cs:spravce:pripojovani:radius:radiator:radius.cfg

StartupHook sub { require "/etc/radiator/CUI.pm" ; };
include %D/cui.cfg

<Client DEFAULT>
	Secret		tajemstvi
</Client>

<Client **10.0.1.1**> #AP01
        Secret          **tajemstvi123**
</Client>
<Client **10.0.1.2**> #AP02
        Secret          **tajemstvi213**
</Client>
<Client **10.0.1.3**> #AP03
        Secret          **tajemstvi321**
</Client>
#  .
#  .
#  .

<Client radius1.eduroam.cz> # narodni radius server
        Secret          **tajemstvi231**
	//**DupInterval	0**//
</Client>

<Client ermon.cesnet.cz> # monitoring
	Secret		**tajemstvi132**
	//**DupInterval	0**//
</Client>

<Client **accounting.cesnet.cz**>
	Secret		**TAJEMSTVI**
</Client>

<ServerRADSEC>
        Secret radsec

        UseTLS
        TLS_CAPath              /etc/ssl/certs
        TLS_CertificateFile     /etc/ssl/certs/ipsec_**certifikat**.crt.pem
        TLS_CertificateType     PEM
        TLS_PrivateKeyFile      /etc/ssl/private/ipsec_**certifikat**.key.pem
        
        TLS_RequireClientCert

	TLS_CRLCheck
	TLS_CRLFile		/etc/ssl/certs/9b59ecad.r0
	TLS_ExpectedPeerName	radius1.eduroam.cz
</ServerRADSEC>

<Realm cesnet.cz>
.
.
.
</Realm>

<Handler attribute=value,attribute=value, ....>
.
.
.
</Handler>

<Handler Realm=/^$/>
	<AuthBy INTERNAL>
		DefaultResult REJECT
	</AuthBy>
</Handler>

<Handler Request-Type=Accounting-Request,
         Realm=/^**cesnet\.cz**$|^**radius1\.cesnet\.cz**$/i>

  AcctLogFileName	/var/log/arch/radiator/radiator.**cesnet.cz**.%Y_%m_%d.acc

  <AuthBy RADIUS>
    <Host **accounting.cesnet.cz**>
       AuthPort        	1812
       AcctPort        	1813
       Secret          	**TAJEMSTVI**
    </Host>
  </AuthBy>

  PreProcessingHook sub { CUI::add(@_); };
  #AccountingHandled
</Handler>

<Handler Realm=/^**cesnet\.cz**$|^**radius1\.cesnet\.cz**$/i>
  AuthBy		CheckLDAP
  AuthLog 		authlogger
  PostProcessingHook    sub { CUI::add(@_); };
</Realm>

<Handler TunnelledByTTLS=1>
  AuthBy		CheckLDAP
  AuthLog		authlogger

  PostProcessingHook 	file:"/etc/radiator/eap_acct_username.pl"
  PostAuthHook          sub { CUI::add(@_); };
</Handler>

<Handler TunnelledByPEAP=1>
  AuthBy		CheckLDAP
  AuthLog		authlogger

  PostProcessingHook 	file:"/etc/radiator/eap_acct_username.pl"
  PostAuthHook          sub { CUI::add(@_); };
</Handler>


<Handler Request-Type=Accounting-Request>
  AcctLogFileName	/var/log/arch/radiator/radiator.global.%Y_%m_%d.acc

  <AuthBy RADIUS>
    <Host **accounting.cesnet.cz**>
       AuthPort        	  1812
       AcctPort        	  1813
       Secret          	  **TAJEMSTVI**
    </Host>
  </AuthBy>

  PreProcessingHook sub { CUI::add(@_); };
</Handler>

<Handler Realm=/^.+$/>
        <AuthBy RADSEC>
                Host                    radius1.eduroam.cz
                Secret                  radsec

                MaxFailedRequests       2
                MaxFailedGraceTime      0
                FailureBackoffTime      0

                UseTLS

                TLS_CAPath              /etc/ssl/certs
                TLS_CertificateFile     /etc/ssl/certs/ipsec_**certifikat**.crt.pem
                TLS_CertificateType     PEM
                TLS_PrivateKeyFile      /etc/ssl/private/ipsec_**certifikat**.key.pem

	        TLS_CRLCheck
	        TLS_CRLFile		/etc/ssl/certs/9b59ecad.r0
	        TLS_ExpectedPeerName	radius1.eduroam.cz

    ReplyHook file:"/etc/radiator/check_reply.pl"
  </AuthBy>

  AddToReplyIfNotExist    Tunnel-Private-Group-ID=1:1000
  AddToReply		  Tunnel-Type=1:VLAN,\
			  Tunnel-Medium-Type=1:Ether_802
  AddToRequestIfNotExists Operator-Name=1**cesnet.cz**
  AddToRequest            Chargeable-User-Identity=\000
</Handler>

<AuthBy LDAP2>
  Identifier              CheckLDAP

  UsernameMatchesWithoutRealm yes

  Host		          localhost

  AuthDN		  **uid=rad,ou=Special Users,dc=cesnet,dc=cz**
  AuthPassword		  **Tajemstvi**

  BaseDN		  **dc=cesnet,dc=cz**
  UsernameAttr		  uid
  PasswordAttr		  **radiusPassword**
  AuthAttrDef	          radiusTunnelPrivateGroupID, \
  			  Tunnel-Private-Group-ID, reply

  EAPType		  LEAP,PEAP,TTLS,MSCHAP-V2,MD5,MD5-Challenge
  EAPTLS_CAPath		  /etc/ssl/certs/prazdny-adresar
  EAPTLS_CertificateFile  /etc/ssl/certs/radius1.cesnet.cz.crt
  EAPTLS_CertificateType  PEM
  EAPTLS_PrivateKeyFile   /etc/ssl/private/radius1.cesnet.cz.key
  EAPTLS_MaxFragmentSize  1000
  EAPTLS_CRLCheck
  EAPTLS_CRLFile	  /etc/ssl/9b59ecad.r0
  AutoMPPEKeys
  EAPTLS_PEAPVersion	  0
  //**EAPAnonymous            %n**//
  SSLeayTrace		  1

  PostSearchHook	  file:"/etc/radiator/search_hook.pl"

  AddToReplyIfNotExist	  Tunnel-Private-Group-ID=1:100
  AddToReply		  Tunnel-Type=1:VLAN,\
  			  Tunnel-Medium-Type=1:Ether_802
</AuthBy>
Last modified:: 2018/09/20 17:18