StartupHook sub { require "/etc/radiator/CUI.pm" ; };
include %D/cui.cfg
<Client DEFAULT>
Secret tajemstvi
</Client>
<Client **10.0.1.1**> #AP01
Secret **tajemstvi123**
</Client>
<Client **10.0.1.2**> #AP02
Secret **tajemstvi213**
</Client>
<Client **10.0.1.3**> #AP03
Secret **tajemstvi321**
</Client>
# .
# .
# .
<Client radius1.eduroam.cz> # narodni radius server
Secret **tajemstvi231**
//**DupInterval 0**//
</Client>
<Client ermon.cesnet.cz> # monitoring
Secret **tajemstvi132**
//**DupInterval 0**//
</Client>
<Client **accounting.cesnet.cz**>
Secret **TAJEMSTVI**
</Client>
<ServerRADSEC>
Secret radsec
UseTLS
TLS_CAPath /etc/ssl/certs
TLS_CertificateFile /etc/ssl/certs/ipsec_**certifikat**.crt.pem
TLS_CertificateType PEM
TLS_PrivateKeyFile /etc/ssl/private/ipsec_**certifikat**.key.pem
TLS_RequireClientCert
TLS_CRLCheck
TLS_CRLFile /etc/ssl/certs/9b59ecad.r0
TLS_ExpectedPeerName radius1.eduroam.cz
</ServerRADSEC>
<Realm cesnet.cz>
.
.
.
</Realm>
<Handler attribute=value,attribute=value, ....>
.
.
.
</Handler>
<Handler Realm=/^$/>
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
</Handler>
<Handler Request-Type=Accounting-Request,
Realm=/^**cesnet\.cz**$|^**radius1\.cesnet\.cz**$/i>
AcctLogFileName /var/log/arch/radiator/radiator.**cesnet.cz**.%Y_%m_%d.acc
<AuthBy RADIUS>
<Host **accounting.cesnet.cz**>
AuthPort 1812
AcctPort 1813
Secret **TAJEMSTVI**
</Host>
</AuthBy>
PreProcessingHook sub { CUI::add(@_); };
#AccountingHandled
</Handler>
<Handler Realm=/^**cesnet\.cz**$|^**radius1\.cesnet\.cz**$/i>
AuthBy CheckLDAP
AuthLog authlogger
PostProcessingHook sub { CUI::add(@_); };
</Realm>
<Handler TunnelledByTTLS=1>
AuthBy CheckLDAP
AuthLog authlogger
PostProcessingHook file:"/etc/radiator/eap_acct_username.pl"
PostAuthHook sub { CUI::add(@_); };
</Handler>
<Handler TunnelledByPEAP=1>
AuthBy CheckLDAP
AuthLog authlogger
PostProcessingHook file:"/etc/radiator/eap_acct_username.pl"
PostAuthHook sub { CUI::add(@_); };
</Handler>
<Handler Request-Type=Accounting-Request>
AcctLogFileName /var/log/arch/radiator/radiator.global.%Y_%m_%d.acc
<AuthBy RADIUS>
<Host **accounting.cesnet.cz**>
AuthPort 1812
AcctPort 1813
Secret **TAJEMSTVI**
</Host>
</AuthBy>
PreProcessingHook sub { CUI::add(@_); };
</Handler>
<Handler Realm=/^.+$/>
<AuthBy RADSEC>
Host radius1.eduroam.cz
Secret radsec
MaxFailedRequests 2
MaxFailedGraceTime 0
FailureBackoffTime 0
UseTLS
TLS_CAPath /etc/ssl/certs
TLS_CertificateFile /etc/ssl/certs/ipsec_**certifikat**.crt.pem
TLS_CertificateType PEM
TLS_PrivateKeyFile /etc/ssl/private/ipsec_**certifikat**.key.pem
TLS_CRLCheck
TLS_CRLFile /etc/ssl/certs/9b59ecad.r0
TLS_ExpectedPeerName radius1.eduroam.cz
ReplyHook file:"/etc/radiator/check_reply.pl"
</AuthBy>
AddToReplyIfNotExist Tunnel-Private-Group-ID=1:1000
AddToReply Tunnel-Type=1:VLAN,\
Tunnel-Medium-Type=1:Ether_802
AddToRequestIfNotExists Operator-Name=1**cesnet.cz**
AddToRequest Chargeable-User-Identity=\000
</Handler>
<AuthBy LDAP2>
Identifier CheckLDAP
UsernameMatchesWithoutRealm yes
Host localhost
AuthDN **uid=rad,ou=Special Users,dc=cesnet,dc=cz**
AuthPassword **Tajemstvi**
BaseDN **dc=cesnet,dc=cz**
UsernameAttr uid
PasswordAttr **radiusPassword**
AuthAttrDef radiusTunnelPrivateGroupID, \
Tunnel-Private-Group-ID, reply
EAPType LEAP,PEAP,TTLS,MSCHAP-V2,MD5,MD5-Challenge
EAPTLS_CAPath /etc/ssl/certs/prazdny-adresar
EAPTLS_CertificateFile /etc/ssl/certs/radius1.cesnet.cz.crt
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/ssl/private/radius1.cesnet.cz.key
EAPTLS_MaxFragmentSize 1000
EAPTLS_CRLCheck
EAPTLS_CRLFile /etc/ssl/9b59ecad.r0
AutoMPPEKeys
EAPTLS_PEAPVersion 0
//**EAPAnonymous %n**//
SSLeayTrace 1
PostSearchHook file:"/etc/radiator/search_hook.pl"
AddToReplyIfNotExist Tunnel-Private-Group-ID=1:100
AddToReply Tunnel-Type=1:VLAN,\
Tunnel-Medium-Type=1:Ether_802
</AuthBy>
CESNET, z. s. p. o.
Generála Píky 26
160 00 Praha 6
info@cesnet.cz
Tel: +420 234 680 222
GSM: +420 602 252 531
support@cesnet.cz