radsec MaxFailedRequests 2 MaxFailedGraceTime 0 FailureBackoffTime 0 UseTLS TLS_CAPath /etc/ssl/certs TLS_CertificateFile /etc/ssl/certs/ipsec_**certifikat**.crt.pem TLS_CertificateType PEM TLS_PrivateKeyFile /etc/ssl/private/ipsec_**certifikat**.key.pem TLS_CRLCheck TLS_CRLFile /etc/ssl/certs/9b59ecad.r0 TLS_ExpectedPeerName radius1.eduroam.cz ReplyHook file:"/etc/radiator/check_reply.pl" </AuthBy> AddToReplyIfNotExist Tunnel-Private-Group-ID=1:1000 AddToReply Tunnel-Type=1:VLAN,\ Tunnel-Medium-Type=1:Ether_802 AddToRequestIfNotExists Operator-Name=1**cesnet.cz** AddToRequest Chargeable-User-Identity=\000 </Handler> <AuthBy LDAP2> Identifier CheckLDAP UsernameMatchesWithoutRealm yes Host localhost AuthDN **uid=rad,ou=Special Users,dc=cesnet,dc=cz** AuthPassword **Tajemstvi** BaseDN **dc=cesnet,dc=cz** UsernameAttr uid PasswordAttr **radiusPassword** AuthAttrDef radiusTunnelPrivateGroupID, \ Tunnel-Private-Group-ID, reply EAPType LEAP,PEAP,TTLS,MSCHAP-V2,MD5,MD5-Challenge EAPTLS_CAPath /etc/ssl/certs/prazdny-adresar EAPTLS_CertificateFile /etc/ssl/certs/radius1.cesnet.cz.crt EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile /etc/ssl/private/radius1.cesnet.cz.key EAPTLS_MaxFragmentSize 1000 EAPTLS_CRLCheck EAPTLS_CRLFile /etc/ssl/9b59ecad.r0 AutoMPPEKeys EAPTLS_PEAPVersion 0 //**EAPAnonymous %n**// SSLeayTrace 1 PostSearchHook file:"/etc/radiator/search_hook.pl" AddToReplyIfNotExist Tunnel-Private-Group-ID=1:100 AddToReply Tunnel-Type=1:VLAN,\ Tunnel-Medium-Type=1:Ether_802 </AuthBy>
CESNET, z. s. p. o.
Generála Píky 26
160 00 Praha 6
info@cesnet.cz
Tel: +420 234 680 222
GSM: +420 602 252 531
support@cesnet.cz